From ae3efa0589c74ffa0e7978d1fb21d03336da6b84 Mon Sep 17 00:00:00 2001 From: alanfoster Date: Thu, 21 Oct 2021 00:54:41 +0100 Subject: [PATCH] Add command name to Meterpreter packet inspect --- lib/rex/post/meterpreter/command_mapper.rb | 1 + lib/rex/post/meterpreter/packet.rb | 10 ++++- lib/rex/post/meterpreter/packet_dispatcher.rb | 5 +-- spec/lib/rex/post/meterpreter/packet_spec.rb | 41 ++++++++++++++----- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/lib/rex/post/meterpreter/command_mapper.rb b/lib/rex/post/meterpreter/command_mapper.rb index 3d484668d8..67546e627e 100644 --- a/lib/rex/post/meterpreter/command_mapper.rb +++ b/lib/rex/post/meterpreter/command_mapper.rb @@ -2,6 +2,7 @@ require 'rex/post/meterpreter/extension_mapper' require 'rex/post/meterpreter/core_ids' +require 'rex/post/meterpreter/client_core' module Rex module Post diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb index 0adcdee4b9..de246dda87 100644 --- a/lib/rex/post/meterpreter/packet.rb +++ b/lib/rex/post/meterpreter/packet.rb @@ -1,5 +1,6 @@ # -*- coding: binary -*- require 'openssl' +require 'rex/post/meterpreter/command_mapper' module Rex module Post @@ -403,6 +404,14 @@ class Tlv tlvs_inspect << "]" else tlvs_inspect = "meta=#{meta.ljust(10)} value=#{val}" + if type == TLV_TYPE_COMMAND_ID + begin + command_name = ::Rex::Post::Meterpreter::CommandMapper.get_command_name(value) + rescue + command_name = nil + end + tlvs_inspect <<= " command=#{command_name || 'unknown'}" + end end "#<#{self.class} type=#{stype.ljust(15)} #{tlvs_inspect}>" end @@ -1092,4 +1101,3 @@ end end; end; end - diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb index 8da7fe7da8..4ecf67e61b 100644 --- a/lib/rex/post/meterpreter/packet_dispatcher.rb +++ b/lib/rex/post/meterpreter/packet_dispatcher.rb @@ -131,7 +131,7 @@ module PacketDispatcher end # Uncomment this line if you want to see outbound packets in the console. - #STDERR.puts("SEND: #{packet.inspect}\n") + # STDERR.puts("\n\e[1;31mSEND\e[0m: #{packet.inspect}\n") bytes = 0 raw = packet.to_r(session_guid, tlv_enc_key) @@ -580,7 +580,7 @@ module PacketDispatcher handled = false # Uncomment this line if you want to see inbound packets in the console - #STDERR.puts("RECV: #{packet.inspect}\n") + # STDERR.puts("\n\e[1;32mRECV\e[0m: #{packet.inspect}\n") # Update our last reply time self.last_checkin = ::Time.now @@ -708,4 +708,3 @@ module HttpPacketDispatcher end end; end; end - diff --git a/spec/lib/rex/post/meterpreter/packet_spec.rb b/spec/lib/rex/post/meterpreter/packet_spec.rb index 438a03873c..8cc0f715ee 100644 --- a/spec/lib/rex/post/meterpreter/packet_spec.rb +++ b/spec/lib/rex/post/meterpreter/packet_spec.rb @@ -118,19 +118,38 @@ RSpec.describe Rex::Post::Meterpreter::Tlv do end context "A Command ID TLV" do - subject(:tlv) { - Rex::Post::Meterpreter::Tlv.new( - Rex::Post::Meterpreter::TLV_TYPE_COMMAND_ID, - 31337 - ) - } - it "should have a meta type of UINT" do - expect(tlv.meta_type?(Rex::Post::Meterpreter::TLV_META_TYPE_UINT)).to eq true + context 'when the Command ID is valid' do + subject(:tlv) { + Rex::Post::Meterpreter::Tlv.new( + Rex::Post::Meterpreter::TLV_TYPE_COMMAND_ID, + 1001 + ) + } + it "should have a meta type of UINT" do + expect(tlv.meta_type?(Rex::Post::Meterpreter::TLV_META_TYPE_UINT)).to eq true + end + + it "should show the correct type and meta type in inspect" do + tlv_to_s = "#" + expect(tlv.inspect).to eq tlv_to_s + end end - it "should show the correct type and meta type in inspect" do - tlv_to_s = "#" - expect(tlv.inspect).to eq tlv_to_s + context 'when the Command ID is invalid' do + subject(:tlv) { + Rex::Post::Meterpreter::Tlv.new( + Rex::Post::Meterpreter::TLV_TYPE_COMMAND_ID, + 31337 + ) + } + it "should have a meta type of UINT" do + expect(tlv.meta_type?(Rex::Post::Meterpreter::TLV_META_TYPE_UINT)).to eq true + end + + it "should show the correct type and meta type in inspect" do + tlv_to_s = "#" + expect(tlv.inspect).to eq tlv_to_s + end end end