diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb index 8b44869558..a4cbe258b7 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb @@ -36,6 +36,18 @@ class Process < Rex::Post::Process attr_accessor :client end + # Returns the process identifier of the process supplied in key if it's + # valid + def Process.[](key) + each_process { |p| + if (p['name'].downcase == key.downcase) + return p['pid'] + end + } + + return nil + end + # Attachs to the supplied process with a given set of permissions def Process.attach(pid = nil, perms = nil) real_perms = 0 @@ -98,6 +110,31 @@ class Process < Rex::Post::Process return response.get_tlv_value(TLV_TYPE_PID) end + # Enumerates all of the elements in the array returned by get_processes + def Process.each_process(&block) + self.get_processes.each(&block) + end + + # Returns an array of processes with hash objects that have + # keys for 'pid', 'name', and 'path'. + def Process.get_processes + request = Packet.create_request('stdapi_sys_process_get_processes') + processes = [] + + response = client.send_request(request) + + response.each(TLV_TYPE_PROCESS_GROUP) { |p| + processes << + { + 'pid' => p.get_tlv_value(TLV_TYPE_PID), + 'name' => p.get_tlv_value(TLV_TYPE_PROCESS_NAME), + 'path' => p.get_tlv_value(TLV_TYPE_PROCESS_PATH), + } + } + + return processes + end + ## # @@ -105,6 +142,7 @@ class Process < Rex::Post::Process # ## + # Initializes the process instance and its aliases def initialize(handle) self.client = self.class.client self.handle = handle @@ -115,6 +153,18 @@ class Process < Rex::Post::Process }) end + # Closes the handle to the process that was opened + def close + request = Packet.create_request('stdapi_sys_process_close') + + request.add_tlv(TLV_TYPE_HANDLE, handle) + + response = client.send_request(request) + + handle = nil; + + return true + end attr_reader :client, :handle protected diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb index ccb4c0c6e3..4d4a1ade7e 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb @@ -42,6 +42,9 @@ TLV_TYPE_MEMORY_STATE = TLV_META_TYPE_UINT | 2006 TLV_TYPE_MEMORY_TYPE = TLV_META_TYPE_UINT | 2007 TLV_TYPE_ALLOC_PROTECTION = TLV_META_TYPE_UINT | 2008 TLV_TYPE_PID = TLV_META_TYPE_UINT | 2300 +TLV_TYPE_PROCESS_NAME = TLV_META_TYPE_STRING | 2301 +TLV_TYPE_PROCESS_PATH = TLV_META_TYPE_STRING | 2302 +TLV_TYPE_PROCESS_GROUP = TLV_META_TYPE_GROUP | 2303 ## # diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb index e1c65cf5dc..1440ae633a 100644 --- a/lib/rex/post/meterpreter/packet.rb +++ b/lib/rex/post/meterpreter/packet.rb @@ -150,7 +150,7 @@ class Tlv if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING) if (raw.length > 0) - self.value = raw[8..-2] + self.value = raw[8..length-2] else self.value = nil end @@ -335,13 +335,18 @@ class GroupTlv < Tlv self.type = raw.unpack("NN")[1] # Enumerate all of the TLVs - while (offset < raw.length) + while (offset < raw.length-1) + + tlv = nil # Get the length and type length, type = raw[offset..offset+8].unpack("NN") - # Create the TLV and serialize it - tlv = Tlv.new(type) + if (type & TLV_META_TYPE_GROUP == TLV_META_TYPE_GROUP) + tlv = GroupTlv.new(type) + else + tlv = Tlv.new(type) + end tlv.from_r(raw[offset..offset+length]) diff --git a/lib/rex/post/meterpreter/packet_response_waiter.rb b/lib/rex/post/meterpreter/packet_response_waiter.rb index 65dfeeb75a..c38cf9c272 100644 --- a/lib/rex/post/meterpreter/packet_response_waiter.rb +++ b/lib/rex/post/meterpreter/packet_response_waiter.rb @@ -21,7 +21,7 @@ class PacketResponseWaiter # Initializes a response waiter instance for the supplied request # identifier def initialize(rid, completion_routine = nil, completion_param = nil) - self.rid = rid + self.rid = rid.dup self.response = nil if (completion_routine)