Class: PSRP::PSRPService

Inherits:
Object
  • Object
show all
Defined in:
lib/psrp.rb

Constant Summary collapse

DEFAULT_TIMEOUT = 
60
DEFAULT_MAX_ENV_SIZE = 
153600
DEFAULT_LOCALE = 
'en-US'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(endpoint, opts = {}) ⇒ PSRPService

Returns a new instance of PSRPService.



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/psrp.rb', line 49

def initialize(endpoint, opts = {})
  @session_opts = {
    endpoint: endpoint,
    max_envelope_size: DEFAULT_MAX_ENV_SIZE,
    session_id: SecureRandom.uuid.to_s.upcase,
    operation_timeout: DEFAULT_TIMEOUT,
    locale: DEFAULT_LOCALE
  }

  @logger = Logging.logger[self]
  @logger.level = opts[:log_level] || :debug
  @logger.add_appenders(Logging.appenders.stdout)
  @opts = opts

  @xfer = HTTP::Negotiate.new(endpoint, @opts[:user], @opts[:pass], @opts)

  @shell_id = nil
  @generated_shell_id = nil
  @opened = false
end

Instance Attribute Details

#xferObject

Returns the value of attribute xfer.



47
48
49
 
# File 'lib/psrp.rb', line 47

def xfer
  @xfer
end

Instance Method Details

#closeObject 



187
188
189
190
191
192
193
194
195
 
# File 'lib/psrp.rb', line 187

def close
  if not @opened
    return nil
  end
  @opened = false
  @logger.debug("Closing shell")
  msg = PSRP::WSMV::CloseShell.new(@session_opts, @shell_id)
  resp_doc = @xfer.send_request(msg.build)
end

#openObject 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/psrp.rb', line 70

def open
  @logger.debug("[WinRM] opening remote runspacepool on #{@session_opts[:endpoint]}")
  msg = PSRP::WSMV::InitRunspacePool.new(@session_opts)

  resp_doc = @xfer.send_request(msg.build)
  
  @generated_shell_id = msg.shell_id

  @shell_id = REXML::XPath.first(resp_doc, "//*[@Name='ShellId']").text
  @logger.debug("[WinRM] remote runspace #{@shell_id} is open on #{@session_opts[:endpoint]}")

  out_processor = PSRP::WSMV::CommandOutputProcessor.new(@session_opts, @xfer)
  
  out_processor.command_output(@shell_id, nil)
  return false if out_processor.command_done?

  while true
    out_processor.command_output(@shell_id, nil, true)
    if out_processor.command_done?
      break
    end

    runspace_open = false
    
    # check to make sure the runspace is opened
    out_processor.defragmented.each do |msg_id, msg|
      if msg[:message_type] == PSRP::Message::MESSAGE_TYPES[:RUNSPACEPOOL_STATE]
        xml = REXML::Document.new(msg[:data])
        REXML::XPath.match(xml, "//*[@N='RunspaceState']").each do |n|
          runspace_open = (n.text == '2')
        end
      end
    end
    
    if runspace_open
      @opened = true
      return true
    end
  end

  return false
end

#run_ps(command, shell_opts = {}) ⇒ Object 



113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
# File 'lib/psrp.rb', line 113

def run_ps(command, shell_opts = {})

  # spec says:
  # The client sends a wxf:Receive message (section 3.1.5.3.7) to the server to start receiving data from 
  # the server. After each received wxf:ReceiveResponse message (section 3.2.5.3.8), the client sends another 
  # wxf:Receive message until the RunspacePool transitions to a Closed or Broken state.
  if not @opened
    open
  end

  out_processor = PSRP::WSMV::CommandOutputProcessor.new(@session_opts, @xfer)
  
  @logger.debug('Opened the runspace, sending command')
        
  command_id = SecureRandom.uuid.to_s.upcase
  pipeline = PSRP::MessageEncoder.new(@generated_shell_id, command_id, :CREATE_PIPELINE, {command: CGI.escapeHTML(command)})

  msg = PSRP::WSMV::CreatePipeline.new(@session_opts, @shell_id, pipeline.fragments[0])
  resp_doc = @xfer.send_request(msg.build)

  command_id = REXML::XPath.first(resp_doc, "//#{PSRP::WSMV::NS_WIN_SHELL}:CommandId").text

  # Send remaining fragments, if any
  if pipeline.fragments.length > 1
    for i in 1..(pipeline.fragments.length - 1)
      msg = PSRP::WSMV::SendData.new(@session_opts, @shell_id, command_id, pipeline.fragments[i])
      resp_doc = @xfer.send_request(msg.build)
    end
  end

  @logger.debug("Command Sent, waiting on responses")
  out_processor.command_output(@shell_id, command_id, true)
  if out_processor.input_required?
    raise PSRPError.new('This Tool Does Not Support Accepting Runtime Input')
  end
  
  # retrieve all of the data from the command
  while true  
    out_processor.command_output(@shell_id, command_id)
    if out_processor.input_required?
      raise PSRPError.new('This Tool Does Not Support Accepting Runtime Input')
    end
    if out_processor.command_done?
      break
    end
  end 

  # Deal with fragmented return values
  datas = out_processor.defragmented

  # Deal With Errors
  # But not really doing it well
  # PSRP - 2.2.3.15 ErrorRecord
  if out_processor.has_error?
    datas.each do |msg_id, msg|
      if msg[:message_type] == PSRP::Message::MESSAGE_TYPES[:ERROR_RECORD]
        raise PSRPError.new(un_psrp_escape(msg[:data]))
      end
    end
  end

  data = ''
  out_processor.defragmented.each do |msg_id, msg|
    xml = REXML::Document.new(msg[:data])
    # TODO: do better deserialization based on MS-PSRP 2.2.5 
    # Right now this only returns String primitives and String Extended Primitives
    REXML::XPath.match(xml, "/S|/Obj/S").each do |n|
      next if n.text.nil? || n.text.empty?
      data += n.text + "\n"
    end
  end
  return data
end

#un_psrp_escape(str) ⇒ Object 



197
198
199
200
201
202
203
 
# File 'lib/psrp.rb', line 197

def un_psrp_escape(str)
  begin
    str.gsub(/_x([0-9A-F]{4})_/i) { [Regexp.last_match[1].hex].pack('U') }
  rescue Encoding::CompatibilityError
    str
  end
end