Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Meterpreter irb shell/scripting questions

From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 6 Apr 2007 11:20:30 -0700
On Fri, Apr 06, 2007 at 07:37:53AM -0600, gat0r wrote:

Probably easy answers for the pros but I have been staring at the API and
google didn't help me so far.  I know I can do the first one with timestomp
but I want to do some scripting with  it.  I didn't see any eventlog options
so I wanted to do some scripting with that.


http://www.metasploit.com/projects/Framework/msf3/api/rex/classes/Rex/Post/M
eterpreter/Extensions/Priv/Fs.html

says:
set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
entry_modified = nil)

Sets the Modified, Accessed, Created, and Entry Modified attributes of the
specified file path. If a nil is supplied for a value, it will not be
modified. Otherwise, the times should be instances of the Time class.

What is the format of Time Class?  Can someone give me an example?


These are instances of the Ruby 'Time' class.  Take a look at the Ruby
documentation for how to use this class.


http://www.metasploit.com/projects/Framework/msf3/api/rex/classes/Rex/Post/M
eterpreter/Extensions/Stdapi/Sys/EventLog.html

How do I pass the name of which event log I want to read (system, security,
etc)

If I pass it "security" I get a bunch of stuff but it all looks meterpreter
related.


client.sys.eventlog.open'security'

=> #<#<Class:0x33d2754>:0x343dcac @handle=25403664,
@client=#<Msf::Sessions::Meterpreter:0x33d6fc0
@orig_suspend=#<Proc:0x01358584 at ./lib/rex/ui/interactive.rb:208>, @sid=5,
@ext=#<Rex::Post::Meterpreter::ObjectAliases:0x33d6f20
@aliases={"stdapi"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Stdapi:0x3
3d2fc4 @name="stdapi", @client=#<Msf::Sessions::Meterpreter:0x33d6fc0 ...>>,
"priv"=>#<Rex::Post::Meterpreter::Extensions::Priv::Priv:0x33cd7b8
@fs=#<Rex::Post::Meterpreter::Extensions::Priv::Fs:0x33ce03c
@client=#<Msf::Sessions::Meterpreter:0x33d6fc0 ...>>,

....

Looks like I get the same thing with


client.sys.eventlog.open'system'


And trying to clear it gives me


client.sys.eventlog.clear'system'

NoMethodError: undefined method `clear' for #<Class:0x33d2754>

Thanks in advance for any replies


It's returning you an instance.  Try this:

log = client.sys.eventlog.open('security')
log.clear
Previous By Date Next
Previous By Thread Next

Current thread: