move ntds from priv to extapi

2015-06-22 09:04:08 -05:00 · 2015-06-22 09:04:08 -05:00 · 732192aeaf
parent 7f27fd0cf2
commit 732192aeaf
6 changed files with 47 additions and 17 deletions
--- a/lib/metasploit/framework/ntds/parser.rb
+++ b/lib/metasploit/framework/ntds/parser.rb
@ -19,7 +19,7 @@ module Metasploit
        def initialize(client, file_path='')
          raise ArgumentError, "Invalid Filepath" unless file_path.present?
          @file_path = file_path
-          @channel = client.priv.ntds_parse(file_path)
+          @channel = client.extapi.ntds.parse(file_path)
          @client = client
        end

@ -61,10 +61,10 @@ module Metasploit
        end

        def reopen_channel
-          @channel = client.priv.ntds_parse(file_path)
+          @channel = client.extapi.ntds.parse(file_path)
        end

      end
    end
  end
-end
+end
--- a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
@ -5,6 +5,7 @@ require 'rex/post/meterpreter/extensions/extapi/window/window'
 require 'rex/post/meterpreter/extensions/extapi/service/service'
 require 'rex/post/meterpreter/extensions/extapi/clipboard/clipboard'
 require 'rex/post/meterpreter/extensions/extapi/adsi/adsi'
+require 'rex/post/meterpreter/extensions/extapi/ntds/ntds'
 require 'rex/post/meterpreter/extensions/extapi/wmi/wmi'

 module Rex
@ -34,6 +35,7 @@ class Extapi < Extension
              'service'   => Rex::Post::Meterpreter::Extensions::Extapi::Service::Service.new(client),
              'clipboard' => Rex::Post::Meterpreter::Extensions::Extapi::Clipboard::Clipboard.new(client),
              'adsi'      => Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi.new(client),
+              'ntds'      => Rex::Post::Meterpreter::Extensions::Extapi::Ntds::Ntds.new(client),
              'wmi'       => Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi.new(client)
            })
        },
--- a/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+module Ntds
+
+###
+#
+# This meterpreter extension contains extended API functions for
+# parsing the NT Directory Service database.
+#
+###
+class Ntds
+
+  def initialize(client)
+    @client = client
+  end
+
+  def parse(filepath)
+    request = Packet.create_request('extapi_ntds_parse')
+    request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
+    # wait up to 90 seconds for a response
+    response = client.send_request(request, 90)
+    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
+    if channel_id.nil?
+      raise Exception, "We did not get a channel back!"
+    end
+    Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "extapi_ntds", CHANNEL_FLAG_SYNCHRONOUS)
+  end
+
+  attr_accessor :client
+
+end
+
+end; end; end; end; end; end
+
--- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@ -72,6 +72,9 @@ TLV_TYPE_EXT_ADSI_PATH_PATH                 = TLV_META_TYPE_STRING | (TLV_TYPE_E
 TLV_TYPE_EXT_ADSI_PATH_TYPE                 = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
 TLV_TYPE_EXT_ADSI_DN                        = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)

+TLV_TYPE_NTDS_TEST                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 80)
+TLV_TYPE_NTDS_PATH                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 81)
+
 TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90)
 TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91)
 TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92)
--- a/lib/rex/post/meterpreter/extensions/priv/priv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@ -95,17 +95,6 @@ class Priv < Extension
    }
  end

-  def ntds_parse(filepath)
-    request = Packet.create_request( 'priv_ntds_parse' )
-    request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
-    response = client.send_request( request, 90 )
-    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
-    if channel_id.nil?
-      raise Exception, "We did not get a channel back!"
-    end
-    Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "priv_ntds", CHANNEL_FLAG_SYNCHRONOUS)
-  end
-
  #
  # Modifying privileged file system attributes.
  #
--- a/lib/rex/post/meterpreter/extensions/priv/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
@ -22,9 +22,6 @@ TLV_TYPE_ELEVATE_SERVICE_NAME       = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2
 TLV_TYPE_ELEVATE_SERVICE_DLL        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 202)
 TLV_TYPE_ELEVATE_SERVICE_LENGTH     = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 203)

-#NTDS
-TLV_TYPE_NTDS_PATH                  = TLV_META_TYPE_STRING | (TLV_EXTENSIONS +   301)
-
 end
 end
 end