Add a bunch of extra filter options

David Maloney · David Maloney · commit 5738d808ba91 · 2012-09-21T13:27:16.000-05:00
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -47,7 +47,10 @@ class Console::CommandDispatcher::Stdapi::Sys
 
 	@@ps_opts = Rex::Parser::Arguments.new(
 		"-h" => [false, "Help menu."],
-		"-S" => [true, "RegEx term(s) to filter results with "])
+		"-S" => [true, "RegEx term to filter on process name with "],
+		"-A" => [true, "Arch to filter on (x86 or x86_64"],
+		"-s"  =>[false, "Show only SYSTEM processes"],
+		"-U"  => [true, "RegEx term to filter on user name with"])
 
 	#
 	# List of supported commands.
@@ -284,7 +287,7 @@ def cmd_ps(*args)
 				cmd_ps_help
 				return true
 			when "-S"
-				print_line "Performing Search..."
+				print_line "Filtering on process name..."
 				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
 				processes.each do |proc| 
 					if val.nil? or val.empty?
@@ -294,6 +297,36 @@ def cmd_ps(*args)
 					searched_procs << proc  if proc["name"].match(/#{val}/)
 				end
 				processes = searched_procs
+			when "-A"
+				print_line "Filtering on arch..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					next if proc['arch'].nil? or proc['arch'].empty?
+					if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
+						print_line "You must select either x86 or x86_64"
+						return false
+					end
+					searched_procs << proc  if proc["arch"] == val
+				end
+				processes = searched_procs
+			when "-s"
+				print_line "Filtering on SYSTEM processes..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					searched_procs << proc  if proc["user"] == "NT AUTHORITY\\SYSTEM"
+				end
+				processes = searched_procs
+			when "-U"
+				print_line "Filtering on user name..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					if val.nil? or val.empty?
+						print_line "You must supply a search term!"
+						return false
+					end
+					searched_procs << proc  if proc["user"].match(/#{val}/)
+				end
+				processes = searched_procs
 			end
 		end
 		if (processes.length == 0)
@@ -316,6 +349,8 @@ def cmd_ps_help
 		print_line "Would return any processes with 'svc' in the name"
 	end
 
+
+
 	#
 	# Reboots the remote computer.
 	#
@@ -627,6 +662,7 @@ def cmd_shutdown(*args)
 		client.sys.power.shutdown
 	end
 
+
 end
 
 end
