rewrite timestomp command dispatcher to deal with file args properly

Author: Brent Cook

lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb

@@ -13,7 +13,6 @@ module Ui
 #
 ###
 class Console::CommandDispatcher::Priv::Timestomp
-
   Klass = Console::CommandDispatcher::Priv::Timestomp
 
   include Console::CommandDispatcher
@@ -28,7 +27,8 @@ class Console::CommandDispatcher::Priv::Timestomp
     "-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ],
     "-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
     "-v" => [ false, "Display the UTC MACE values of the file" ],
-    "-h" => [ false, "Help banner" ])
+    "-h" => [ false, "Help banner" ]
+  )
 
   #
   # List of supported commands.
@@ -51,91 +51,110 @@ def name
   # line timestomp interface provides with a similar argument set.
   #
   def cmd_timestomp(*args)
-    if (args.length < 2)
-      print_line("\nUsage: timestomp OPTIONS file_path\n" +
+    if args.length < 2
+      print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
         @@timestomp_opts.usage)
       return
     end
 
-    file_path = nil
-    args.each { |a| file_path = a unless a[0] == "-" }
-
-    if file_path.nil?
-      print_line("\nNo file_path specified.")
-      return
-    end
-
-    args.delete(file_path)
+    paths = []
 
     modified  = nil
     accessed  = nil
     creation  = nil
     emodified = nil
 
-    @@timestomp_opts.parse(args) { |opt, idx, val|
+    blank_file_mace = false
+    blank_directory_mace = false
+    get_file_mace = false
+
+    @@timestomp_opts.parse(args) do |opt, _idx, val|
       case opt
-        when "-m"
-          modified  = str_to_time(val)
-        when "-a"
-          accessed  = str_to_time(val)
-        when "-c"
-          creation  = str_to_time(val)
-        when "-e"
-          emodified = str_to_time(val)
-        when "-z"
-          print_line("#{val}")
-          modified  = str_to_time(val)
-          accessed  = str_to_time(val)
-          creation  = str_to_time(val)
-          emodified = str_to_time(val)
-        when "-f"
-          print_status("Setting MACE attributes on #{file_path} from #{val}")
-          client.priv.fs.set_file_mace_from_file(file_path, val)
-        when "-b"
-          print_status("Blanking file MACE attributes on #{file_path}")
-          client.priv.fs.blank_file_mace(file_path)
-        when "-r"
-          print_status("Blanking directory MACE attributes on #{file_path}")
-          client.priv.fs.blank_directory_mace(file_path)
-        when "-v"
-          hash = client.priv.fs.get_file_mace(file_path)
-
-          print_line("Modified      : #{hash['Modified']}")
-          print_line("Accessed      : #{hash['Accessed']}")
-          print_line("Created       : #{hash['Created']}")
-          print_line("Entry Modified: #{hash['Entry Modified']}")
-        when "-h"
-          print_line("\nUsage: timestomp file_path OPTIONS\n" +
-            @@timestomp_opts.usage)
-          return
+      when "-m"
+        modified  = str_to_time(val)
+      when "-a"
+        accessed  = str_to_time(val)
+      when "-c"
+        creation  = str_to_time(val)
+      when "-e"
+        emodified = str_to_time(val)
+      when "-z"
+        modified  = str_to_time(val)
+        accessed  = str_to_time(val)
+        creation  = str_to_time(val)
+        emodified = str_to_time(val)
+      when "-f"
+        print_status("Setting MACE attributes on #{path} from #{val}")
+        hash = client.priv.fs.get_file_mace(path)
+        if hash
+          modified = str_to_time(hash['Modified'])
+          accessed = str_to_time(hash['Accessed'])
+          creation = str_to_time(hash['Created'])
+          emodified = str_to_time(hash['Entry Modified'])
+        end
+      when "-b"
+        blank_file_mace = true
+      when "-r"
+        blank_directory_mace = true
+      when "-v"
+        get_file_mace = true
+      when "-h"
+        print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
+          @@timestomp_opts.usage)
+        return nil
+      when nil
+        paths << val
+      end
+    end
+
+    if paths.empty?
+      print_line("\nNo paths specified.")
+      return
+    end
+
+    paths.uniq.each do |path|
+      # If any one of the four times were specified, change them.
+      if modified || accessed || creation || emodified
+        print_status("Setting specific MACE attributes on #{path}")
+        client.priv.fs.set_file_mace(path, modified, accessed, creation, emodified)
+      end
+
+      if blank_file_mace
+        print_status("Blanking file MACE attributes on #{path}")
+        client.priv.fs.blank_file_mace(path)
       end
-    }
 
-    # If any one of the four times were specified, change them.
-    if (modified or accessed or creation or emodified)
-      print_status("Setting specific MACE attributes on #{file_path}")
-      client.priv.fs.set_file_mace(file_path, modified, accessed,
-        creation, emodified)
+      if blank_directory_mace
+        print_status("Blanking directory MACE attributes on #{path}")
+        client.priv.fs.blank_directory_mace(path)
+      end
+
+      if get_file_mace
+        hash = client.priv.fs.get_file_mace(path)
+        print_status("Showing MACE attributes for #{path}")
+        print_line("Modified      : #{hash['Modified']}")
+        print_line("Accessed      : #{hash['Accessed']}")
+        print_line("Created       : #{hash['Created']}")
+        print_line("Entry Modified: #{hash['Entry Modified']}")
+      end
     end
   end
 
-protected
+  protected
 
   #
   # Converts a date/time in the form of MM/DD/YYYY HH24:MI:SS
   #
   def str_to_time(str) # :nodoc:
-    r, mon, day, year, hour, min, sec = str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
+    _r, mon, day, year, hour, min, sec = str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
 
-    if (mon == nil)
+    if mon.nil?
       raise ArgumentError, "Invalid date format, expected MM/DD/YYYY HH24:MI:SS (got #{str})"
     end
 
     Time.mktime(year, mon, day, hour, min, sec, 0)
   end
-
 end
-
 end
 end
 end