Class: Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi

Defined in:

lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb

Overview

This meterpreter extension contains extended API functions for querying and managing desktop windows.

Instance Attribute Summary

• #client ⇒ Object

  Returns the value of attribute client.

Instance Method Summary

• #domain_query(domain_name, filter, max_results, page_size, fields) ⇒ Hash

  Perform a generic domain query against ADSI.

• #extract_results(response) ⇒ Array[Array[[Hash]]] Collection of results from the ADSI query. protected

  Retrieve the results of the query from the response packet that was returned from Meterpreter.

• #extract_value(v) ⇒ Hash protected

  Convert a single ADSI result value into a usable value that also describes its type.

• #extract_values(tlv_container) ⇒ Array[Hash] protected

  Extract a single row of results from a TLV group.

• #initialize(client) ⇒ Adsi constructor

  A new instance of Adsi.

Constructor Details

#initialize(client) ⇒ Adsi

Returns a new instance of Adsi.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 18

def initialize(client)
  @client = client
end

Instance Attribute Details

#client ⇒ Object

Returns the value of attribute client.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 59

def client
  @client
end

Instance Method Details

#domain_query(domain_name, filter, max_results, page_size, fields) ⇒ Hash

Perform a generic domain query against ADSI.

Parameters:

• domain_name (String) —

  The FQDN of the target domain.

• filter (String) —

  The filter to apply to the query in LDAP format.

• max_results (Integer) —

  The maximum number of results to return.

• page_size (Integer) —

  The size of the page of results to return.

• fields (Array) —

  Array of string fields to return for each result found

Returns:

• (Hash) —

  Array of field names with associated results.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 37

def domain_query(domain_name, filter, max_results, page_size, fields)
  request = Packet.create_request(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY)

  request.add_tlv(TLV_TYPE_EXT_ADSI_DOMAIN, domain_name)
  request.add_tlv(TLV_TYPE_EXT_ADSI_FILTER, filter)
  request.add_tlv(TLV_TYPE_EXT_ADSI_MAXRESULTS, max_results)
  request.add_tlv(TLV_TYPE_EXT_ADSI_PAGESIZE, page_size)

  fields.each do |f|
    request.add_tlv(TLV_TYPE_EXT_ADSI_FIELD, f)
  end

  response = client.send_request(request)

  results = extract_results(response)

  return {
    :fields  => fields,
    :results => results
  }
end

#extract_results(response) ⇒ Array[Array[[Hash]]] Collection of results from the ADSI query. (protected)

Retrieve the results of the query from the response

packet that was returned from Meterpreter.

Parameters:

• response (Packet) —

  Reference to the received packet that was returned from Meterpreter.

Returns:

• (Array[Array[[Hash]]] Collection of results from the ADSI query.) —

  Array[Array[]] Collection of results from the ADSI query.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 73

def extract_results(response)
  results = []

  response.each(TLV_TYPE_EXT_ADSI_RESULT) do |r|
    results << extract_values(r)
  end

  results
end

#extract_value(v) ⇒ Hash (protected)

Convert a single ADSI result value into a usable

value that also describes its type.

Parameters:

• v (TLV) —

  The TLV item that contains the value.

Returns:

• (Hash) —

  The type/value pair from the TLV.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 108

def extract_value(v)
  value = {
    :type => :unknown
  }

  case v.type
  when TLV_TYPE_EXT_ADSI_STRING
    value = {
      :type  => :string,
      :value => v.value
    }
  when TLV_TYPE_EXT_ADSI_NUMBER, TLV_TYPE_EXT_ADSI_BIGNUMBER
    value = {
      :type  => :number,
      :value => v.value
    }
  when TLV_TYPE_EXT_ADSI_BOOL
    value = {
      :type  => :bool,
      :value => v.value
    }
  when TLV_TYPE_EXT_ADSI_RAW
    value = {
      :type  => :raw,
      :value => v.value
    }
  when TLV_TYPE_EXT_ADSI_ARRAY
    value = {
      :type  => :array,
      :value => extract_values(v.value)
    }
  when TLV_TYPE_EXT_ADSI_PATH
    value = {
      :type     => :path,
      :volume   => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_VOL),
      :path     => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_PATH),
      :vol_type => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_TYPE)
    }
  when TLV_TYPE_EXT_ADSI_DN
    values = v.get_tlvs(TLV_TYPE_ALL)
    value = {
      :type   => :dn,
      :label  => values[0].value
    }

    if values[1].type == TLV_TYPE_EXT_ADSI_STRING
      value[:string] = value[1].value
    else
      value[:raw] = value[1].value
    end
  end

  value
end

#extract_values(tlv_container) ⇒ Array[Hash] (protected)

Extract a single row of results from a TLV group.

Parameters:

• tlv_container (Packet) —

  Reference to the TLV group to pull the values from.

Returns:

• (Array[Hash]) —

  Collection of values from the single ADSI query result row.

# File 'lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb', line 92

def extract_values(tlv_container)
  values = []
  tlv_container.get_tlvs(TLV_TYPE_ANY).each do |v|
    values << extract_value(v)
  end
  values
end