[framework] Meterpreter irb shell/scripting questions

mmiller at hick.org mmiller at hick.org
Fri Apr 6 13:20:30 CDT 2007 

On Fri, Apr 06, 2007 at 07:37:53AM -0600, gat0r wrote:
> Probably easy answers for the pros but I have been staring at the API and
> google didn't help me so far.  I know I can do the first one with timestomp
> but I want to do some scripting with  it.  I didn't see any eventlog options
> so I wanted to do some scripting with that.
> 
> 
> http://www.metasploit.com/projects/Framework/msf3/api/rex/classes/Rex/Post/M
> eterpreter/Extensions/Priv/Fs.html
> 
> says:
> set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
> entry_modified = nil)
> 
> Sets the Modified, Accessed, Created, and Entry Modified attributes of the
> specified file path. If a nil is supplied for a value, it will not be
> modified. Otherwise, the times should be instances of the Time class.
> 
> What is the format of Time Class?  Can someone give me an example?

These are instances of the Ruby 'Time' class.  Take a look at the Ruby
documentation for how to use this class.

> http://www.metasploit.com/projects/Framework/msf3/api/rex/classes/Rex/Post/M
> eterpreter/Extensions/Stdapi/Sys/EventLog.html
> 
> How do I pass the name of which event log I want to read (system, security,
> etc)
> 
> If I pass it "security" I get a bunch of stuff but it all looks meterpreter
> related.
> 
> >> client.sys.eventlog.open'security'
> => #<#<Class:0x33d2754>:0x343dcac @handle=25403664,
> @client=#<Msf::Sessions::Meterpreter:0x33d6fc0
> @orig_suspend=#<Proc:0x01358584 at ./lib/rex/ui/interactive.rb:208>, @sid=5,
> @ext=#<Rex::Post::Meterpreter::ObjectAliases:0x33d6f20
> @aliases={"stdapi"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Stdapi:0x3
> 3d2fc4 @name="stdapi", @client=#<Msf::Sessions::Meterpreter:0x33d6fc0 ...>>,
> "priv"=>#<Rex::Post::Meterpreter::Extensions::Priv::Priv:0x33cd7b8
> @fs=#<Rex::Post::Meterpreter::Extensions::Priv::Fs:0x33ce03c
> @client=#<Msf::Sessions::Meterpreter:0x33d6fc0 ...>>,
> 
> ....
> 
> Looks like I get the same thing with
>
> >> client.sys.eventlog.open'system'
> 
> And trying to clear it gives me
> 
> >> client.sys.eventlog.clear'system'
> NoMethodError: undefined method `clear' for #<Class:0x33d2754>
> 
> Thanks in advance for any replies

It's returning you an instance.  Try this:

log = client.sys.eventlog.open('security')
log.clear

More information about the framework mailing list