Startsida Utforska Hjälp
Logga in
zhensolid
/
OperatorsKit
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 75c6c241e6
Grenar Taggar
OperatorsKit
/
KIT
/
EnumHandles
/
enumhandles.cna

enumhandles.cna 2.4 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. # author REDMED-X
    2. 

  2. 

  3. beacon_command_register(
    4. 

  4.     "enumhandles", "Find process and thread handle types between processes.",
    5. 

  5.     "INFO:\nFind process and thread handle types between processes.\n\nOPTIONS:\n[all]: list all processes with handles to all other processes\n[h2p]: list all processes that have a handle to a specific process\n[p2h]: list handles from a specific process to all other processes\n\nHandle Query Options:\n[proc]: search for PROCESS type handles\n[thread]: search for THREAD type handles\n\nTargeted Search Options:\n[<pid>]: for both the [h2p] and [p2h] search options, specify the PID of the process your interested in.\n\n" .
    6. 

  6.     "USAGE:\nenumhandles all <proc | thread>\nenumhandles h2p <proc | thread> <pid>\nenumhandles p2h <proc | thread> <pid>\n\n");
    7. 

  7. 

  8. 

  9. alias enumhandles {
    10. 

  10.     $bid = $1;
    11. 

  11.     $search = $2;
    12. 

  12.     $query = $3;
    13. 

  13.     $pid = $4;
    14. 

  14. 

  15.     if ($search eq "") {
    16. 

  16.         berror($bid, "Please specify one of the following seach options: all | h2p | p2h\n");
    17. 

  17.         return;
    18. 

  18.     }
    19. 

  19. 

  20.     if ($search eq "all" || $search eq "h2p" || $search eq "p2h") {
    21. 

  21.         if ($query eq "") {
    22. 

  22.             berror($bid, "Please specify one of the following handle types to search for: proc | thread\n");
    23. 

  23.             return;
    24. 

  24.         }
    25. 

  25.         if ($query eq "proc" || $query eq "thread") {
    26. 

  26.             if ($search eq "h2p" && $pid eq "" ) {
    27. 

  27.                 berror($bid, "Please specify the pid to target a specific process.\n");
    28. 

  28.                 return;
    29. 

  29.             }
    30. 

  30.             if ($search eq "p2h" && $pid eq "" ) {
    31. 

  31.                 berror($bid, "Please specify the pid to target a specific process.\n");
    32. 

  32.                 return;
    33. 

  33.             }
    34. 

  34.         }
    35. 

  35.         else {
    36. 

  36.             berror($bid, "This handle type isn't supported. Please specify one of the following handle types to search for: proc | thread\n");
    37. 

  37.             return;
    38. 

  38.         }
    39. 

  39.     }
    40. 

  40.     else {
    41. 

  41.         berror($bid, "This option isn't supported. Please specify one of the following seach options: all | h2p | p2h\n");
    42. 

  42.         return;
    43. 

  43.     }
    44. 

  44. 	
    45. 

  45.     # Read in the right BOF file
    46. 

  46.     $handle = openf(script_resource("enumhandles.o"));
    47. 

  47.     $data   = readb($handle, -1);
    48. 

  48.     closef($handle);
    49. 

  49. 

  50.     # Pack our arguments
    51. 

  51.     if ($pid eq "") {
    52. 

  52.         $arg_data  = bof_pack($bid, "zz", $search, $query);
    53. 

  53.     }
    54. 

  54.     else {
    55. 

  55.         $arg_data  = bof_pack($bid, "zzi", $search, $query, $pid);
    56. 

  56.     }
    57. 

  57. 

  58.     blog($bid, "Tasked to enumerate handles..");
    59. 

  59.     beacon_inline_execute($bid, $data, "go", $arg_data);
    60. 

  60. }
    61. 

  61. 

  62.