class Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config

This class provides access to remote system configuration and information.

Constants

SYSTEM_SID

Attributes

client[RW]

Public Class Methods

new(client) click to toggle source
# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 24
def initialize(client)
  self.client = client
end

Public Instance Methods

drop_token() click to toggle source

Drops any assumed token

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 121
def drop_token
  req = Packet.create_request('stdapi_sys_config_drop_token')
  res = client.send_request(req)
  client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end
getenv(var_name) click to toggle source

Returns the value of a single requested environment variable name

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 79
def getenv(var_name)
  _, value = getenvs(var_name).first
  value
end
getenvs(*var_names) click to toggle source

Returns a hash of requested environment variables, along with their values. If a requested value doesn't exist in the response, then the value wasn't found.

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 57
def getenvs(*var_names)
  request = Packet.create_request('stdapi_sys_config_getenv')

  var_names.each do |v|
    request.add_tlv(TLV_TYPE_ENV_VARIABLE, v)
  end

  response = client.send_request(request)
  result = {}

  response.each(TLV_TYPE_ENV_GROUP) do |env|
    var_name = env.get_tlv_value(TLV_TYPE_ENV_VARIABLE)
    var_value = env.get_tlv_value(TLV_TYPE_ENV_VALUE)
    result[var_name] = var_value
  end

  result
end
getprivs() click to toggle source

Enables all possible privileges

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 130
def getprivs
  req = Packet.create_request('stdapi_sys_config_getprivs')
  ret = []
  res = client.send_request(req)
  res.each(TLV_TYPE_PRIVILEGE) do |p|
    ret << p.value
  end
  ret
end
getsid() click to toggle source

Gets the SID of the current process/thread.

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 40
def getsid
  request = Packet.create_request('stdapi_sys_config_getsid')
  response = client.send_request(request)
  response.get_tlv_value(TLV_TYPE_SID)
end
getuid() click to toggle source

Returns the username that the remote side is running as.

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 31
def getuid
  request  = Packet.create_request('stdapi_sys_config_getuid')
  response = client.send_request(request)
  client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
end
is_system?() click to toggle source

Determine if the current process/thread is running as SYSTEM

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 49
def is_system?
  getsid == SYSTEM_SID
end
revert_to_self() click to toggle source

Calls RevertToSelf on the remote machine.

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 104
def revert_to_self
  client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
end
steal_token(pid) click to toggle source

Steals the primary token from a target process

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 111
def steal_token(pid)
  req = Packet.create_request('stdapi_sys_config_steal_token')
  req.add_tlv(TLV_TYPE_PID, pid.to_i)
  res = client.send_request(req)
  client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end
sysinfo() click to toggle source

Returns a hash of information about the remote computer.

# File lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb, line 87
def sysinfo
  request  = Packet.create_request('stdapi_sys_config_sysinfo')
  response = client.send_request(request)

  {
    'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
    'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
    'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
    'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
    'Domain'          => response.get_tlv_value(TLV_TYPE_DOMAIN),
    'Logged On Users' => response.get_tlv_value(TLV_TYPE_LOGGED_ON_USER_COUNT)
  }
end