Merge branch 'dmaloney-r7-findpids' into rapid7

egypt · egypt · commit dafb56f6b6d2 · 2012-10-22T15:52:07.000-05:00
[Closes rapid7#950]
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -43,7 +43,14 @@ class Console::CommandDispatcher::Stdapi::Sys
 		"-t" => [ true,  "The registry value type (E.g. REG_SZ)."                  ],
 		"-v" => [ true,  "The registry value name (E.g. Stuff)."                   ],
 		"-r" => [ true,  "The remote machine name to connect to (with current process credentials" ],
-		"-w" => [ false,  "Set KEY_WOW64 flag, valid values [32|64]."               ])
+		"-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]."               ])
+
+	@@ps_opts = Rex::Parser::Arguments.new(
+		"-h" => [ false, "Help menu."                                              ],
+		"-S" => [ true,  "Filters processes on the process name using the supplied RegEx"],
+		"-A" => [ true,  "Filters processes on architecture (x86 or x86_64)"       ],
+		"-s" => [ false, "Show only SYSTEM processes"                              ],
+		"-U" => [ true,  "Filters processes on the user using the supplied RegEx"  ])
 
 	#
 	# List of supported commands.
@@ -274,6 +281,54 @@ def cmd_kill(*args)
 	#
 	def cmd_ps(*args)
 		processes = client.sys.process.get_processes
+		@@ps_opts.parse(args) do |opt, idx, val|
+			case opt 
+			when "-h"
+				cmd_ps_help
+				return true
+			when "-S"
+				print_line "Filtering on process name..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					if val.nil? or val.empty?
+						print_line "You must supply a search term!"
+						return false
+					end
+					searched_procs << proc  if proc["name"].match(/#{val}/)
+				end
+				processes = searched_procs
+			when "-A"
+				print_line "Filtering on arch..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					next if proc['arch'].nil? or proc['arch'].empty?
+					if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
+						print_line "You must select either x86 or x86_64"
+						return false
+					end
+					searched_procs << proc  if proc["arch"] == val
+				end
+				processes = searched_procs
+			when "-s"
+				print_line "Filtering on SYSTEM processes..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					searched_procs << proc  if proc["user"] == "NT AUTHORITY\\SYSTEM"
+				end
+				processes = searched_procs
+			when "-U"
+				print_line "Filtering on user name..."
+				searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+				processes.each do |proc| 
+					if val.nil? or val.empty?
+						print_line "You must supply a search term!"
+						return false
+					end
+					searched_procs << proc  if proc["user"].match(/#{val}/)
+				end
+				processes = searched_procs
+			end
+		end
 		if (processes.length == 0)
 			print_line("No running processes were found.")
 		else
@@ -284,6 +339,15 @@ def cmd_ps(*args)
 		return true
 	end
 
+	def cmd_ps_help
+		print_line "Use the command with no arguments to see all running processes."
+		print_line "The following options can be used to filter those results:"
+		
+		print_line @@ps_opts.usage
+	end
+
+
+
 	#
 	# Reboots the remote computer.
 	#
@@ -595,6 +659,7 @@ def cmd_shutdown(*args)
 		client.sys.power.shutdown
 	end
 
+
 end
 
 end
