@@ -63,8 +63,8 @@ class Console::CommandDispatcher::Stdapi::Sys
6363 # Options for the 'ps' command.
6464 #
6565 @@ps_opts = Rex ::Parser ::Arguments . new (
66+ "-S" => [ true , "String to search for (converts to regex)" ] ,
6667 "-h" => [ false , "Help menu." ] ,
67- "-S" => [ true , "Filters processes on the process name using the supplied RegEx" ] ,
6868 "-A" => [ true , "Filters processes on architecture (x86 or x86_64)" ] ,
6969 "-s" => [ false , "Show only SYSTEM processes" ] ,
7070 "-U" => [ true , "Filters processes on the user using the supplied RegEx" ] )
@@ -422,23 +422,27 @@ def validate_pids(pids, allow_pid_0 = false, allow_session_pid = false)
422422 # Lists running processes.
423423 #
424424 def cmd_ps ( *args )
425+ # Init vars
425426 processes = client . sys . process . get_processes
426- @@ps_opts . parse ( args ) do |opt , idx , val |
427+ search_term = nil
428+
429+ # Parse opts
430+ @@ps_opts . parse ( args ) { |opt , idx , val |
427431 case opt
428- when "-h"
429- cmd_ps_help
432+ when '-S'
433+ search_term = val
434+ if search_term . nil?
435+ print_error ( "Enter a search term" )
430436 return true
431- when "-S"
432- print_line "Filtering on process name..."
433- searched_procs = Rex ::Post ::Meterpreter ::Extensions ::Stdapi ::Sys ::ProcessList . new
434- processes . each do |proc |
435- if val . nil? or val . empty?
436- print_line "You must supply a search term!"
437- return false
438437 end
439- searched_procs << proc if proc [ "name" ] . match ( /#{ val } )
440- end
441- processes = searched_procs
438+ when '-h'
439+ print_line "Usage: ps [ options ]"
440+ print_line
441+ print_line "OPTIONS:"
442+ print_line " -S Search string to filter by"
443+ print_line " -h This help menu"
444+ print_line
445+ return 0
442446 when "-A"
443447 print_line "Filtering on arch..."
444448 searched_procs = Rex ::Post ::Meterpreter ::Extensions ::Stdapi ::Sys ::ProcessList . new
@@ -470,12 +474,44 @@ def cmd_ps(*args)
470474 end
471475 processes = searched_procs
472476 end
477+ }
478+
479+ tbl = Rex ::Ui ::Text ::Table . new (
480+ 'Header' => "Process list" ,
481+ 'Indent' => 1 ,
482+ 'Columns' =>
483+ [
484+ "PID" ,
485+ "Name" ,
486+ "Arch" ,
487+ "Session" ,
488+ "User" ,
489+ "Path"
490+ ] ,
491+ 'SearchTerm' => search_term )
492+
493+ processes . each { |ent |
494+
495+ session = ent [ 'session' ] == 0xFFFFFFFF ? '' : ent [ 'session' ] . to_s
496+ arch = ent [ 'arch' ]
497+
498+ # for display and consistency with payload naming we switch the internal 'x86_64' value to display 'x64'
499+ if ( arch == ARCH_X86_64 )
500+ arch = "x64"
473501 end
502+
503+ row = [ ent [ 'pid' ] . to_s , ent [ 'name' ] , arch , session , ent [ 'user' ] , ent [ 'path' ] ]
504+
505+ tbl << row #if (search_term.nil? or row.join(' ').to_s.match(search_term))
506+
507+
508+ }
509+
474510 if ( processes . length == 0 )
475511 print_line ( "No running processes were found." )
476512 else
477513 print_line
478- print_line ( processes . to_table ( "Indent" => 1 ) . to_s )
514+ print ( " \n " + tbl . to_s + " \n " )
479515 print_line
480516 end
481517 return true
@@ -672,7 +708,7 @@ def cmd_reg(*args)
672708
673709 open_key . set_value ( value , client . sys . registry . type2str ( type ) , data )
674710
675- print_line ( "Successful set #{ value } )
711+ print_line ( "Successfully set #{ value } of #{ type } )
676712
677713 when "deleteval"
678714 if ( value == nil )
@@ -912,4 +948,3 @@ def cmd_suspend_help
912948end
913949end
914950end
915-
0 commit comments