Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Rex
4
module Post
5
module Meterpreter
6
module Extensions
7
module Extapi
8
module Service
9

10
###
11
#
12
# This meterpreter extension contains extended API functions for
13
# querying and managing Windows services.
14
#
15
###
16
class Service
17

18
  SERVICE_OP_START   = 1
19
  SERVICE_OP_PAUSE   = 2
20
  SERVICE_OP_RESUME  = 3
21
  SERVICE_OP_STOP    = 4
22
  SERVICE_OP_RESTART = 5
23

24
  def initialize(client)
25
    @client = client
26
  end
27

28
  #
29
  # Enumerate all the services on the target.
30
  #
31
  def enumerate
32
    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_ENUM)
33
    response = client.send_request(request)
34

35
    services = []
36

37
    response.each(TLV_TYPE_EXT_SERVICE_ENUM_GROUP) do |s|
38
      services << {
39
        :name         => s.get_tlv_value(TLV_TYPE_EXT_SERVICE_ENUM_NAME),
40
        :display      => s.get_tlv_value(TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME),
41
        :pid          => s.get_tlv_value(TLV_TYPE_EXT_SERVICE_ENUM_PID),
42
        :status       => s.get_tlv_value(TLV_TYPE_EXT_SERVICE_ENUM_STATUS),
43
        :interactive  => s.get_tlv_value(TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE)
44
      }
45
    end
46

47
    services.sort_by { |s| s[:name].upcase }
48
  end
49

50
  #
51
  # Query some detailed parameters about a particular service.
52
  #
53
  def query(service_name)
54
    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_QUERY)
55
    request.add_tlv(TLV_TYPE_EXT_SERVICE_ENUM_NAME, service_name)
56

57
    response = client.send_request(request)
58

59
    {
60
      :starttype   => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE),
61
      :display     => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME),
62
      :startname   => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME),
63
      :path        => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_PATH),
64
      :logroup     => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP),
65
      :interactive => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE),
66
      :dacl        => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DACL),
67
      :status      => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STATUS)
68
    }
69
  end
70

71
  #
72
  # Control a single service
73
  #
74
  def control(service_name, op)
75
    if op.is_a? String
76
      case op.strip.downcase
77
      when "start"
78
        op = SERVICE_OP_START
79
      when "pause"
80
        op = SERVICE_OP_PAUSE
81
      when "resume"
82
        op = SERVICE_OP_RESUME
83
      when "stop"
84
        op = SERVICE_OP_STOP
85
      when "restart"
86
        op = SERVICE_OP_RESTART
87
      end
88
    end
89

90
    unless (op.is_a? Integer) && op >= SERVICE_OP_START && op <= SERVICE_OP_RESTART
91
      raise ArgumentError, "Invalid operation: #{op}"
92
    end
93

94
    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_CONTROL)
95
    request.add_tlv(TLV_TYPE_EXT_SERVICE_CTRL_NAME, service_name)
96
    request.add_tlv(TLV_TYPE_EXT_SERVICE_CTRL_OP, op)
97
    client.send_request(request)
98
  end
99

100
  attr_accessor :client
101

102
end
103

104
end; end; end; end; end; end
105

106