Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
Views: 11655
# -*- coding: binary -*-12module Rex3module Post4module Meterpreter5module Extensions6module Extapi7module Adsi89###10#11# This meterpreter extension contains extended API functions for12# querying and managing desktop windows.13#14###15class Adsi1617def initialize(client)18@client = client19end2021#22# Perform a generic domain query against ADSI.23#24# @param domain_name [String] The FQDN of the target domain.25# @param filter [String] The filter to apply to the query in26# LDAP format.27# @param max_results [Integer] The maximum number of results28# to return.29# @param page_size [Integer] The size of the page of results30# to return.31# @param fields [Array] Array of string fields to return for32# each result found33#34# @return [Hash] Array of field names with associated results.35#36def domain_query(domain_name, filter, max_results, page_size, fields)37request = Packet.create_request(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY)3839request.add_tlv(TLV_TYPE_EXT_ADSI_DOMAIN, domain_name)40request.add_tlv(TLV_TYPE_EXT_ADSI_FILTER, filter)41request.add_tlv(TLV_TYPE_EXT_ADSI_MAXRESULTS, max_results)42request.add_tlv(TLV_TYPE_EXT_ADSI_PAGESIZE, page_size)4344fields.each do |f|45request.add_tlv(TLV_TYPE_EXT_ADSI_FIELD, f)46end4748response = client.send_request(request)4950results = extract_results(response)5152return {53:fields => fields,54:results => results55}56end5758attr_accessor :client5960protected6162#63# Retrieve the results of the query from the response64# packet that was returned from Meterpreter.65#66# @param response [Packet] Reference to the received67# packet that was returned from Meterpreter.68#69# @return [Array[Array[[Hash]]] Collection of results from70# the ADSI query.71#72def extract_results(response)73results = []7475response.each(TLV_TYPE_EXT_ADSI_RESULT) do |r|76results << extract_values(r)77end7879results80end8182#83# Extract a single row of results from a TLV group.84#85# @param tlv_container [Packet] Reference to the TLV86# group to pull the values from.87#88# @return [Array[Hash]] Collection of values from89# the single ADSI query result row.90#91def extract_values(tlv_container)92values = []93tlv_container.get_tlvs(TLV_TYPE_ANY).each do |v|94values << extract_value(v)95end96values97end9899#100# Convert a single ADSI result value into a usable101# value that also describes its type.102#103# @param v [TLV] The TLV item that contains the value.104#105# @return [Hash] The type/value pair from the TLV.106#107def extract_value(v)108value = {109:type => :unknown110}111112case v.type113when TLV_TYPE_EXT_ADSI_STRING114value = {115:type => :string,116:value => v.value117}118when TLV_TYPE_EXT_ADSI_NUMBER, TLV_TYPE_EXT_ADSI_BIGNUMBER119value = {120:type => :number,121:value => v.value122}123when TLV_TYPE_EXT_ADSI_BOOL124value = {125:type => :bool,126:value => v.value127}128when TLV_TYPE_EXT_ADSI_RAW129value = {130:type => :raw,131:value => v.value132}133when TLV_TYPE_EXT_ADSI_ARRAY134value = {135:type => :array,136:value => extract_values(v.value)137}138when TLV_TYPE_EXT_ADSI_PATH139value = {140:type => :path,141:volume => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_VOL),142:path => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_PATH),143:vol_type => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_TYPE)144}145when TLV_TYPE_EXT_ADSI_DN146values = v.get_tlvs(TLV_TYPE_ALL)147value = {148:type => :dn,149:label => values[0].value150}151152if values[1].type == TLV_TYPE_EXT_ADSI_STRING153value[:string] = value[1].value154else155value[:raw] = value[1].value156end157end158159value160end161end162163end; end; end; end; end; end164165166167