Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Rex
4
module Post
5
module Meterpreter
6
module Extensions
7
module Extapi
8
module Wmi
9

10
###
11
#
12
# This meterpreter extension contains extended API functions for
13
# performing WMI queries.
14
#
15
###
16
class Wmi
17

18
  def initialize(client)
19
    @client = client
20
  end
21

22
  #
23
  # Perform a generic wmi query against the target machine.
24
  #
25
  # @param query [String] The WMI query string.
26
  # @param root [String] Specify root to target, otherwise defaults
27
  #   to 'root\cimv2'
28
  #
29
  # @return [Hash] Array of field names with associated values.
30
  #
31
  def query(query, root = nil)
32
    request = Packet.create_request(COMMAND_ID_EXTAPI_WMI_QUERY)
33

34
    request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.to_s.strip.empty?
35
    request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query)
36

37
    response = client.send_request(request)
38

39
    # Bomb out with the right error messa
40
    error_msg = response.get_tlv_value(TLV_TYPE_EXT_WMI_ERROR)
41
    raise error_msg if error_msg
42

43
    fields = []
44
    fields_tlv = response.get_tlv(TLV_TYPE_EXT_WMI_FIELDS)
45

46
    # If we didn't get any fields back, then we didn't get any results.
47
    # The reason is because without results, we don't know which fields
48
    # were requested in the first place
49
    return nil unless fields_tlv
50

51
    fields_tlv.each(TLV_TYPE_EXT_WMI_FIELD) { |f|
52
      fields << f.value
53
    }
54

55
    values = []
56
    response.each(TLV_TYPE_EXT_WMI_VALUES) { |r|
57
      value = []
58
      r.each(TLV_TYPE_EXT_WMI_VALUE) { |v|
59
        value << v.value
60
      }
61
      values << value
62
    }
63

64
    return {
65
      :fields  => fields,
66
      :values => values
67
    }
68
  end
69

70
  attr_accessor :client
71

72
end
73

74
end; end; end; end; end; end
75

76

77