From fb0d766958fa0d0448a0049ea6b8b0bcda79a907 Mon Sep 17 00:00:00 2001 From: OJ Date: Tue, 29 Sep 2015 20:48:29 +1000 Subject: [PATCH] First pass of the python extension for windows meterpreter This includes the basic construct for the python extension, and allows for single-shot commands to be run. --- .../meterpreter/extensions/python/python.rb | 52 ++++++++++++++++ .../post/meterpreter/extensions/python/tlv.rb | 15 +++++ .../ui/console/command_dispatcher/python.rb | 60 +++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 lib/rex/post/meterpreter/extensions/python/python.rb create mode 100644 lib/rex/post/meterpreter/extensions/python/tlv.rb create mode 100644 lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb diff --git a/lib/rex/post/meterpreter/extensions/python/python.rb b/lib/rex/post/meterpreter/extensions/python/python.rb new file mode 100644 index 0000000000..5b81d88217 --- /dev/null +++ b/lib/rex/post/meterpreter/extensions/python/python.rb @@ -0,0 +1,52 @@ +# -*- coding: binary -*- + +require 'rex/post/meterpreter/extensions/python/tlv' +require 'set' + +module Rex +module Post +module Meterpreter +module Extensions +module Python + +### +# +# Python extension - gives remote python scripting capabilities on the target. +# +### + +class Python < Extension + + # + # Typical extension initialization routine. + # + # @param client (see Extension#initialize) + def initialize(client) + super(client, 'python') + + client.register_extension_aliases( + [ + { + 'name' => 'python', + 'ext' => self + } + ]) + end + + # + # Dump the LSA secrets from the target machine. + # + # @return [Hash] + def execute_string(code) + request = Packet.create_request('python_execute_string') + request.add_tlv(TLV_TYPE_PYTHON_STRING, code) + + response = client.send_request(request) + + response.get_tlv_value(TLV_TYPE_PYTHON_OUTPUT) + end + +end + +end; end; end; end; end + diff --git a/lib/rex/post/meterpreter/extensions/python/tlv.rb b/lib/rex/post/meterpreter/extensions/python/tlv.rb new file mode 100644 index 0000000000..560c302e10 --- /dev/null +++ b/lib/rex/post/meterpreter/extensions/python/tlv.rb @@ -0,0 +1,15 @@ +# -*- coding: binary -*- +module Rex +module Post +module Meterpreter +module Extensions +module Python + +TLV_TYPE_PYTHON_STRING = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1) +TLV_TYPE_PYTHON_OUTPUT = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2) + +end +end +end +end +end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb new file mode 100644 index 0000000000..bf9ab4cf18 --- /dev/null +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb @@ -0,0 +1,60 @@ +# -*- coding: binary -*- +require 'rex/post/meterpreter' + +module Rex +module Post +module Meterpreter +module Ui + +### +# +# Python extension - interact with a python interpreter +# +### +class Console::CommandDispatcher::Python + + Klass = Console::CommandDispatcher::Python + + include Console::CommandDispatcher + + # + # Name for this dispatcher + # + def name + 'Python' + end + + # + # List of supported commands. + # + def commands + { + 'python_execute' => 'Execute a python command string' + } + end + + def python_execute_usage + print_line('Usage: python_execute [python code]') + print_line + print_line('Runs the given python string on the target and returns the output.') + end + + # + # Execute a simple python command string + # + def cmd_python_execute(*args) + if args.length == 0 + python_execute_usage + return false + end + + client.python.execute_string(args[0]) + end + +end + +end +end +end +end +