move ntds from priv to extapi

Brent Cook · Brent Cook · commit 732192aeaf59 · 2015-06-22T09:04:08.000-05:00
diff --git a/lib/metasploit/framework/ntds/parser.rb b/lib/metasploit/framework/ntds/parser.rb
@@ -19,7 +19,7 @@ class Parser
         def initialize(client, file_path='')
           raise ArgumentError, "Invalid Filepath" unless file_path.present?
           @file_path = file_path
-          @channel = client.priv.ntds_parse(file_path)
+          @channel = client.extapi.ntds.parse(file_path)
           @client = client
         end
 
@@ -61,10 +61,10 @@ def pull_batch
         end
 
         def reopen_channel
-          @channel = client.priv.ntds_parse(file_path)
+          @channel = client.extapi.ntds.parse(file_path)
         end
 
       end
     end
   end
-end
+end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
@@ -5,6 +5,7 @@
 require 'rex/post/meterpreter/extensions/extapi/service/service'
 require 'rex/post/meterpreter/extensions/extapi/clipboard/clipboard'
 require 'rex/post/meterpreter/extensions/extapi/adsi/adsi'
+require 'rex/post/meterpreter/extensions/extapi/ntds/ntds'
 require 'rex/post/meterpreter/extensions/extapi/wmi/wmi'
 
 module Rex
@@ -34,6 +35,7 @@ def initialize(client)
               'service'   => Rex::Post::Meterpreter::Extensions::Extapi::Service::Service.new(client),
               'clipboard' => Rex::Post::Meterpreter::Extensions::Extapi::Clipboard::Clipboard.new(client),
               'adsi'      => Rex::Post::Meterpreter::Extensions::Extapi::Adsi::Adsi.new(client),
+              'ntds'      => Rex::Post::Meterpreter::Extensions::Extapi::Ntds::Ntds.new(client),
               'wmi'       => Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi.new(client)
             })
         },
diff --git a/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
@@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+module Ntds
+
+###
+#
+# This meterpreter extension contains extended API functions for
+# parsing the NT Directory Service database.
+#
+###
+class Ntds
+
+  def initialize(client)
+    @client = client
+  end
+
+  def parse(filepath)
+    request = Packet.create_request('extapi_ntds_parse')
+    request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
+    # wait up to 90 seconds for a response
+    response = client.send_request(request, 90)
+    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
+    if channel_id.nil?
+      raise Exception, "We did not get a channel back!"
+    end
+    Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "extapi_ntds", CHANNEL_FLAG_SYNCHRONOUS)
+  end
+
+  attr_accessor :client
+
+end
+
+end; end; end; end; end; end
+
diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@@ -72,6 +72,9 @@ module Extapi
 TLV_TYPE_EXT_ADSI_PATH_TYPE                 = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
 TLV_TYPE_EXT_ADSI_DN                        = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
 
+TLV_TYPE_NTDS_TEST                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 80)
+TLV_TYPE_NTDS_PATH                          = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 81)
+
 TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90)
 TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91)
 TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92)
diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@@ -95,17 +95,6 @@ def sam_hashes
     }
   end
 
-  def ntds_parse(filepath)
-    request = Packet.create_request( 'priv_ntds_parse' )
-    request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
-    response = client.send_request( request, 90 )
-    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
-    if channel_id.nil?
-      raise Exception, "We did not get a channel back!"
-    end
-    Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "priv_ntds", CHANNEL_FLAG_SYNCHRONOUS)
-  end
-
   #
   # Modifying privileged file system attributes.
   #
diff --git a/lib/rex/post/meterpreter/extensions/priv/tlv.rb b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
@@ -22,9 +22,6 @@ module Priv
 TLV_TYPE_ELEVATE_SERVICE_DLL        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 202)
 TLV_TYPE_ELEVATE_SERVICE_LENGTH     = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 203)
 
-#NTDS
-TLV_TYPE_NTDS_PATH                  = TLV_META_TYPE_STRING | (TLV_EXTENSIONS +   301)
-
 end
 end
 end

Original file line number	Diff line number	Diff line change
`@@ -95,17 +95,6 @@ def sam_hashes`
`95`	`95`	`}`
`96`	`96`	`end`
`97`	`97`
`98`		`- def ntds_parse(filepath)`
`99`		`- request = Packet.create_request( 'priv_ntds_parse' )`
`100`		`- request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)`
`101`		`- response = client.send_request( request, 90 )`
`102`		`- channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)`
`103`		`- if channel_id.nil?`
`104`		`- raise Exception, "We did not get a channel back!"`
`105`		`- end`
`106`		`- Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "priv_ntds", CHANNEL_FLAG_SYNCHRONOUS)`
`107`		`- end`
`108`		`-`
`109`	`98`	`#`
`110`	`99`	`# Modifying privileged file system attributes.`
`111`	`100`	`#`