Method: Rex::Post::Meterpreter::ClientCore#load_library

Defined in:
lib/rex/post/meterpreter/client_core.rb

#load_library(opts) ⇒ Object

Loads a library on the remote meterpreter instance. This method supports loading both extension and non-extension libraries and also supports loading libraries from memory or disk depending on the flags that are specified

Supported flags:

LibraryFilePath The path to the library that is to be loaded

TargetFilePath The target library path when uploading

UploadLibrary Indicates whether or not the library should be uploaded

SaveToDisk Indicates whether or not the library should be saved to disk on the remote machine

Extension Indicates whether or not the library is a meterpreter extension



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/rex/post/meterpreter/client_core.rb', line 62

def load_library(opts)
  library_path = opts['LibraryFilePath']
  target_path  = opts['TargetFilePath']
  load_flags   = LOAD_LIBRARY_FLAG_LOCAL

  # No library path, no cookie.
  if (library_path == nil)
    raise ArgumentError, "No library file path was supplied", caller
  end

  # Set up the proper loading flags
  if (opts['UploadLibrary'])
    load_flags &= ~LOAD_LIBRARY_FLAG_LOCAL
  end
  if (opts['SaveToDisk'])
    load_flags |= LOAD_LIBRARY_FLAG_ON_DISK
  end
  if (opts['Extension'])
    load_flags |= LOAD_LIBRARY_FLAG_EXTENSION
  end

  # Create a request packet
  request = Packet.create_request('core_loadlib')

  # If we must upload the library, do so now
  if ((load_flags & LOAD_LIBRARY_FLAG_LOCAL) != LOAD_LIBRARY_FLAG_LOCAL)
    image = ''

    ::File.open(library_path, 'rb') { |f|
      image = f.read
    }

    if (image != nil)
      request.add_tlv(TLV_TYPE_DATA, image, false, client.capabilities[:zlib])
    else
      raise RuntimeError, "Failed to serialize library #{library_path}.", caller
    end

    # If it's an extension we're dealing with, rename the library
    # path of the local and target so that it gets loaded with a random
    # name
    if (opts['Extension'])
      library_path = "ext" + rand(1000000).to_s + ".#{client.binary_suffix}"
      target_path  = library_path
    end
  end

  # Add the base TLVs
  request.add_tlv(TLV_TYPE_LIBRARY_PATH, library_path)
  request.add_tlv(TLV_TYPE_FLAGS, load_flags)

  if (target_path != nil)
    request.add_tlv(TLV_TYPE_TARGET_PATH, target_path)
  end

  # Transmit the request and wait the default timeout seconds for a response
  response = self.client.send_packet_wait_response(request, self.client.response_timeout)

  # No response?
  if (response == nil)
    raise RuntimeError, "No response was received to the core_loadlib request.", caller
  elsif (response.result != 0)
    raise RuntimeError, "The core_loadlib request failed with result: #{response.result}.", caller
  end

  commands = []
  response.each(TLV_TYPE_METHOD) { |c|
    commands << c.value
  }

  return commands
end