Module: Msf::Post::Windows::Eventlog

Defined in:

lib/msf/core/post/windows/eventlog.rb

Instance Method Summary

• #eventlog_clear(evt = "") ⇒ Object

  Clears a given eventlog or all eventlogs if none is given.

• #eventlog_list ⇒ Object

  Enumerate eventlogs.

• #initialize(info = {}) ⇒ Object

Instance Method Details

#eventlog_clear(evt = "") ⇒ Object

Clears a given eventlog or all eventlogs if none is given. Returns an array of eventlogs that where cleared.

# File 'lib/msf/core/post/windows/eventlog.rb', line 42

def eventlog_clear(evt = "")
  evntlog = []
  if evt.empty?
    evntlog = eventloglist
  else
    evntlog << evt
  end
  evntlog.each do |e|
    log = session.sys.eventlog.open(e)
    log.clear
  end
  return evntlog
end

#eventlog_list ⇒ Object

Enumerate eventlogs

# File 'lib/msf/core/post/windows/eventlog.rb', line 27

def eventlog_list
  key = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\"
  if session.sys.config.sysinfo['OS'] =~ /Windows 2003|\.Net|XP|2000/
    key = "#{key}Eventlog"
  else
    key = "#{key}eventlog"
  end
  eventlogs = registry_enumkeys(key)
  return eventlogs
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/post/windows/eventlog.rb', line 8

def initialize(info = {})
  super(
    update_info(
      info,
      'Compat' => {
        'Meterpreter' => {
          'Commands' => %w[
            stdapi_sys_config_sysinfo
            stdapi_sys_eventlog_*
          ]
        }
      }
    )
  )
end