adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Post/Windows/Lsa.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1127 lines
64 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Post::Windows::Lsa
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Post::Windows::Lsa";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (L)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Post.html" title="Msf::Post (class)">Post</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Windows.html" title="Msf::Post::Windows (module)">Windows</a></span></span>
&raquo;
<span class="title">Lsa</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Post::Windows::Lsa
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/post/windows/lsa.rb</dd>
</dl>
</div>
<h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="Lsa/KERB_CRYPTO_KEY_x64.html" title="Msf::Post::Windows::Lsa::KERB_CRYPTO_KEY_x64 (class)">KERB_CRYPTO_KEY_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_CRYPTO_KEY_x86.html" title="Msf::Post::Windows::Lsa::KERB_CRYPTO_KEY_x86 (class)">KERB_CRYPTO_KEY_x86</a></span>, <span class='object_link'><a href="Lsa/KERB_EXTERNAL_TICKET_x64.html" title="Msf::Post::Windows::Lsa::KERB_EXTERNAL_TICKET_x64 (class)">KERB_EXTERNAL_TICKET_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_EXTERNAL_TICKET_x86.html" title="Msf::Post::Windows::Lsa::KERB_EXTERNAL_TICKET_x86 (class)">KERB_EXTERNAL_TICKET_x86</a></span>, <span class='object_link'><a href="Lsa/KERB_QUERY_TKT_CACHE_REQUEST.html" title="Msf::Post::Windows::Lsa::KERB_QUERY_TKT_CACHE_REQUEST (class)">KERB_QUERY_TKT_CACHE_REQUEST</a></span>, <span class='object_link'><a href="Lsa/KERB_QUERY_TKT_CACHE_RESPONSE_x64.html" title="Msf::Post::Windows::Lsa::KERB_QUERY_TKT_CACHE_RESPONSE_x64 (class)">KERB_QUERY_TKT_CACHE_RESPONSE_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_QUERY_TKT_CACHE_RESPONSE_x86.html" title="Msf::Post::Windows::Lsa::KERB_QUERY_TKT_CACHE_RESPONSE_x86 (class)">KERB_QUERY_TKT_CACHE_RESPONSE_x86</a></span>, <span class='object_link'><a href="Lsa/KERB_RETRIEVE_TKT_REQUEST_x64.html" title="Msf::Post::Windows::Lsa::KERB_RETRIEVE_TKT_REQUEST_x64 (class)">KERB_RETRIEVE_TKT_REQUEST_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_RETRIEVE_TKT_REQUEST_x86.html" title="Msf::Post::Windows::Lsa::KERB_RETRIEVE_TKT_REQUEST_x86 (class)">KERB_RETRIEVE_TKT_REQUEST_x86</a></span>, <span class='object_link'><a href="Lsa/KERB_RETRIEVE_TKT_RESPONSE_x64.html" title="Msf::Post::Windows::Lsa::KERB_RETRIEVE_TKT_RESPONSE_x64 (class)">KERB_RETRIEVE_TKT_RESPONSE_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_RETRIEVE_TKT_RESPONSE_x86.html" title="Msf::Post::Windows::Lsa::KERB_RETRIEVE_TKT_RESPONSE_x86 (class)">KERB_RETRIEVE_TKT_RESPONSE_x86</a></span>, <span class='object_link'><a href="Lsa/KERB_TICKET_CACHE_INFO_EX_x64.html" title="Msf::Post::Windows::Lsa::KERB_TICKET_CACHE_INFO_EX_x64 (class)">KERB_TICKET_CACHE_INFO_EX_x64</a></span>, <span class='object_link'><a href="Lsa/KERB_TICKET_CACHE_INFO_EX_x86.html" title="Msf::Post::Windows::Lsa::KERB_TICKET_CACHE_INFO_EX_x86 (class)">KERB_TICKET_CACHE_INFO_EX_x86</a></span>, <span class='object_link'><a href="Lsa/LSA_LAST_INTER_LOGON_INFO.html" title="Msf::Post::Windows::Lsa::LSA_LAST_INTER_LOGON_INFO (class)">LSA_LAST_INTER_LOGON_INFO</a></span>, <span class='object_link'><a href="Lsa/LSA_STRING_x64.html" title="Msf::Post::Windows::Lsa::LSA_STRING_x64 (class)">LSA_STRING_x64</a></span>, <span class='object_link'><a href="Lsa/LSA_STRING_x86.html" title="Msf::Post::Windows::Lsa::LSA_STRING_x86 (class)">LSA_STRING_x86</a></span>, <span class='object_link'><a href="Lsa/LSA_UNICODE_STRING_x64.html" title="Msf::Post::Windows::Lsa::LSA_UNICODE_STRING_x64 (class)">LSA_UNICODE_STRING_x64</a></span>, <span class='object_link'><a href="Lsa/LSA_UNICODE_STRING_x86.html" title="Msf::Post::Windows::Lsa::LSA_UNICODE_STRING_x86 (class)">LSA_UNICODE_STRING_x86</a></span>, <span class='object_link'><a href="Lsa/LsaPointer.html" title="Msf::Post::Windows::Lsa::LsaPointer (class)">LsaPointer</a></span>, <span class='object_link'><a href="Lsa/SECURITY_LOGON_SESSION_DATA_x64.html" title="Msf::Post::Windows::Lsa::SECURITY_LOGON_SESSION_DATA_x64 (class)">SECURITY_LOGON_SESSION_DATA_x64</a></span>, <span class='object_link'><a href="Lsa/SECURITY_LOGON_SESSION_DATA_x86.html" title="Msf::Post::Windows::Lsa::SECURITY_LOGON_SESSION_DATA_x86 (class)">SECURITY_LOGON_SESSION_DATA_x86</a></span>, <span class='object_link'><a href="Lsa/TOKEN_STATISTICS.html" title="Msf::Post::Windows::Lsa::TOKEN_STATISTICS (class)">TOKEN_STATISTICS</a></span>, <span class='object_link'><a href="Lsa/UNICODE_STRING_x64.html" title="Msf::Post::Windows::Lsa::UNICODE_STRING_x64 (class)">UNICODE_STRING_x64</a></span>, <span class='object_link'><a href="Lsa/UNICODE_STRING_x86.html" title="Msf::Post::Windows::Lsa::UNICODE_STRING_x86 (class)">UNICODE_STRING_x86</a></span>
</p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_call_authentication_package-instance_method" title="#lsa_call_authentication_package (instance method)">#<strong>lsa_call_authentication_package</strong>(handle, auth_package, submit_buffer, submit_buffer_length: nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_connect_untrusted-instance_method" title="#lsa_connect_untrusted (instance method)">#<strong>lsa_connect_untrusted</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_deregister_logon_process-instance_method" title="#lsa_deregister_logon_process (instance method)">#<strong>lsa_deregister_logon_process</strong>(handle) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_enumerate_logon_sessions-instance_method" title="#lsa_enumerate_logon_sessions (instance method)">#<strong>lsa_enumerate_logon_sessions</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_get_logon_session_data-instance_method" title="#lsa_get_logon_session_data (instance method)">#<strong>lsa_get_logon_session_data</strong>(luid) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_lookup_authentication_package-instance_method" title="#lsa_lookup_authentication_package (instance method)">#<strong>lsa_lookup_authentication_package</strong>(handle, package_name) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_nt_status_to_win_error-instance_method" title="#lsa_nt_status_to_win_error (instance method)">#<strong>lsa_nt_status_to_win_error</strong>(nt_status) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_register_logon_process-instance_method" title="#lsa_register_logon_process (instance method)">#<strong>lsa_register_logon_process</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_string-instance_method" title="#lsa_string (instance method)">#<strong>lsa_string</strong>(string) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Initialize a new LSA_STRING instance in memory.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#lsa_unicode_string-instance_method" title="#lsa_unicode_string (instance method)">#<strong>lsa_unicode_string</strong>(string) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Initialize a new LSA_UNICODE_STRING instance in memory.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#read_lsa_unicode_string-instance_method" title="#read_lsa_unicode_string (instance method)">#<strong>read_lsa_unicode_string</strong>(str) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Read an LSA_UNICODE_STRING from memory.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 9</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span>
<span class='id identifier rubyid_update_info'>update_info</span><span class='lparen'>(</span>
<span class='id identifier rubyid_info'>info</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Compat</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Meterpreter</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Commands</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='qwords_beg'>%w[</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_railgun_api</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_railgun_memread</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_railgun_memwrite</span><span class='words_sep'>
</span><span class='tstring_end'>]</span></span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_call_authentication_package-instance_method">
#<strong>lsa_call_authentication_package</strong>(handle, auth_package, submit_buffer, submit_buffer_length: nil) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 388</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_call_authentication_package'>lsa_call_authentication_package</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='comma'>,</span> <span class='id identifier rubyid_auth_package'>auth_package</span><span class='comma'>,</span> <span class='id identifier rubyid_submit_buffer'>submit_buffer</span><span class='comma'>,</span> <span class='label'>submit_buffer_length:</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_auth_package'>auth_package</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>String</span><span class='rparen'>)</span>
<span class='id identifier rubyid_auth_package'>auth_package</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_lookup_authentication_package'>lsa_lookup_authentication_package</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='comma'>,</span> <span class='id identifier rubyid_auth_package'>auth_package</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_auth_package'>auth_package</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_submit_buffer'>submit_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_submit_buffer'>submit_buffer</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='kw'>if</span> <span class='id identifier rubyid_submit_buffer'>submit_buffer</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>BinData</span><span class='op'>::</span><span class='const'>Struct</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_submit_buffer_length'>submit_buffer_length</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_submit_buffer_length'>submit_buffer_length</span> <span class='op'>=</span> <span class='id identifier rubyid_submit_buffer'>submit_buffer</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaCallAuthenticationPackage</span><span class='lparen'>(</span>
<span class='id identifier rubyid_handle'>handle</span><span class='comma'>,</span>
<span class='id identifier rubyid_auth_package'>auth_package</span><span class='comma'>,</span>
<span class='id identifier rubyid_submit_buffer'>submit_buffer</span><span class='comma'>,</span>
<span class='id identifier rubyid_submit_buffer_length'>submit_buffer_length</span><span class='comma'>,</span>
<span class='int'>4</span><span class='comma'>,</span>
<span class='int'>4</span><span class='comma'>,</span>
<span class='int'>4</span>
<span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to call the authentication package. LsaCallAuthenticationPackage failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ProtocolStatus</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_nt_status_to_win_error'>lsa_nt_status_to_win_error</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ProtocolStatus</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to call the authentication package. LsaCallAuthenticationPackage authentication package failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ProtocolReturnBuffer</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='const'><span class='object_link'><a href="Lsa/LsaPointer.html" title="Msf::Post::Windows::Lsa::LsaPointer (class)">LsaPointer</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="#initialize-instance_method" title="Msf::Post::Windows::Lsa#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ProtocolReturnBuffer</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_memread'>memread</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ProtocolReturnBuffer</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ReturnBufferLength</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_connect_untrusted-instance_method">
#<strong>lsa_connect_untrusted</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
423
424
425
426
427
428
429
430
431
432</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 423</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_connect_untrusted'>lsa_connect_untrusted</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaConnectUntrusted</span><span class='lparen'>(</span><span class='int'>4</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to obtain a handle to LSA. LsaConnectUntrusted failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LsaHandle</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_deregister_logon_process-instance_method">
#<strong>lsa_deregister_logon_process</strong>(handle) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
434
435
436
437
438
439
440
441
442
443</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 434</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_deregister_logon_process'>lsa_deregister_logon_process</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='rparen'>)</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaDeregisterLogonProcess</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to close the handle to LSA. LsaDeregisterLogonProcess failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_enumerate_logon_sessions-instance_method">
#<strong>lsa_enumerate_logon_sessions</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
445
446
447
448
449
450
451
452
453
454
455
456
457
458</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 445</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_enumerate_logon_sessions'>lsa_enumerate_logon_sessions</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaEnumerateLogonSessions</span><span class='lparen'>(</span><span class='int'>4</span><span class='comma'>,</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to enumerate logon sessions. LsaEnumerateLogonSessions failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LogonSessionCount</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='id identifier rubyid_luids'>luids</span> <span class='op'>=</span> <span class='const'>BinData</span><span class='op'>::</span><span class='const'>Array</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>type:</span> <span class='symbol'>:ms_dtyp_luid</span><span class='comma'>,</span> <span class='label'>initial_length:</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LogonSessionCount</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_luids'>luids</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_memread'>memread</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LogonSessionList</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_luids'>luids</span><span class='period'>.</span><span class='id identifier rubyid_num_bytes'>num_bytes</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaFreeReturnBuffer</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LogonSessionList</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_luids'>luids</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_get_logon_session_data-instance_method">
#<strong>lsa_get_logon_session_data</strong>(luid) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 460</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_get_logon_session_data'>lsa_get_logon_session_data</span><span class='lparen'>(</span><span class='id identifier rubyid_luid'>luid</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span>
<span class='kw'>when</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_logon_session_data'>logon_session_data</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/SECURITY_LOGON_SESSION_DATA_x64.html" title="Msf::Post::Windows::Lsa::SECURITY_LOGON_SESSION_DATA_x64 (class)">SECURITY_LOGON_SESSION_DATA_x64</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="#initialize-instance_method" title="Msf::Post::Windows::Lsa#initialize (method)">new</a></span></span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaGetLogonSessionData</span><span class='lparen'>(</span><span class='id identifier rubyid_luid'>luid</span><span class='comma'>,</span> <span class='int'>8</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_logon_session_data'>logon_session_data</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/SECURITY_LOGON_SESSION_DATA_x86.html" title="Msf::Post::Windows::Lsa::SECURITY_LOGON_SESSION_DATA_x86 (class)">SECURITY_LOGON_SESSION_DATA_x86</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="#initialize-instance_method" title="Msf::Post::Windows::Lsa#initialize (method)">new</a></span></span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaGetLogonSessionData</span><span class='lparen'>(</span><span class='id identifier rubyid_luid'>luid</span><span class='comma'>,</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unsupported session architecture: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to obtain logon session data. LsaGetLogonSessionData failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_logon_session_data'>logon_session_data</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_memread'>memread</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ppLogonSessionData</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_logon_session_data'>logon_session_data</span><span class='period'>.</span><span class='id identifier rubyid_num_bytes'>num_bytes</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="Lsa/LsaPointer.html" title="Msf::Post::Windows::Lsa::LsaPointer (class)">LsaPointer</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="#initialize-instance_method" title="Msf::Post::Windows::Lsa#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ppLogonSessionData</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_logon_session_data'>logon_session_data</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_lookup_authentication_package-instance_method">
#<strong>lsa_lookup_authentication_package</strong>(handle, package_name) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
482
483
484
485
486
487
488
489
490
491
492
493
494
495</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 482</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_lookup_authentication_package'>lsa_lookup_authentication_package</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='comma'>,</span> <span class='id identifier rubyid_package_name'>package_name</span><span class='rparen'>)</span>
<span class='id identifier rubyid_package_name'>package_name</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_string'>lsa_string</span><span class='lparen'>(</span><span class='id identifier rubyid_package_name'>package_name</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_package_name'>package_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaLookupAuthenticationPackage</span><span class='lparen'>(</span><span class='id identifier rubyid_handle'>handle</span><span class='comma'>,</span> <span class='id identifier rubyid_package_name'>package_name</span><span class='comma'>,</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_util'>util</span><span class='period'>.</span><span class='id identifier rubyid_free_string'>free_string</span><span class='lparen'>(</span><span class='id identifier rubyid_package_name'>package_name</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to lookup the authentication package. LsaLookupAuthenticationPackage failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>AuthenticationPackage</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_nt_status_to_win_error-instance_method">
#<strong>lsa_nt_status_to_win_error</strong>(nt_status) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
497
498
499</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 497</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_nt_status_to_win_error'>lsa_nt_status_to_win_error</span><span class='lparen'>(</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='rparen'>)</span>
<span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>Win32</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_advapi32'>advapi32</span><span class='period'>.</span><span class='const'>LsaNtStatusToWinError</span><span class='lparen'>(</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_register_logon_process-instance_method">
#<strong>lsa_register_logon_process</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
501
502
503
504
505
506
507
508
509
510
511
512
513
514</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 501</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_register_logon_process'>lsa_register_logon_process</span>
<span class='id identifier rubyid_logon_process_name'>logon_process_name</span> <span class='op'>=</span> <span class='id identifier rubyid_lsa_string'>lsa_string</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Winlogon</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_logon_process_name'>logon_process_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_result'>result</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_secur32'>secur32</span><span class='period'>.</span><span class='const'>LsaRegisterLogonProcess</span><span class='lparen'>(</span><span class='id identifier rubyid_logon_process_name'>logon_process_name</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span><span class='comma'>,</span> <span class='int'>4</span><span class='comma'>,</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_util'>util</span><span class='period'>.</span><span class='id identifier rubyid_free_string'>free_string</span><span class='lparen'>(</span><span class='id identifier rubyid_logon_process_name'>logon_process_name</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_status'>status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>return</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to obtain a handle to LSA. LsaRegisterLogonProcess failed with: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_status'>status</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_result'>result</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>LsaHandle</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_string-instance_method">
#<strong>lsa_string</strong>(string) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Initialize a new LSA_STRING instance in memory.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>string</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The string value to place in memory.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 343</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_string'>lsa_string</span><span class='lparen'>(</span><span class='id identifier rubyid_string'>string</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span>
<span class='kw'>when</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_klass'>klass</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/LSA_STRING_x64.html" title="Msf::Post::Windows::Lsa::LSA_STRING_x64 (class)">LSA_STRING_x64</a></span></span>
<span class='kw'>when</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_klass'>klass</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/LSA_STRING_x86.html" title="Msf::Post::Windows::Lsa::LSA_STRING_x86 (class)">LSA_STRING_x86</a></span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unsupported session architecture: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_util'>util</span><span class='period'>.</span><span class='id identifier rubyid_alloc_and_write_string'>alloc_and_write_string</span><span class='lparen'>(</span><span class='id identifier rubyid_string'>string</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_ptr'>ptr</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_klass'>klass</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>len:</span> <span class='id identifier rubyid_string'>string</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span> <span class='label'>maximum_len:</span> <span class='id identifier rubyid_string'>string</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>1</span><span class='comma'>,</span> <span class='label'>buffer:</span> <span class='id identifier rubyid_ptr'>ptr</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="lsa_unicode_string-instance_method">
#<strong>lsa_unicode_string</strong>(string) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Initialize a new LSA_UNICODE_STRING instance in memory.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>string</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The string value to place in memory.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 362</span>
<span class='kw'>def</span> <span class='id identifier rubyid_lsa_unicode_string'>lsa_unicode_string</span><span class='lparen'>(</span><span class='id identifier rubyid_string'>string</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span>
<span class='kw'>when</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_klass'>klass</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/LSA_UNICODE_STRING_x64.html" title="Msf::Post::Windows::Lsa::LSA_UNICODE_STRING_x64 (class)">LSA_UNICODE_STRING_x64</a></span></span>
<span class='kw'>when</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_klass'>klass</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Lsa/LSA_UNICODE_STRING_x86.html" title="Msf::Post::Windows::Lsa::LSA_UNICODE_STRING_x86 (class)">LSA_UNICODE_STRING_x86</a></span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unsupported session architecture: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_native_arch'>native_arch</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_ptr'>ptr</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_util'>util</span><span class='period'>.</span><span class='id identifier rubyid_alloc_and_write_string'>alloc_and_write_string</span><span class='lparen'>(</span><span class='id identifier rubyid_string'>string</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_ptr'>ptr</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_klass'>klass</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='label'>len:</span> <span class='id identifier rubyid_string'>string</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span> <span class='label'>maximum_len:</span> <span class='id identifier rubyid_string'>string</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>+</span> <span class='int'>2</span><span class='comma'>,</span> <span class='label'>buffer:</span> <span class='id identifier rubyid_ptr'>ptr</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="read_lsa_unicode_string-instance_method">
#<strong>read_lsa_unicode_string</strong>(str) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Read an LSA_UNICODE_STRING from memory.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>str</span>
<span class='type'>(<tt>LSA_UNICODE_STRING</tt>)</span>
&mdash;
<div class='inline'>
<p>The LSA_UNICODE_STRING to read from memory.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
381
382
383
384
385
386</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/lsa.rb', line 381</span>
<span class='kw'>def</span> <span class='id identifier rubyid_read_lsa_unicode_string'>read_lsa_unicode_string</span><span class='lparen'>(</span><span class='id identifier rubyid_str'>str</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_str'>str</span><span class='period'>.</span><span class='id identifier rubyid_len'>len</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='comment'># the len field is in bytes, divide by two because #read_wstring takes chars
</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_railgun'>railgun</span><span class='period'>.</span><span class='id identifier rubyid_util'>util</span><span class='period'>.</span><span class='id identifier rubyid_read_wstring'>read_wstring</span><span class='lparen'>(</span><span class='id identifier rubyid_str'>str</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span><span class='comma'>,</span> <span class='id identifier rubyid_str'>str</span><span class='period'>.</span><span class='id identifier rubyid_len'>len</span> <span class='op'>/</span> <span class='int'>2</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:15 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink