• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

C++ packet_add_tlv_uint函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了C++中packet_add_tlv_uint函数的典型用法代码示例。如果您正苦于以下问题:C++ packet_add_tlv_uint函数的具体用法?C++ packet_add_tlv_uint怎么用?C++ packet_add_tlv_uint使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了packet_add_tlv_uint函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。

示例1: request_sniffer_capture_stop

DWORD request_sniffer_capture_stop(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	unsigned int ifid;
	CaptureJob *j;
	DWORD result;

	check_pssdk();
	dprintf("sniffer>> stop_capture()");

	ifid = packet_get_tlv_value_uint(packet, TLV_TYPE_SNIFFER_INTERFACE_ID);
	dprintf("sniffer>> stop_capture(0x%.8x)", ifid);

	result = ERROR_SUCCESS;

	do
	{
		// the interface is invalid
		if (ifid == 0 || ifid >= SNIFFER_MAX_INTERFACES)
		{
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		j = &open_captures[ifid];

		// the interface is not being captured
#ifdef _WIN32
		if (!j->adp)
#else
		if (!j->pcap)
#endif
		{
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		lock_acquire(snifferm);

		j->active = 0;
#ifdef _WIN32
		AdpSetMacFilter(j->adp, 0);
		AdpCloseAdapter(j->adp);
		AdpDestroy(j->adp);
#else
		thread_sigterm(j->thread);
		thread_join(j->thread);		// should take less than 1 second :p
#endif

		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_PACKET_COUNT, j->cur_pkts);
		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, (unsigned int)j->cur_bytes);

		lock_release(snifferm);

		dprintf("sniffer>> stop_capture() interface %d processed %d packets/%d bytes", j->intf, j->cur_pkts, j->cur_bytes);
	} while (0);

	packet_transmit_response(result, remote, response);
	return ERROR_SUCCESS;
}
开发者ID:EloquentElly,项目名称:metasploit-payloads,代码行数:60,代码来源:sniffer.c


示例2: request_registry_create_key

/*
 * Creates a registry key and returns the associated HKEY to the caller if the
 * operation succeeds.
 *
 * TLVs:
 *
 * req: TLV_TYPE_ROOT_KEY   - The root key
 * req: TLV_TYPE_BASE_KEY   - The base key
 * opt: TLV_TYPE_PERMISSION - Permissions with which to create the key
 */
DWORD request_registry_create_key(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	LPCTSTR baseKey = NULL;
	HKEY rootKey = NULL, resKey;
	DWORD permission;
	DWORD result;

	rootKey    = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_ROOT_KEY);
	baseKey    = packet_get_tlv_value_string(packet, TLV_TYPE_BASE_KEY);
	permission = packet_get_tlv_value_uint(packet, TLV_TYPE_PERMISSION);

	// Validate the parameters and then attempt to create the key
	if ((!rootKey) || (!baseKey))
		result = ERROR_INVALID_PARAMETER;
	else
	{
		if (!permission)
			permission = KEY_ALL_ACCESS;
		
		result = RegCreateKeyEx(rootKey, baseKey, 0, NULL, 0,
				permission, NULL, &resKey, NULL);
	}

	// Add the HKEY if we succeeded, but always return a result
	if (result == ERROR_SUCCESS)
		packet_add_tlv_uint(response, TLV_TYPE_HKEY, (DWORD)resKey);

	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:lizard007,项目名称:msf3,代码行数:44,代码来源:registry.c


示例3: request_registry_query_value

/*
 * Queries a registry value's type and data for a given HKEY.
 *
 * TLVs:
 *
 * req: TLV_TYPE_HKEY       - The HKEY to query the value on
 * req: TLV_TYPE_VALUE_NAME - The name of the value to query
 */
DWORD request_registry_query_value(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	LPCSTR valueName = NULL;
	LPBYTE valueData = NULL;
	DWORD valueDataSize = 4096;
	DWORD result = ERROR_SUCCESS;
	DWORD valueType = 0;
	HKEY hkey = NULL;

	// Acquire the standard TLVs
	hkey      = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_HKEY);
	valueName = packet_get_tlv_value_string(packet, TLV_TYPE_VALUE_NAME);

	do
	{
		// Get the size of the value data
		if ((result = RegQueryValueEx(hkey, valueName, 0, NULL, NULL, 
				&valueDataSize)) != ERROR_SUCCESS)
			break;

		// Allocate storage for the value data
		if (!(valueData = (LPBYTE)malloc(valueDataSize)))
			continue;

		// Query the value's information
		if ((result = RegQueryValueEx(hkey, valueName, 0, &valueType, valueData,
				&valueDataSize)) != ERROR_SUCCESS)
			break;

		// Add the information about the value to the response
		packet_add_tlv_uint(response, TLV_TYPE_VALUE_TYPE, valueType);

		switch (valueType)
		{
			case REG_SZ:
				packet_add_tlv_string(response, TLV_TYPE_VALUE_DATA, 
						(LPCSTR)valueData);
				break;
			case REG_DWORD:
				packet_add_tlv_uint(response, TLV_TYPE_VALUE_DATA,
						*(LPDWORD)valueData);
				break;
			default:
				packet_add_tlv_raw(response, TLV_TYPE_VALUE_DATA,
						valueData, valueDataSize);
				break;
		}

	} while (0);

	// Populate the result code
	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	// Transmit the response
	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:lizard007,项目名称:msf3,代码行数:67,代码来源:registry.c


示例4: remote_request_core_transport_set_timeouts

/*!
 * @brief Update the timeouts with the given values
 * @param remote Pointer to the \c Remote instance.
 * @param packet Pointer to the request packet.
 * @returns Indication of success or failure.
 * @remark If no values are given, no updates are made. The response to
 *         this message is the new/current settings.
 */
DWORD remote_request_core_transport_set_timeouts(Remote * remote, Packet * packet)
{
	DWORD result = ERROR_SUCCESS;
	Packet* response = NULL;

	do {
		response = packet_create_response(packet);
		if (!response) {
			result = ERROR_NOT_ENOUGH_MEMORY;
			break;
		}

		int expirationTimeout = (int)packet_get_tlv_value_uint(packet, TLV_TYPE_TRANS_SESSION_EXP);
		int commsTimeout = (int)packet_get_tlv_value_uint(packet, TLV_TYPE_TRANS_COMM_TIMEOUT);
		DWORD retryTotal = (DWORD)packet_get_tlv_value_uint(packet, TLV_TYPE_TRANS_RETRY_TOTAL);
		DWORD retryWait = (DWORD)packet_get_tlv_value_uint(packet, TLV_TYPE_TRANS_RETRY_WAIT);

		// TODO: put this in a helper function that can be used everywhere?

		// if it's in the past, that's fine, but 0 implies not set
		if (expirationTimeout != 0) {
			dprintf("[DISPATCH TIMEOUT] setting expiration time to %d", expirationTimeout);
			remote->sess_expiry_time = expirationTimeout;
			remote->sess_expiry_end = current_unix_timestamp() + expirationTimeout;
		}

		if (commsTimeout != 0) {
			dprintf("[DISPATCH TIMEOUT] setting comms timeout to %d", commsTimeout);
			remote->transport->timeouts.comms = commsTimeout;
			remote->transport->comms_last_packet = current_unix_timestamp();
		}

		if (retryTotal > 0) {
			dprintf("[DISPATCH TIMEOUT] setting retry total to %u", retryTotal);
			remote->transport->timeouts.retry_total = retryTotal;
		}

		if (retryWait > 0) {
			dprintf("[DISPATCH TIMEOUT] setting retry wait to %u", retryWait);
			remote->transport->timeouts.retry_wait = retryWait;
		}

		// for the session expiry, return how many seconds are left before the session actually expires
		packet_add_tlv_uint(response, TLV_TYPE_TRANS_SESSION_EXP, remote->sess_expiry_end - current_unix_timestamp());
		packet_add_tlv_uint(response, TLV_TYPE_TRANS_COMM_TIMEOUT, remote->transport->timeouts.comms);
		packet_add_tlv_uint(response, TLV_TYPE_TRANS_RETRY_TOTAL, remote->transport->timeouts.retry_total);
		packet_add_tlv_uint(response, TLV_TYPE_TRANS_RETRY_WAIT, remote->transport->timeouts.retry_wait);

	} while (0);

	if (response) {
		packet_transmit_response(result, remote, response);
	}

	return result;
}
开发者ID:BrzTit,项目名称:meterpreter,代码行数:64,代码来源:base_dispatch.c


示例5: request_sniffer_capture_release

DWORD request_sniffer_capture_release(Remote *remote, Packet *packet) {
	Packet *response = packet_create_response(packet);
	unsigned int ifid,i;
	CaptureJob *j;
	DWORD result;

	check_pssdk();
	dprintf("sniffer>> release_capture()");

	ifid = packet_get_tlv_value_uint(packet,TLV_TYPE_SNIFFER_INTERFACE_ID);
	dprintf("sniffer>> release_capture(0x%.8x)", ifid);

	result = ERROR_SUCCESS;

	do {
		// the interface is invalid
		if(ifid == 0 || ifid >= SNIFFER_MAX_INTERFACES) {
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		j = &open_captures[ifid];

		// the interface is not being captured
#ifdef _WIN32
		if(! j->adp || j->active == 1)
#else
		if(! j->pcap || j->active == 1)
#endif
		{
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		lock_acquire(snifferm);

		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_PACKET_COUNT, j->cur_pkts);
		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, (unsigned int) j->cur_bytes);
		dprintf("sniffer>> release_capture() interface %d released %d packets/%d bytes", j->intf, j->cur_pkts, j->cur_bytes);

		for(i=0; i<j->max_pkts; i++) {
			if(!j->pkts[i]) break;
			PktDestroy(j->pkts[i]);
			j->pkts[i] = NULL;
		}
		free(j->pkts);
		memset(j, 0, sizeof(CaptureJob));

		lock_release(snifferm);


	} while(0);

	packet_transmit_response(result, remote, response);
	return ERROR_SUCCESS;
}
开发者ID:Datacut,项目名称:metasploit-framework,代码行数:56,代码来源:sniffer.c


示例6: channel_write

/*
 * Write to the remote end of the channel
 */
DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
                    DWORD addendLength, PUCHAR buffer, ULONG length,
                    ChannelCompletionRoutine *completionRoutine)
{
    PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
    ChannelCompletionRoutine *dupe = NULL;
    DWORD res = ERROR_SUCCESS;
    LPCSTR method = "core_channel_write";
    Packet *request;
    Tlv methodTlv;

    do
    {
        // Allocate a request packet
        if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
        {
            res = ERROR_NOT_ENOUGH_MEMORY;
            break;
        }

        // Add the supplied TLVs
        packet_add_tlvs(request, addend, addendLength);

        // If no method TLV as added, add the default one.
        if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
            packet_add_tlv_string(request, TLV_TYPE_METHOD, method);

        // Add the channel identifier and the length to write
        packet_add_tlv_uint(request, TLV_TYPE_CHANNEL_ID, channel_get_id(channel));

        // if the channel data is ment to be compressed, compress it!
        if( channel_is_flag( channel, CHANNEL_FLAG_COMPRESS ) )
            packet_add_tlv_raw(request, TLV_TYPE_CHANNEL_DATA|TLV_META_TYPE_COMPRESSED, buffer, length);
        else
            packet_add_tlv_raw(request, TLV_TYPE_CHANNEL_DATA, buffer, length);

        packet_add_tlv_uint(request, TLV_TYPE_LENGTH, channel_get_id(channel));

        // Initialize the packet completion routine
        if (completionRoutine)
        {
            // Duplicate the completion routine
            dupe = channel_duplicate_completion_routine(completionRoutine);

            requestCompletion.context = dupe;
            requestCompletion.routine = _channel_packet_completion_routine;
            realRequestCompletion     = &requestCompletion;
        }

        // Transmit the packet with the supplied completion routine, if any.
        res = packet_transmit(remote, request, realRequestCompletion);

    } while (0);

    return res;
}
开发者ID:C40,项目名称:metasploit-framework,代码行数:59,代码来源:channel.c


示例7: channel_read

/*
 * Read data from the remote end of the channel.
 */
DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
                   DWORD addendLength, ULONG length,
                   ChannelCompletionRoutine *completionRoutine)
{
    PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
    ChannelCompletionRoutine *dupe = NULL;
    Packet *request;
    DWORD res = ERROR_SUCCESS;
    PCHAR method = "core_channel_read";
    Tlv methodTlv;

    do
    {
        // Allocate an empty request
        if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST,
                                      NULL)))
        {
            res = ERROR_NOT_ENOUGH_MEMORY;
            break;
        }

        // Add the supplied TLVs
        packet_add_tlvs(request, addend, addendLength);

        // If no method TLV as added, add the default one.
        if (packet_get_tlv(request, TLV_TYPE_METHOD,
                           &methodTlv) != ERROR_SUCCESS)
            packet_add_tlv_string(request, TLV_TYPE_METHOD,
                                  method);

        // Add the channel identifier and the length to read
        packet_add_tlv_uint(request, TLV_TYPE_CHANNEL_ID,
                            channel_get_id(channel));
        packet_add_tlv_uint(request, TLV_TYPE_LENGTH,
                            length);

        // Initialize the packet completion routine
        if (completionRoutine)
        {
            // Duplicate the completion routine
            dupe = channel_duplicate_completion_routine(completionRoutine);

            requestCompletion.context = dupe;
            requestCompletion.routine = _channel_packet_completion_routine;
            realRequestCompletion     = &requestCompletion;
        }

        // Transmit the packet with the supplied completion routine, if any.
        res = packet_transmit(remote, request, realRequestCompletion);

    } while (0);

    return res;
}
开发者ID:C40,项目名称:metasploit-framework,代码行数:57,代码来源:channel.c


示例8: request_sniffer_capture_dump_read

static DWORD request_sniffer_capture_dump_read(Remote *remote, Packet *packet) {
	Packet *response = packet_create_response(packet);
	unsigned int ifid;
	unsigned int bcnt;
	CaptureJob *j;
	DWORD result;

	check_pssdk();
	dprintf("sniffer>> capture_dump_read()");

	ifid = packet_get_tlv_value_uint(packet,TLV_TYPE_SNIFFER_INTERFACE_ID);
	bcnt = packet_get_tlv_value_uint(packet,TLV_TYPE_SNIFFER_BYTE_COUNT);
	bcnt = min(bcnt, 32*1024*1024);

	dprintf("sniffer>> capture_dump_read(0x%.8x, %d)", ifid, bcnt);

	result = ERROR_SUCCESS;

	do {
		// the interface is invalid
		if(ifid == 0 || ifid >= SNIFFER_MAX_INTERFACES) {
			packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, 0);
			break;
		}
		
		j = &open_captures[ifid];
		if(! j->dbuf) {
			packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, 0);
			break;
		}
		
		if(j->didx + bcnt > j->dlen) {
			bcnt = j->dlen - j->didx;
		}

		packet_add_tlv_uint(response, TLV_TYPE_SNIFFER_BYTE_COUNT, bcnt);
		packet_add_tlv_raw(response, TLV_TYPE_SNIFFER_PACKET, (unsigned char *)j->dbuf+j->didx, bcnt);
		j->didx += bcnt;
	} while(0);
	
	// Free memory if the read is complete
	if(j->didx >= j->dlen-1) {
		free(j->dbuf);
		j->dbuf = NULL;
		j->didx = 0;
		j->dlen = 0;
	}

	packet_transmit_response(result, remote, response);
	return ERROR_SUCCESS;
}
开发者ID:lizard007,项目名称:msf3,代码行数:51,代码来源:sniffer.c


示例9: request_sys_process_getpid

/*
 * Handles the getpid request
 */
DWORD request_sys_process_getpid(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);

#ifdef _WIN32
	packet_add_tlv_uint(response, TLV_TYPE_PID, GetCurrentProcessId());
#else
	packet_add_tlv_uint(response, TLV_TYPE_PID, getpid());
#endif

	packet_transmit_response(ERROR_SUCCESS, remote, response);

	return ERROR_SUCCESS;
}
开发者ID:andrecurvello,项目名称:wifi-arsenal,代码行数:17,代码来源:process.c


示例10: channel_write

DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
        DWORD addendLength, PUCHAR buffer, ULONG length, 
        ChannelCompletionRoutine *completionRoutine)
{
    PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
    ChannelCompletionRoutine *dupe = NULL;
    DWORD res = ERROR_SUCCESS;
    LPCSTR method = "core_channel_write";
    Packet *request;
    Tlv methodTlv;

    do
    {
        if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
        {
            res = ERROR_NOT_ENOUGH_MEMORY;
            break;
        }

        packet_add_tlvs(request, addend, addendLength);

        if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
            packet_add_tlv_string(request, TLV_TYPE_METHOD, method);

        packet_add_tlv_uint(request, TLV_TYPE_CHANNEL_ID, channel_get_id(channel));

        if( channel_is_flag( channel, CHANNEL_FLAG_COMPRESS ) )
            packet_add_tlv_raw(request, TLV_TYPE_CHANNEL_DATA|TLV_META_TYPE_COMPRESSED, buffer, length);
        else
            packet_add_tlv_raw(request, TLV_TYPE_CHANNEL_DATA, buffer, length);

        packet_add_tlv_uint(request, TLV_TYPE_LENGTH, channel_get_id(channel));

        if (completionRoutine)
        {
            dupe = channel_duplicate_completion_routine(completionRoutine);

            requestCompletion.context = dupe;
            requestCompletion.routine = _channel_packet_completion_routine;
            realRequestCompletion     = &requestCompletion;
        }

        res = packet_transmit(remote, request, realRequestCompletion);

    } while (0);

    return res;
}
开发者ID:AnwarMohamed,项目名称:meterpreter-darwin,代码行数:48,代码来源:channel.c


示例11: request_registry_open_remote_key

/*
 * Opens a remote registry key and returns the associated HKEY to the caller if the
 * operation succeeds.
 *
 * TLVs:
 *
 * req: TLV_TYPE_ROOT_KEY      - The root key
 * req: TLV_TYPE_TARGET_HOST   - The target machine name
 */
DWORD request_registry_open_remote_key(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	LPCTSTR targetHost = NULL;
	HKEY rootKey = NULL, resKey;
	DWORD result;

	targetHost = packet_get_tlv_value_string(packet, TLV_TYPE_TARGET_HOST);
	rootKey    = (HKEY)packet_get_tlv_value_qword(packet, TLV_TYPE_ROOT_KEY);

	// Validate the parameters and then attempt to create the key
	if ((!rootKey) || (!targetHost))
		result = ERROR_INVALID_PARAMETER;
	else
	{
		result = RegConnectRegistry(targetHost, rootKey, &resKey);
	}

	// Add the HKEY if we succeeded, but always return a result
	if (result == ERROR_SUCCESS)
	{
		packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey);
	}

	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:cainiaocome,项目名称:meterpreter,代码行数:39,代码来源:registry.c


示例12: request_fs_file_expand_path

/*
 * Expands a file path and returns the expanded path to the requestor
 *
 * req: TLV_TYPE_FILE_PATH - The file path to expand
 */
DWORD request_fs_file_expand_path(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	DWORD result = ERROR_SUCCESS;
	char *expanded = NULL;
	char *regular;

	regular = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_PATH);
	if (regular == NULL) {
		result = ERROR_INVALID_PARAMETER;
		goto out;
	}

	// Allocate storage for the expanded path
	expanded = fs_expand_path(regular);
	if (expanded == NULL) {
		result = ERROR_NOT_ENOUGH_MEMORY;
		goto out;
	}

	packet_add_tlv_string(response, TLV_TYPE_FILE_PATH, expanded);
	free(expanded);
out:
	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
	return PACKET_TRANSMIT(remote, response, NULL);
}
开发者ID:wwebb-r7,项目名称:meterpreter,代码行数:31,代码来源:file.c


示例13: request_fs_file_move

/*
 * Copies source file path to destination
 *
 * req: TLV_TYPE_FILE_PATH - The file path to expand
 */
DWORD request_fs_file_move(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	DWORD result = ERROR_SUCCESS;
	LPCSTR oldpath;
	LPCSTR newpath;

	oldpath = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_NAME);
	newpath = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_PATH);

	if (!oldpath)
		result = ERROR_INVALID_PARAMETER;
#ifdef _WIN32
	else if (!MoveFile(oldpath,newpath))
#else
	else if (!rename(oldpath,newpath))
#endif
		result = GetLastError();

	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:Tourountzis,项目名称:meterpreter,代码行数:30,代码来源:file.c


示例14: request_sys_process_thread_get_threads

/*
 * Returns a list of thread identifiers that are running in the context of the
 * supplied process.
 *
 * req: TLV_TYPE_PID - The process identifier to operate on
 */
DWORD request_sys_process_thread_get_threads(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	THREADENTRY32 entry;
	HANDLE th32 = NULL;
	DWORD result = ERROR_SUCCESS;
	DWORD processId;

	processId = packet_get_tlv_value_uint(packet, TLV_TYPE_PID);

	do
	{
		// Validate the process identifier
		if (!processId)
		{
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		// Get a snapshot of the threads running in the supplied process
		if (!(th32 = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, processId)))
		{
			result = GetLastError();
			break;
		}

		entry.dwSize = sizeof(entry);
		
		// If the first enumeration fails, see why
		if (Thread32First(th32, &entry))
		{
			// Keep looping until there are no more threads
			do
			{
				if (entry.th32OwnerProcessID != processId)
					continue;

				packet_add_tlv_uint(response, TLV_TYPE_THREAD_ID, entry.th32ThreadID);

			} while (Thread32Next(th32, &entry));
		}

		// If we did not reach the end of the enumeration cleanly, something
		// stupid happened
		if (GetLastError() != ERROR_NO_MORE_FILES)
		{
			result = GetLastError();
			break;
		}

	} while (0);

	packet_transmit_response(result, remote, response);

	// Cleanup
	if (th32)
		CloseHandle(th32);

	return ERROR_SUCCESS;
}
开发者ID:0265727207,项目名称:evandrix.github.com,代码行数:66,代码来源:thread.c


示例15: request_registry_query_class

/*
 * Queries a registry class for a given HKEY.
 *
 * TLVs:
 *
 * req: TLV_TYPE_HKEY       - The HKEY to query the class on
 */
DWORD request_registry_query_class(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	LPCSTR valueName = NULL;
	BYTE valueData[4096];
	DWORD valueDataSize = 4096;
	DWORD result = ERROR_SUCCESS;
	DWORD valueType = 0;
	HKEY hkey = NULL;

	// Acquire the standard TLVs
	hkey      = (HKEY)packet_get_tlv_value_qword(packet, TLV_TYPE_HKEY);

	do
	{
		// Get the size of the value data
		if ((result = RegQueryInfoKey(hkey, valueData, &valueDataSize, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL)) != ERROR_SUCCESS)
			break;

		packet_add_tlv_string(response, TLV_TYPE_VALUE_DATA, (LPCSTR)valueData);

	} while (0);

	// Populate the result code
	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	// Transmit the response
	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:cainiaocome,项目名称:meterpreter,代码行数:38,代码来源:registry.c


示例16: request_registry_delete_key

/*
 * Removes a registry key with the supplied root and base key information.
 *
 * TLVs:
 *
 * req: TLV_TYPE_ROOT_KEY - The root key handle.
 * req: TLV_TYPE_BASE_KEY - The base key name.
 * opt: TLV_TYPE_FLAGS    - Zero or more flags that control how the key is
 *                          deleted.
 */
DWORD request_registry_delete_key(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	LPCSTR baseKey = NULL;
	DWORD result = ERROR_SUCCESS;
	DWORD flags = 0;
	HKEY rootKey = NULL;

	rootKey = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_ROOT_KEY);
	baseKey = packet_get_tlv_value_string(packet, TLV_TYPE_BASE_KEY);
	flags   = packet_get_tlv_value_uint(packet, TLV_TYPE_FLAGS);

	if ((!rootKey) || 
	    (!baseKey))
		result = ERROR_INVALID_PARAMETER;
	else
	{
		if (flags & DELETE_KEY_FLAG_RECURSIVE)
			result = SHDeleteKey(rootKey, baseKey);
		else
			result = RegDeleteKey(rootKey, baseKey);
	}

	// Set the result and send the response
	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	packet_transmit(remote, response, NULL);

	return ERROR_SUCCESS;
}
开发者ID:lizard007,项目名称:msf3,代码行数:40,代码来源:registry.c


示例17: request_fs_sha1

/*
 * Returns the SHA1 hash for a specified file path
 *
 * req: TLV_TYPE_FILE_PATH - The file path that is to be stat'd
 */
DWORD request_fs_sha1(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	char *filePath;
	DWORD result = ERROR_SUCCESS;
	SHA_CTX context;

	FILE *fd;
	size_t ret;
	unsigned char buff[16384];
	unsigned char hash[SHA_DIGEST_LENGTH + 1] = {0};

	filePath = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_PATH);

	result = fs_fopen(filePath, "rb", &fd);
	if (result == ERROR_SUCCESS) {
		SHA1_Init(&context);

		while ((ret = fread(buff, 1, sizeof(buff), fd)) > 0 ) {
			SHA1_Update(&context, buff, ret);
		}

		fclose(fd);
		SHA1_Final(hash, &context);

		packet_add_tlv_raw(response, TLV_TYPE_FILE_NAME, hash, sizeof(hash));
	}

	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
	return PACKET_TRANSMIT(remote, response, NULL);
}
开发者ID:wwebb-r7,项目名称:meterpreter,代码行数:36,代码来源:file.c


示例18: request_sys_eventlog_numrecords

/*
 * Returns the number of event records in an event log
 *
 * TLVs:
 *
 * req: TLV_TYPE_EVENT_HANDLE   - The event log handle
 */
DWORD request_sys_eventlog_numrecords(Remote * remote, Packet * packet)
{
	Packet * response = packet_create_response(packet);
	HANDLE hEvent = NULL;
	DWORD numRecords;
	DWORD result = ERROR_SUCCESS;

	hEvent = (HANDLE)packet_get_tlv_value_qword(packet, TLV_TYPE_EVENT_HANDLE);

	if(!hEvent) {
		result = ERROR_INVALID_PARAMETER;
	}
	else {
		if(GetNumberOfEventLogRecords(hEvent, &numRecords) == 0) {
			result = GetLastError();
		}
		else {
			packet_add_tlv_uint(response, TLV_TYPE_EVENT_NUMRECORDS, numRecords);
		}
	}

	packet_transmit_response(result, remote, response);

	return ERROR_SUCCESS;
}
开发者ID:AnwarMohamed,项目名称:metasploit-payloads,代码行数:32,代码来源:eventlog.c


示例19: request_getuid

/*
 * sys_getuid
 * ----------
 *
 * Gets the user information of the user the server is executing as
 */
DWORD request_getuid(Remote *remote, Packet *packet)
{
	Packet *response = packet_create_response(packet);
	DWORD res = ERROR_SUCCESS;
	CHAR username[512];
	DWORD size = sizeof(username);

	memset(username, 0, sizeof(username));

	do
	{
		// Get the username
		if (!GetUserName(username, &size))
		{
			res = GetLastError();
			break;
		}

		packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);

	} while (0);

	// Transmit the response
	if (response)
	{
		packet_add_tlv_uint(response, TLV_TYPE_RESULT, res);

		packet_transmit(remote, response, NULL);
	}

	return res;
}
开发者ID:hdm,项目名称:framework2,代码行数:38,代码来源:user.c


示例20: set_value

static void set_value(Remote *remote, Packet *packet, HKEY hkey)
{
	Packet *response = packet_create_response(packet);
	LPCSTR valueName = NULL;
	DWORD valueType = 0;
	DWORD result = ERROR_SUCCESS;
	Tlv valueData;

	// Acquire the standard TLVs
	valueName = packet_get_tlv_value_string(packet, TLV_TYPE_VALUE_NAME);
	valueType = packet_get_tlv_value_uint(packet, TLV_TYPE_VALUE_TYPE);

	do
	{
		// Get the value data TLV
		if (packet_get_tlv(packet, TLV_TYPE_VALUE_DATA,
			&valueData) != ERROR_SUCCESS)
		{
			result = ERROR_INVALID_PARAMETER;
			break;
		}

		// Now let's rock this shit!
		result = RegSetValueEx(hkey, valueName, 0, valueType,
			valueData.buffer, valueData.header.length);

	} while (0);

	// Populate the result code
	packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);

	// Transmit the response
	packet_transmit(remote, response, NULL);
}
开发者ID:cainiaocome,项目名称:meterpreter,代码行数:34,代码来源:registry.c



注:本文中的packet_add_tlv_uint函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
C++ packet_buf_write函数代码示例发布时间:2022-05-30
下一篇:
C++ packet_add_tlv_string函数代码示例发布时间:2022-05-30
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap