Land rapid7#3175, OJ's TLV group refactoring

Brent Cook · Brent Cook · commit fef9c67b0efe · 2014-12-11T22:12:35.000-06:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -9,7 +9,7 @@ PATH
       json
       metasploit-concern (~> 0.3.0)
       metasploit-model (~> 0.28.0)
-      meterpreter_bins (= 0.0.11)
+      meterpreter_bins (= 0.0.12)
       msgpack
       nokogiri
       packetfu (= 1.1.9)
@@ -132,7 +132,7 @@ GEM
       pg
       railties (< 4.0.0)
       recog (~> 1.0)
-    meterpreter_bins (0.0.11)
+    meterpreter_bins (0.0.12)
     method_source (0.8.2)
     mime-types (1.25.1)
     mini_portile (0.6.1)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb b/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
@@ -48,14 +48,7 @@ def domain_query(domain_name, filter, max_results, page_size, fields)
 
     response = client.send_request(request)
 
-    results = []
-    response.each(TLV_TYPE_EXT_ADSI_RESULT) { |r|
-      result = []
-      r.each(TLV_TYPE_EXT_ADSI_VALUE) { |v|
-        result << v.value
-      }
-      results << result
-    }
+    results = extract_results(response)
 
     return {
       :fields  => fields,
@@ -65,6 +58,107 @@ def domain_query(domain_name, filter, max_results, page_size, fields)
 
   attr_accessor :client
 
+protected
+
+  #
+  # Retrieve the results of the query from the response
+  #   packet that was returned from Meterpreter.
+  #
+  # @param response [Packet] Reference to the received
+  #   packet that was returned from Meterpreter.
+  #
+  # @return [Array[Array[[Hash]]] Collection of results from
+  #   the ADSI query.
+  #
+  def extract_results(response)
+    results = []
+
+    response.each(TLV_TYPE_EXT_ADSI_RESULT) do |r|
+      results << extract_values(r)
+    end
+
+    results
+  end
+
+  #
+  # Extract a single row of results from a TLV group.
+  #
+  # @param tlv_container [Packet] Reference to the TLV
+  #   group to pull the values from.
+  #
+  # @return [Array[Hash]] Collection of values from
+  #   the single ADSI query result row.
+  #
+  def extract_values(tlv_container)
+    values = []
+    tlv_container.get_tlvs(TLV_TYPE_ANY).each do |v|
+      values << extract_value(v)
+    end
+    values
+  end
+
+  #
+  # Convert a single ADSI result value into a usable
+  #   value that also describes its type.
+  #
+  # @param v [TLV] The TLV item that contains the value.
+  #
+  # @return [Hash] The type/value pair from the TLV.
+  #
+  def extract_value(v)
+    value = {
+      :type => :unknown
+    }
+
+    case v.type
+    when TLV_TYPE_EXT_ADSI_STRING
+      value = {
+        :type  => :string,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_NUMBER, TLV_TYPE_EXT_ADSI_BIGNUMBER
+      value = {
+        :type  => :number,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_BOOL
+      value = {
+        :type  => :bool,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_RAW
+      value = {
+        :type  => :raw,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_ARRAY
+      value = {
+        :type  => :array,
+        :value => extract_values(v.value)
+      }
+    when TLV_TYPE_EXT_ADSI_PATH
+      value = {
+        :type     => :path,
+        :volume   => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_VOL),
+        :path     => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_PATH),
+        :vol_type => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_TYPE)
+      }
+    when TLV_TYPE_EXT_ADSI_DN
+      values = v.get_tlvs(TLV_TYPE_ALL)
+      value = {
+        :type   => :dn,
+        :label  => values[0].value
+      }
+
+      if values[1].type == TLV_TYPE_EXT_ADSI_STRING
+        value[:string] = value[1].value
+      else
+        value[:raw] = value[1].value
+      end
+    end
+
+    value
+  end
 end
 
 end; end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@@ -54,21 +54,31 @@ module Extapi
 TLV_TYPE_EXT_CLIPBOARD_MON_DUMP             = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 52)
 TLV_TYPE_EXT_CLIPBOARD_MON_PURGE            = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 53)
 
-TLV_TYPE_EXT_ADSI_DOMAIN                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 55)
-TLV_TYPE_EXT_ADSI_FILTER                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
-TLV_TYPE_EXT_ADSI_FIELD                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
-TLV_TYPE_EXT_ADSI_VALUE                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
-TLV_TYPE_EXT_ADSI_RESULT                    = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
-TLV_TYPE_EXT_ADSI_MAXRESULTS                = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 60)
-TLV_TYPE_EXT_ADSI_PAGESIZE                  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 61)
+TLV_TYPE_EXT_ADSI_DOMAIN                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 54)
+TLV_TYPE_EXT_ADSI_FILTER                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 55)
+TLV_TYPE_EXT_ADSI_FIELD                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
+TLV_TYPE_EXT_ADSI_RESULT                    = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
+TLV_TYPE_EXT_ADSI_MAXRESULTS                = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
+TLV_TYPE_EXT_ADSI_PAGESIZE                  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
+TLV_TYPE_EXT_ADSI_ARRAY                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 60)
+TLV_TYPE_EXT_ADSI_STRING                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 61)
+TLV_TYPE_EXT_ADSI_NUMBER                    = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 62)
+TLV_TYPE_EXT_ADSI_BIGNUMBER                 = TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 63)
+TLV_TYPE_EXT_ADSI_BOOL                      = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 64)
+TLV_TYPE_EXT_ADSI_RAW                       = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 65)
+TLV_TYPE_EXT_ADSI_PATH                      = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 66)
+TLV_TYPE_EXT_ADSI_PATH_VOL                  = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 67)
+TLV_TYPE_EXT_ADSI_PATH_PATH                 = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 68)
+TLV_TYPE_EXT_ADSI_PATH_TYPE                 = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
+TLV_TYPE_EXT_ADSI_DN                        = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
 
-TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 65)
-TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 66)
-TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 67)
-TLV_TYPE_EXT_WMI_VALUE                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 68)
-TLV_TYPE_EXT_WMI_FIELDS                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
-TLV_TYPE_EXT_WMI_VALUES                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
-TLV_TYPE_EXT_WMI_ERROR                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 71)
+TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90)
+TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91)
+TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92)
+TLV_TYPE_EXT_WMI_VALUE                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 93)
+TLV_TYPE_EXT_WMI_FIELDS                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 94)
+TLV_TYPE_EXT_WMI_VALUES                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 95)
+TLV_TYPE_EXT_WMI_ERROR                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 96)
 
 end
 end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
@@ -176,7 +176,7 @@ def cmd_adsi_domain_query(*args)
     )
 
     objects[:results].each do |c|
-      table << c
+      table << to_table_row(c)
     end
 
     print_line
@@ -189,6 +189,48 @@ def cmd_adsi_domain_query(*args)
     return true
   end
 
+protected
+
+  #
+  # Convert an ADSI result row to a table row so that it can
+  #   be rendered to screen appropriately.
+  #
+  # @param result [Array[Hash]] Array of type/value pairs.
+  #
+  # @return [Array[String]] Renderable view of the value.
+  #
+  def to_table_row(result)
+    values = []
+
+    result.each do |v|
+      case v[:type]
+      when :string, :number, :bool
+        values << v[:value].to_s
+      when :raw
+        # for UI level stuff, rendering raw as hex is really the only option
+        values << Rex::Text.to_hex(v[:value], '')
+      when :array
+        val = "#{to_table_row(v[:value]).join(", ")}"
+
+        # we'll truncate the output of the array because it could be excessive if we
+        # don't. Users who want the detail of this stuff should probably script it.
+        if val.length > 50
+          val = "<#{val[0,50]}..."
+        end
+
+        values << val
+      when :dn
+        values << "#{value[:label]}: #{value[:string] || Rex::Text.to_hex(value[:raw], '')}"
+      when :path
+        values << "Vol: #{v[:volume]}, Path: #{v[:path]}, Type: #{v[:vol_type]}"
+      when :unknown
+        values << "(unknown)"
+      end
+    end
+
+    values
+  end
+
 end
 
 end
diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec
@@ -65,7 +65,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model', '~> 0.28.0'
   # Needed for Meterpreter on Windows, soon others.
-  spec.add_runtime_dependency 'meterpreter_bins', '0.0.11'
+  spec.add_runtime_dependency 'meterpreter_bins', '0.0.12'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # Needed by anemone crawler
