Add stderr/stdout capture and var extraction

Author: OJ

lib/rex/post/meterpreter/extensions/python/python.rb

@@ -33,17 +33,39 @@ def initialize(client)
       ])
   end
 
+  def reset
+    request = Packet.create_request('python_reset')
+    client.send_request(request)
+
+    return true
+  end
+
   #
   # Dump the LSA secrets from the target machine.
   #
   # @return [Hash<Symbol,Object>]
-  def execute_string(code)
+  def execute_string(code, result_var)
     request = Packet.create_request('python_execute_string')
-    request.add_tlv(TLV_TYPE_PYTHON_STRING, code)
+    request.add_tlv(TLV_TYPE_PYTHON_CODE, code)
+    request.add_tlv(TLV_TYPE_PYTHON_RESULT_VAR, result_var) if result_var
 
     response = client.send_request(request)
 
-    response.get_tlv_value(TLV_TYPE_PYTHON_OUTPUT)
+    result = {
+      result: response.get_tlv_value(TLV_TYPE_PYTHON_RESULT),
+      stdout: "",
+      stderr: ""
+    }
+
+    response.each(TLV_TYPE_PYTHON_STDOUT) do |o|
+      result[:stdout] << o.value
+    end
+
+    response.each(TLV_TYPE_PYTHON_STDERR) do |e|
+      result[:stderr] << e.value
+    end
+
+    result
   end
 
 end

lib/rex/post/meterpreter/extensions/python/tlv.rb

@@ -5,8 +5,11 @@ module Meterpreter
 module Extensions
 module Python
 
-TLV_TYPE_PYTHON_STRING             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
-TLV_TYPE_PYTHON_OUTPUT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
+TLV_TYPE_PYTHON_STDOUT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
+TLV_TYPE_PYTHON_STDERR             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
+TLV_TYPE_PYTHON_CODE               = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
+TLV_TYPE_PYTHON_RESULT_VAR         = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4)
+TLV_TYPE_PYTHON_RESULT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 5)
 
 end
 end

lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb

@@ -29,26 +29,63 @@ def name
   #
   def commands
     {
+      'python_reset'              => 'Resets/restarts the Python interpreter',
       'python_execute'            => 'Execute a python command string'
     }
   end
 
+  def cmd_python_reset(*args)
+    client.python.reset
+    print_good('Python interpreter successfully reset')
+  end
+
+  @@python_execute_opts = Rex::Parser::Arguments.new(
+    '-h' => [false, 'Help banner'],
+    '-r' => [true,  'Name of the variable containing the result']
+  )
+
   def python_execute_usage
-    print_line('Usage: python_execute [python code]')
+    print_line('Usage: python_execute <python code> [-r result var name]')
     print_line
-    print_line('Runs the given python string on the target and returns the output.')
+    print_line('Runs the given python string on the target. If a result is required,')
+    print_line('it should be stored in a python variable, and that variable should')
+    print_line('passed using the -r parameter.')
+    print_line(@@python_execute_opts.usage)
   end
 
   #
   # Execute a simple python command string
   #
   def cmd_python_execute(*args)
-    if args.length == 0
+    if args.length == 0 || args.include?('-h')
       python_execute_usage
       return false
     end
 
-    client.python.execute_string(args[0])
+    code = args.shift
+    result_var = nil
+
+    @@python_execute_opts.parse(args) { |opt, idx, val|
+      case opt
+      when '-r'
+        result_var = val
+      end
+    }
+
+    result = client.python.execute_string(code, result_var)
+    if result[:result]
+      print_good("#{result_var} = #{result[:result]}")
+    elsif result[:stdout].length == 0 and result[:stderr].length == 0
+      print_good("Command executed without returning a result")
+    end
+
+    if result[:stdout].length > 0
+      print_good("Content written to stdout:\n#{result[:stdout]}")
+    end
+
+    if result[:stderr].length > 0
+      print_error("Content written to stderr:\n#{result[:stderr]}")
+    end
   end
 
 end