mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-12 12:14:29 +01:00
Add error message return support
The errors returned still aren't nice though.
This commit is contained in:
OJ
parent
0472814b7f
commit
da194e07b4
c/meterpreter/source/extensions/extapi
@ -56,5 +56,6 @@
|
||||
#define TLV_TYPE_EXT_WMI_VALUE MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_EXTAPI, TLV_EXTENSIONS + 68)
|
||||
#define TLV_TYPE_EXT_WMI_FIELDS MAKE_CUSTOM_TLV(TLV_META_TYPE_GROUP, TLV_TYPE_EXTENSION_EXTAPI, TLV_EXTENSIONS + 69)
|
||||
#define TLV_TYPE_EXT_WMI_VALUES MAKE_CUSTOM_TLV(TLV_META_TYPE_GROUP, TLV_TYPE_EXTENSION_EXTAPI, TLV_EXTENSIONS + 70)
|
||||
#define TLV_TYPE_EXT_WMI_ERROR MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_EXTAPI, TLV_EXTENSIONS + 71)
|
||||
|
||||
#endif
|
||||
|
||||
@ -18,7 +18,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
||||
{
|
||||
DWORD dwResult = ERROR_SUCCESS;
|
||||
LPSTR lpValue = NULL;
|
||||
LPWSTR lpwDomain = NULL;
|
||||
LPWSTR lpwRoot = NULL;
|
||||
LPWSTR lpwQuery = NULL;
|
||||
Packet * response = packet_create_response(packet);
|
||||
|
||||
@ -33,10 +33,10 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
||||
|
||||
if (!lpValue)
|
||||
{
|
||||
lpValue = "CIMV2";
|
||||
lpValue = "root\\CIMV2";
|
||||
}
|
||||
dprintf("[EXTAPI WMI] Domain: %s", lpValue);
|
||||
dwResult = to_wide_string(lpValue, &lpwDomain);
|
||||
dwResult = to_wide_string(lpValue, &lpwRoot);
|
||||
if (dwResult != ERROR_SUCCESS)
|
||||
{
|
||||
dprintf("[EXTAPI WMI] Failed to get Domain");
|
||||
@ -53,7 +53,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
||||
}
|
||||
|
||||
dprintf("[EXTAPI WMI] Beginning WMI query enumeration");
|
||||
dwResult = wmi_query(lpwDomain, lpwQuery, response);
|
||||
dwResult = wmi_query(lpwRoot, lpwQuery, response);
|
||||
dprintf("[EXTAPI WMI] Result of processing: %u (0x%x)", dwResult, dwResult);
|
||||
} while (0);
|
||||
|
||||
@ -62,9 +62,9 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
||||
free(lpwQuery);
|
||||
}
|
||||
|
||||
if (lpwDomain)
|
||||
if (lpwRoot)
|
||||
{
|
||||
free(lpwDomain);
|
||||
free(lpwRoot);
|
||||
}
|
||||
|
||||
dprintf("[EXTAPI WMI] Transmitting response back to caller.");
|
||||
|
||||
@ -10,6 +10,7 @@ extern "C" {
|
||||
}
|
||||
#include <WbemCli.h>
|
||||
#include <comutil.h>
|
||||
#include <comdef.h>
|
||||
|
||||
#pragma comment(lib, "wbemuuid.lib")
|
||||
#pragma comment(lib, "comsuppw.lib")
|
||||
@ -218,16 +219,13 @@ char* variant_to_string(_variant_t& v, char* buffer, DWORD bufferSize)
|
||||
|
||||
/*!
|
||||
* @brief Perform a WMI query.
|
||||
* @param lpwDomain Name of the domain that is to be queried.
|
||||
* @param lpwRoot Name of the root object that is to be queried against.
|
||||
* @param lpwQuery The filter to use when reading objects (LDAP style).
|
||||
* @param response The response \c Packet to add the results to.
|
||||
*/
|
||||
DWORD wmi_query(LPCWSTR lpwDomain, LPWSTR lpwQuery, Packet* response)
|
||||
DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
||||
{
|
||||
HRESULT hResult;
|
||||
WCHAR cbPath[PATH_SIZE];
|
||||
|
||||
swprintf_s(cbPath, PATH_SIZE - 1, L"root\\%s", lpwDomain);
|
||||
|
||||
dprintf("[WMI] Initialising COM");
|
||||
if ((hResult = CoInitializeEx(NULL, COINIT_MULTITHREADED)) == S_OK)
|
||||
@ -258,9 +256,9 @@ DWORD wmi_query(LPCWSTR lpwDomain, LPWSTR lpwQuery, Packet* response)
|
||||
}
|
||||
dprintf("[WMI] WbemLocator created.");
|
||||
|
||||
if (FAILED(hResult = pLocator->ConnectServer(cbPath, NULL, NULL, NULL, WBEM_FLAG_CONNECT_USE_MAX_WAIT, NULL, NULL, &pServices)))
|
||||
if (FAILED(hResult = pLocator->ConnectServer(_bstr_t(lpwRoot), NULL, NULL, NULL, WBEM_FLAG_CONNECT_USE_MAX_WAIT, NULL, NULL, &pServices)))
|
||||
{
|
||||
dprintf("[WMI] Failed to create WbemServices at %S: %x", cbPath, hResult);
|
||||
dprintf("[WMI] Failed to create WbemServices at %S: %x", lpwRoot, hResult);
|
||||
break;
|
||||
}
|
||||
dprintf("[WMI] WbemServices created.");
|
||||
@ -432,10 +430,6 @@ DWORD wmi_query(LPCWSTR lpwDomain, LPWSTR lpwQuery, Packet* response)
|
||||
if (SUCCEEDED(hResult))
|
||||
{
|
||||
hResult = S_OK;
|
||||
}
|
||||
|
||||
if (hResult == S_OK)
|
||||
{
|
||||
dprintf("[WMI] Things appeard to go well!");
|
||||
}
|
||||
}
|
||||
@ -444,5 +438,18 @@ DWORD wmi_query(LPCWSTR lpwDomain, LPWSTR lpwQuery, Packet* response)
|
||||
dprintf("[WMI] Failed to initialize COM");
|
||||
}
|
||||
|
||||
if (FAILED(hResult))
|
||||
{
|
||||
// if we failed, we're going to convert the error to a string, add it and still return success, but we'll
|
||||
// also include the hresult.
|
||||
char errorMessage[1024];
|
||||
memset(errorMessage, 0, 1024);
|
||||
_com_error comError(hResult);
|
||||
_snprintf_s(errorMessage, 1024, 1023, "%s (0x%x)", comError.ErrorMessage(), hResult);
|
||||
dprintf("[WMI] returning error -> %s", errorMessage);
|
||||
packet_add_tlv_string(response, TLV_TYPE_EXT_WMI_ERROR, errorMessage);
|
||||
hResult = S_OK;
|
||||
}
|
||||
|
||||
return (DWORD)hResult;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user