From 732192aeaf59e3bd554add22e1a7ab5b8ec4d08f Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 22 Jun 2015 09:04:08 -0500 Subject: [PATCH] move ntds from priv to extapi --- lib/metasploit/framework/ntds/parser.rb | 6 +-- .../meterpreter/extensions/extapi/extapi.rb | 2 + .../extensions/extapi/ntds/ntds.rb | 39 +++++++++++++++++++ .../post/meterpreter/extensions/extapi/tlv.rb | 3 ++ .../post/meterpreter/extensions/priv/priv.rb | 11 ------ .../post/meterpreter/extensions/priv/tlv.rb | 3 -- 6 files changed, 47 insertions(+), 17 deletions(-) create mode 100644 lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb diff --git a/lib/metasploit/framework/ntds/parser.rb b/lib/metasploit/framework/ntds/parser.rb index ac7a8c0274..7c4d91890c 100644 --- a/lib/metasploit/framework/ntds/parser.rb +++ b/lib/metasploit/framework/ntds/parser.rb @@ -19,7 +19,7 @@ module Metasploit def initialize(client, file_path='') raise ArgumentError, "Invalid Filepath" unless file_path.present? @file_path = file_path - @channel = client.priv.ntds_parse(file_path) + @channel = client.extapi.ntds.parse(file_path) @client = client end @@ -61,10 +61,10 @@ module Metasploit end def reopen_channel - @channel = client.priv.ntds_parse(file_path) + @channel = client.extapi.ntds.parse(file_path) end end end end -end \ No newline at end of file +end diff --git a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb index 31a3cd45af..ecc0852d9a 100644 --- a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +++ b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb @@ -5,6 +5,7 @@ require 'rex/post/meterpreter/extensions/extapi/window/window' require 'rex/post/meterpreter/extensions/extapi/service/service' require 'rex/post/meterpreter/extensions/extapi/clipboard/clipboard' require 'rex/post/meterpreter/extensions/extapi/adsi/adsi' +require 'rex/post/meterpreter/extensions/extapi/ntds/ntds' require 'rex/post/meterpreter/extensions/extapi/wmi/wmi' module Rex @@ -34,6 +35,7 @@ class Extapi < Extension 'service' => Rex::Post::Meterpreter::Extensions::Extapi::Service::Service.new(client), 'clipboard' => Rex::Post::Meterpreter::Extensions::Extapi::Clipboard::Clipboard.new(client), 'adsi' => Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi.new(client), + 'ntds' => Rex::Post::Meterpreter::Extensions::Extapi::Ntds::Ntds.new(client), 'wmi' => Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi.new(client) }) }, diff --git a/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb new file mode 100644 index 0000000000..8900434fd7 --- /dev/null +++ b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb @@ -0,0 +1,39 @@ +# -*- coding: binary -*- + +module Rex +module Post +module Meterpreter +module Extensions +module Extapi +module Ntds + +### +# +# This meterpreter extension contains extended API functions for +# parsing the NT Directory Service database. +# +### +class Ntds + + def initialize(client) + @client = client + end + + def parse(filepath) + request = Packet.create_request('extapi_ntds_parse') + request.add_tlv( TLV_TYPE_NTDS_PATH, filepath) + # wait up to 90 seconds for a response + response = client.send_request(request, 90) + channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID) + if channel_id.nil? + raise Exception, "We did not get a channel back!" + end + Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "extapi_ntds", CHANNEL_FLAG_SYNCHRONOUS) + end + + attr_accessor :client + +end + +end; end; end; end; end; end + diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb index 0a96954776..99a7cf3a85 100644 --- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb @@ -72,6 +72,9 @@ TLV_TYPE_EXT_ADSI_PATH_PATH = TLV_META_TYPE_STRING | (TLV_TYPE_E TLV_TYPE_EXT_ADSI_PATH_TYPE = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69) TLV_TYPE_EXT_ADSI_DN = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70) +TLV_TYPE_NTDS_TEST = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 80) +TLV_TYPE_NTDS_PATH = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 81) + TLV_TYPE_EXT_WMI_DOMAIN = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90) TLV_TYPE_EXT_WMI_QUERY = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91) TLV_TYPE_EXT_WMI_FIELD = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92) diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb index 12bed0d606..96a2e4fc6f 100644 --- a/lib/rex/post/meterpreter/extensions/priv/priv.rb +++ b/lib/rex/post/meterpreter/extensions/priv/priv.rb @@ -95,17 +95,6 @@ class Priv < Extension } end - def ntds_parse(filepath) - request = Packet.create_request( 'priv_ntds_parse' ) - request.add_tlv( TLV_TYPE_NTDS_PATH, filepath) - response = client.send_request( request, 90 ) - channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID) - if channel_id.nil? - raise Exception, "We did not get a channel back!" - end - Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "priv_ntds", CHANNEL_FLAG_SYNCHRONOUS) - end - # # Modifying privileged file system attributes. # diff --git a/lib/rex/post/meterpreter/extensions/priv/tlv.rb b/lib/rex/post/meterpreter/extensions/priv/tlv.rb index 37fbc50bc5..92cf1b7f4a 100644 --- a/lib/rex/post/meterpreter/extensions/priv/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/priv/tlv.rb @@ -22,9 +22,6 @@ TLV_TYPE_ELEVATE_SERVICE_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2 TLV_TYPE_ELEVATE_SERVICE_DLL = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 202) TLV_TYPE_ELEVATE_SERVICE_LENGTH = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 203) -#NTDS -TLV_TYPE_NTDS_PATH = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 301) - end end end