diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index 0ab9f94c..ac92e729 100644 Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe index ec9085b8..c9c58f9f 100644 Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ diff --git a/agents/MeshService-signed.exe b/agents/MeshService-signed.exe index 27e8ed10..87ed94df 100644 Binary files a/agents/MeshService-signed.exe and b/agents/MeshService-signed.exe differ diff --git a/agents/MeshService.exe b/agents/MeshService.exe index 970255b6..dcad7136 100644 Binary files a/agents/MeshService.exe and b/agents/MeshService.exe differ diff --git a/agents/MeshService64-signed.exe b/agents/MeshService64-signed.exe index ba103ab4..5b92436f 100644 Binary files a/agents/MeshService64-signed.exe and b/agents/MeshService64-signed.exe differ diff --git a/agents/MeshService64.exe b/agents/MeshService64.exe index ff26f15b..79e1cb6b 100644 Binary files a/agents/MeshService64.exe and b/agents/MeshService64.exe differ diff --git a/agents/meshagent_arm b/agents/meshagent_arm index 2b9c778a..224bd165 100644 Binary files a/agents/meshagent_arm and b/agents/meshagent_arm differ diff --git a/agents/meshagent_arm-linaro b/agents/meshagent_arm-linaro index 440d8643..3bb448fe 100644 Binary files a/agents/meshagent_arm-linaro and b/agents/meshagent_arm-linaro differ diff --git a/agents/meshagent_armhf b/agents/meshagent_armhf index 1e65eca6..afeb8f09 100644 Binary files a/agents/meshagent_armhf and b/agents/meshagent_armhf differ diff --git a/agents/meshagent_mips b/agents/meshagent_mips index b8275ebf..7d37ab0e 100644 Binary files a/agents/meshagent_mips and b/agents/meshagent_mips differ diff --git a/agents/meshagent_pogo b/agents/meshagent_pogo index 5c16806c..d1295fe7 100644 Binary files a/agents/meshagent_pogo and b/agents/meshagent_pogo differ diff --git a/agents/meshagent_poky b/agents/meshagent_poky index 2b7bcfee..b2949596 100644 Binary files a/agents/meshagent_poky and b/agents/meshagent_poky differ diff --git a/agents/meshagent_poky64 b/agents/meshagent_poky64 index e9299337..c0554e44 100644 Binary files a/agents/meshagent_poky64 and b/agents/meshagent_poky64 differ diff --git a/agents/meshagent_x86 b/agents/meshagent_x86 index dcb0c1c7..9c410ccd 100644 Binary files a/agents/meshagent_x86 and b/agents/meshagent_x86 differ diff --git a/agents/meshagent_x86-64 b/agents/meshagent_x86-64 index d28da680..c025a1ce 100644 Binary files a/agents/meshagent_x86-64 and b/agents/meshagent_x86-64 differ diff --git a/agents/meshagent_x86-64_nokvm b/agents/meshagent_x86-64_nokvm index 705e61f4..af1a33d6 100644 Binary files a/agents/meshagent_x86-64_nokvm and b/agents/meshagent_x86-64_nokvm differ diff --git a/agents/meshagent_x86_nokvm b/agents/meshagent_x86_nokvm index 935e59e1..34970a27 100644 Binary files a/agents/meshagent_x86_nokvm and b/agents/meshagent_x86_nokvm differ diff --git a/agents/modules_meshcmd/user-sessions.js b/agents/modules_meshcmd/user-sessions.js index cf4eb6e2..730949b9 100644 --- a/agents/modules_meshcmd/user-sessions.js +++ b/agents/modules_meshcmd/user-sessions.js @@ -92,6 +92,11 @@ function UserSessions() { } + this._advapi = this._marshal.CreateNativeProxy('Advapi32.dll'); + this._advapi.CreateMethod('AllocateAndInitializeSid'); + this._advapi.CreateMethod('CheckTokenMembership'); + this._advapi.CreateMethod('FreeSid'); + this._user32 = this._marshal.CreateNativeProxy('user32.dll'); this._user32.CreateMethod({ method: 'RegisterPowerSettingNotification', threadDispatch: 1}); this._user32.CreateMethod('UnregisterPowerSettingNotification'); @@ -150,6 +155,26 @@ function UserSessions() 'WTSIsRemoteSession': 29 }; + this.isRoot = function isRoot() + { + var NTAuthority = this._marshal.CreateVariable(6); + NTAuthority.toBuffer().writeInt8(5, 5); + + var AdministratorsGroup = this._marshal.CreatePointer(); + var admin = false; + + if (this._advapi.AllocateAndInitializeSid(NTAuthority, 2, 32, 544, 0, 0, 0, 0, 0, 0, AdministratorsGroup).Val != 0) + { + var member = this._marshal.CreateInteger(); + if (this._advapi.CheckTokenMembership(0, AdministratorsGroup.Deref(), member).Val != 0) + { + if (member.toBuffer().readUInt32LE() != 0) { admin = true; } + } + this._advapi.FreeSid(AdministratorsGroup.Deref()); + } + return admin; + } + this.getSessionAttribute = function getSessionAttribute(sessionId, attr) { var buffer = this._marshal.CreatePointer(); diff --git a/agents/modules_meshcmd_min/user-sessions.min.js b/agents/modules_meshcmd_min/user-sessions.min.js index 20cfbdbf..20d83153 100644 --- a/agents/modules_meshcmd_min/user-sessions.min.js +++ b/agents/modules_meshcmd_min/user-sessions.min.js @@ -1 +1 @@ -var NOTIFY_FOR_THIS_SESSION=0;var NOTIFY_FOR_ALL_SESSIONS=1;var WM_WTSSESSION_CHANGE=689;var WM_POWERBROADCAST=536;var PBT_POWERSETTINGCHANGE=32787;var PBT_APMSUSPEND=4;var PBT_APMRESUMESUSPEND=7;var PBT_APMRESUMEAUTOMATIC=18;var PBT_APMPOWERSTATUSCHANGE=10;var WTS_CONSOLE_CONNECT=(1);var WTS_CONSOLE_DISCONNECT=(2);var WTS_REMOTE_CONNECT=(3);var WTS_REMOTE_DISCONNECT=(4);var WTS_SESSION_LOGON=(5);var WTS_SESSION_LOGOFF=(6);var WTS_SESSION_LOCK=(7);var WTS_SESSION_UNLOCK=(8);var WTS_SESSION_REMOTE_CONTROL=(9);var WTS_SESSION_CREATE=(10);var WTS_SESSION_TERMINATE=(11);var GUID_ACDC_POWER_SOURCE;var GUID_BATTERY_PERCENTAGE_REMAINING;var GUID_CONSOLE_DISPLAY_STATE;function UserSessions(){this._ObjectID="user-sessions";require("events").EventEmitter.call(this,true).createEvent("changed").createEvent("locked").createEvent("unlocked");this.enumerateUsers=function h(){var s=require("promise");var r=new s(function(t,p){this.__resolver=t;this.__rejector=p});r.__handler=function o(p){r.__resolver(p)};try{this.Current(r.__handler)}catch(q){r.__rejector(q)}r.parent=this;return(r)};if(process.platform=="win32"){this._serviceHooked=false;this._marshal=require("_GenericMarshal");this._kernel32=this._marshal.CreateNativeProxy("Kernel32.dll");this._kernel32.CreateMethod("GetLastError");try{this._wts=this._marshal.CreateNativeProxy("Wtsapi32.dll");this._wts.CreateMethod("WTSEnumerateSessionsA");this._wts.CreateMethod("WTSQuerySessionInformationA");this._wts.CreateMethod("WTSRegisterSessionNotification");this._wts.CreateMethod("WTSUnRegisterSessionNotification");this._wts.CreateMethod("WTSFreeMemory")}catch(i){}this._user32=this._marshal.CreateNativeProxy("user32.dll");this._user32.CreateMethod({method:"RegisterPowerSettingNotification",threadDispatch:1});this._user32.CreateMethod("UnregisterPowerSettingNotification");this._rpcrt=this._marshal.CreateNativeProxy("Rpcrt4.dll");this._rpcrt.CreateMethod("UuidFromStringA");this._rpcrt.StringToUUID=function n(o){var p=n.us._marshal.CreateVariable(16);if(n.us._rpcrt.UuidFromStringA(n.us._marshal.CreateVariable(o),p).Val==0){return(p)}else{throw ("Could not convert string to UUID")}};this._rpcrt.StringToUUID.us=this;GUID_ACDC_POWER_SOURCE=this._rpcrt.StringToUUID("5d3e9a59-e9D5-4b00-a6bd-ff34ff516548");GUID_BATTERY_PERCENTAGE_REMAINING=this._rpcrt.StringToUUID("a7ad8041-b45a-4cae-87a3-eecbb468a9e1");GUID_CONSOLE_DISPLAY_STATE=this._rpcrt.StringToUUID("6fe69556-704a-47a0-8f24-c28d936fda47");this.SessionStates=["Active","Connected","ConnectQuery","Shadow","Disconnected","Idle","Listening","Reset","Down","Init"];this.InfoClass={WTSInitialProgram:0,WTSApplicationName:1,WTSWorkingDirectory:2,WTSOEMId:3,WTSSessionId:4,WTSUserName:5,WTSWinStationName:6,WTSDomainName:7,WTSConnectState:8,WTSClientBuildNumber:9,WTSClientName:10,WTSClientDirectory:11,WTSClientProductId:12,WTSClientHardwareId:13,WTSClientAddress:14,WTSClientDisplay:15,WTSClientProtocolType:16,WTSIdleTime:17,WTSLogonTime:18,WTSIncomingBytes:19,WTSOutgoingBytes:20,WTSIncomingFrames:21,WTSOutgoingFrames:22,WTSClientInfo:23,WTSSessionInfo:24,WTSSessionInfoEx:25,WTSConfigInfo:26,WTSValidationInfo:27,WTSSessionAddressV4:28,WTSIsRemoteSession:29};this.getSessionAttribute=function j(s,o){var p=this._marshal.CreatePointer();var q=this._marshal.CreateVariable(4);if(this._wts.WTSQuerySessionInformationA(0,s,o,p,q).Val==0){throw ("Error calling WTSQuerySessionInformation: "+this._kernel32.GetLastError.Val)}var r=p.Deref().String;this._wts.WTSFreeMemory(p.Deref());return(r)};this.Current=function f(o){var u={};var t=this._marshal.CreatePointer();var p=this._marshal.CreateVariable(4);if(this._wts.WTSEnumerateSessionsA(0,0,1,t,p).Val==0){throw ("Error calling WTSEnumerateSessionsA: "+this._kernel32.GetLastError().Val)}for(var q=0;q= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[0]]=s[1]}}return(r)};this._uids=function c(){var o=require("child_process").execFile("/bin/sh",["sh"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("awk -F: '($3 >= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[1]]=s[0]}}return(r)};this.Self=function m(){var q=require("promise");var o=new q(function(r,p){this.__resolver=r;this.__rejector=p;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u"]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(s){this._txt+=s.toString()});this.__child.on("exit",function(s){try{parseInt(this.stdout._txt)}catch(t){this.promise.__rejector("invalid uid");return}var u=parseInt(this.stdout._txt);this.promise.__resolver(u)})});return(o)};this.Current=function f(o){var p={};p._ObjectID="UserSession";Object.defineProperty(p,"_callback",{value:o});Object.defineProperty(p,"_child",{value:require("child_process").execFile("/usr/bin/last",["last","-f","/var/run/utmp"])});p._child.Parent=p;p._child._txt="";p._child.on("exit",function(q){var u=this._txt.split("\n");var A=[];var D={};for(var t in u){if(u[t]){var B=getTokens(u[t]);var z={Username:B[0],SessionId:B[1]};if(B[3].includes("still logged in")){z.State="Active"}else{z.LastActive=B[3]}A.push(z)}}A.pop();var C={};var y=[];for(var t in A){if(A[t].Username!="reboot"){D[A[t].SessionId]=A[t];if(C[A[t].Username]==null){C[A[t].Username]=-1}}}try{require("promise")}catch(r){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(this.Parent._callback){this.Parent._callback.call(this.Parent,D)}return}var x=require("promise");for(var v in C){var w=new x(function(E,s){this.__username=v;this.__resolver=E;this.__rejector=s;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u",v]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(F){this._txt+=F.toString()});this.__child.on("exit",function(F){try{parseInt(this.stdout._txt)}catch(G){this.promise.__rejector("invalid uid");return}var H=parseInt(this.stdout._txt);this.promise.__resolver(H)})});y.push(w)}x.all(y).then(function(E){var F={};for(var s in E){F[E[s].__username]=E[s]._internal.completedArgs[0]}for(var s in D){D[s].uid=F[D[s].Username]}Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}},function(s){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}})});p._child.stdout.Parent=p._child;p._child.stdout.on("data",function(q){this.Parent._txt+=q.toString()});return(p)};this._recheckLoggedInUsers=function a(){this.enumerateUsers().then(function(o){if(o.Active.length>0){if(this.parent._linux_lock_watcher!=null&&this.parent._linux_lock_watcher.uid!=o.Active[0].uid){delete this.parent._linux_lock_watcher}this.parent._linux_lock_watcher=new g(process.env.XDG_CURRENT_DESKTOP=="Unity"?"com.ubuntu.Upstart0_6":"org.gnome.ScreenSaver",o.Active[0].uid);this.parent._linux_lock_watcher.user_session=this.parent;this.parent._linux_lock_watcher.on("signal",function(r){var q=this.user_session.enumerateUsers();q.signalData=r.data[0];q.then(function(p){switch(this.signalData){case true:case"desktop-lock":this.parent.emit("locked",p.Active[0]);break;case false:case"desktop-unlock":this.parent.emit("unlocked",p.Active[0]);break}})})}else{if(this.parent._linux_lock_watcher!=null){delete this.parent._linux_lock_watcher}}})};this.on("changed",this._recheckLoggedInUsers);this._recheckLoggedInUsers()}else{if(process.platform=="darwin"){this._users=function(){var o=require("child_process").execFile("/usr/bin/dscl",["dscl",".","list","/Users","UniqueID"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("exit\n");o.waitExit();var q=o.stdout.str.split("\n");var r,p;var s={};for(p=0;p0;++r){if(!u[s[r].split(" ")[0]]){try{u[s[r].split(" ")[0]]={Username:s[r].split(" ")[0],State:s[r].split("still logged in").length>1?"Active":"Inactive",uid:t.uid[s[r].split(" ")[0]]}}catch(q){}}else{if(u[s[r].split(" ")[0]].State!="Active"&&s[r].split("still logged in").length>1){u[s[r].split(" ")[0]].State="Active"}}}Object.defineProperty(u,"Active",{value:showActiveOnly(u)});if(o){o.call(this,u)}}}}}if(process.platform=="linux"||process.platform=="darwin"){this._self=function b(){var o=require("child_process").execFile("/usr/bin/id",["id","-u"]);o.stdout.str="";o.stdout.on("data",function(p){this.str+=p.toString()});o.waitExit();return(parseInt(o.stdout.str))};this.isRoot=function k(){return(this._self()==0)};this.consoleUid=function e(){var o=process.platform=="darwin"?"console":((process.env.DISPLAY)?process.env.DISPLAY:":0");var p=require("child_process").execFile("/bin/sh",["sh"]);p.stdout.str="";p.stdout.on("data",function(u){this.str+=u.toString()});p.stdin.write("who\nexit\n");p.waitExit();var s=p.stdout.str.split("\n");var t,q,r;for(q in s){t=s[q].split(" ");for(r=1;r0&&(t[r]==o||t[r]==("("+o+")"))){return(parseInt(this._users()[t[0]]))}}}throw ("nobody logged into console")}}}function showActiveOnly(c){var b=[];var e={};var f=[];var d;for(var a in c){if(c[a].State=="Active"){b.push(c[a]);d=(c[a].Domain?(c[a].Domain+"\\"):"")+c[a].Username;if(!e[d]){e[d]=d}}}for(var a in e){f.push(a)}Object.defineProperty(b,"usernames",{value:f});return(b)}function getTokens(d){var a=[];var b;a.push(d.substring(0,(b=d.indexOf(" "))));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}var c=d.substring(b).trim();a.push(c);return(a)}module.exports=new UserSessions(); \ No newline at end of file +var NOTIFY_FOR_THIS_SESSION=0;var NOTIFY_FOR_ALL_SESSIONS=1;var WM_WTSSESSION_CHANGE=689;var WM_POWERBROADCAST=536;var PBT_POWERSETTINGCHANGE=32787;var PBT_APMSUSPEND=4;var PBT_APMRESUMESUSPEND=7;var PBT_APMRESUMEAUTOMATIC=18;var PBT_APMPOWERSTATUSCHANGE=10;var WTS_CONSOLE_CONNECT=(1);var WTS_CONSOLE_DISCONNECT=(2);var WTS_REMOTE_CONNECT=(3);var WTS_REMOTE_DISCONNECT=(4);var WTS_SESSION_LOGON=(5);var WTS_SESSION_LOGOFF=(6);var WTS_SESSION_LOCK=(7);var WTS_SESSION_UNLOCK=(8);var WTS_SESSION_REMOTE_CONTROL=(9);var WTS_SESSION_CREATE=(10);var WTS_SESSION_TERMINATE=(11);var GUID_ACDC_POWER_SOURCE;var GUID_BATTERY_PERCENTAGE_REMAINING;var GUID_CONSOLE_DISPLAY_STATE;function UserSessions(){this._ObjectID="user-sessions";require("events").EventEmitter.call(this,true).createEvent("changed").createEvent("locked").createEvent("unlocked");this.enumerateUsers=function h(){var s=require("promise");var r=new s(function(t,p){this.__resolver=t;this.__rejector=p});r.__handler=function o(p){r.__resolver(p)};try{this.Current(r.__handler)}catch(q){r.__rejector(q)}r.parent=this;return(r)};if(process.platform=="win32"){this._serviceHooked=false;this._marshal=require("_GenericMarshal");this._kernel32=this._marshal.CreateNativeProxy("Kernel32.dll");this._kernel32.CreateMethod("GetLastError");try{this._wts=this._marshal.CreateNativeProxy("Wtsapi32.dll");this._wts.CreateMethod("WTSEnumerateSessionsA");this._wts.CreateMethod("WTSQuerySessionInformationA");this._wts.CreateMethod("WTSRegisterSessionNotification");this._wts.CreateMethod("WTSUnRegisterSessionNotification");this._wts.CreateMethod("WTSFreeMemory")}catch(i){}this._advapi=this._marshal.CreateNativeProxy("Advapi32.dll");this._advapi.CreateMethod("AllocateAndInitializeSid");this._advapi.CreateMethod("CheckTokenMembership");this._advapi.CreateMethod("FreeSid");this._user32=this._marshal.CreateNativeProxy("user32.dll");this._user32.CreateMethod({method:"RegisterPowerSettingNotification",threadDispatch:1});this._user32.CreateMethod("UnregisterPowerSettingNotification");this._rpcrt=this._marshal.CreateNativeProxy("Rpcrt4.dll");this._rpcrt.CreateMethod("UuidFromStringA");this._rpcrt.StringToUUID=function n(o){var p=n.us._marshal.CreateVariable(16);if(n.us._rpcrt.UuidFromStringA(n.us._marshal.CreateVariable(o),p).Val==0){return(p)}else{throw ("Could not convert string to UUID")}};this._rpcrt.StringToUUID.us=this;GUID_ACDC_POWER_SOURCE=this._rpcrt.StringToUUID("5d3e9a59-e9D5-4b00-a6bd-ff34ff516548");GUID_BATTERY_PERCENTAGE_REMAINING=this._rpcrt.StringToUUID("a7ad8041-b45a-4cae-87a3-eecbb468a9e1");GUID_CONSOLE_DISPLAY_STATE=this._rpcrt.StringToUUID("6fe69556-704a-47a0-8f24-c28d936fda47");this.SessionStates=["Active","Connected","ConnectQuery","Shadow","Disconnected","Idle","Listening","Reset","Down","Init"];this.InfoClass={WTSInitialProgram:0,WTSApplicationName:1,WTSWorkingDirectory:2,WTSOEMId:3,WTSSessionId:4,WTSUserName:5,WTSWinStationName:6,WTSDomainName:7,WTSConnectState:8,WTSClientBuildNumber:9,WTSClientName:10,WTSClientDirectory:11,WTSClientProductId:12,WTSClientHardwareId:13,WTSClientAddress:14,WTSClientDisplay:15,WTSClientProtocolType:16,WTSIdleTime:17,WTSLogonTime:18,WTSIncomingBytes:19,WTSOutgoingBytes:20,WTSIncomingFrames:21,WTSOutgoingFrames:22,WTSClientInfo:23,WTSSessionInfo:24,WTSSessionInfoEx:25,WTSConfigInfo:26,WTSValidationInfo:27,WTSSessionAddressV4:28,WTSIsRemoteSession:29};this.isRoot=function k(){var r=this._marshal.CreateVariable(6);r.toBuffer().writeInt8(5,5);var p=this._marshal.CreatePointer();var o=false;if(this._advapi.AllocateAndInitializeSid(r,2,32,544,0,0,0,0,0,0,p).Val!=0){var q=this._marshal.CreateInteger();if(this._advapi.CheckTokenMembership(0,p.Deref(),q).Val!=0){if(q.toBuffer().readUInt32LE()!=0){o=true}}this._advapi.FreeSid(p.Deref())}return o};this.getSessionAttribute=function j(s,o){var p=this._marshal.CreatePointer();var q=this._marshal.CreateVariable(4);if(this._wts.WTSQuerySessionInformationA(0,s,o,p,q).Val==0){throw ("Error calling WTSQuerySessionInformation: "+this._kernel32.GetLastError.Val)}var r=p.Deref().String;this._wts.WTSFreeMemory(p.Deref());return(r)};this.Current=function f(o){var u={};var t=this._marshal.CreatePointer();var p=this._marshal.CreateVariable(4);if(this._wts.WTSEnumerateSessionsA(0,0,1,t,p).Val==0){throw ("Error calling WTSEnumerateSessionsA: "+this._kernel32.GetLastError().Val)}for(var q=0;q= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[0]]=s[1]}}return(r)};this._uids=function c(){var o=require("child_process").execFile("/bin/sh",["sh"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("awk -F: '($3 >= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[1]]=s[0]}}return(r)};this.Self=function m(){var q=require("promise");var o=new q(function(r,p){this.__resolver=r;this.__rejector=p;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u"]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(s){this._txt+=s.toString()});this.__child.on("exit",function(s){try{parseInt(this.stdout._txt)}catch(t){this.promise.__rejector("invalid uid");return}var u=parseInt(this.stdout._txt);this.promise.__resolver(u)})});return(o)};this.Current=function f(o){var p={};p._ObjectID="UserSession";Object.defineProperty(p,"_callback",{value:o});Object.defineProperty(p,"_child",{value:require("child_process").execFile("/usr/bin/last",["last","-f","/var/run/utmp"])});p._child.Parent=p;p._child._txt="";p._child.on("exit",function(q){var u=this._txt.split("\n");var A=[];var D={};for(var t in u){if(u[t]){var B=getTokens(u[t]);var z={Username:B[0],SessionId:B[1]};if(B[3].includes("still logged in")){z.State="Active"}else{z.LastActive=B[3]}A.push(z)}}A.pop();var C={};var y=[];for(var t in A){if(A[t].Username!="reboot"){D[A[t].SessionId]=A[t];if(C[A[t].Username]==null){C[A[t].Username]=-1}}}try{require("promise")}catch(r){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(this.Parent._callback){this.Parent._callback.call(this.Parent,D)}return}var x=require("promise");for(var v in C){var w=new x(function(E,s){this.__username=v;this.__resolver=E;this.__rejector=s;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u",v]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(F){this._txt+=F.toString()});this.__child.on("exit",function(F){try{parseInt(this.stdout._txt)}catch(G){this.promise.__rejector("invalid uid");return}var H=parseInt(this.stdout._txt);this.promise.__resolver(H)})});y.push(w)}x.all(y).then(function(E){var F={};for(var s in E){F[E[s].__username]=E[s]._internal.completedArgs[0]}for(var s in D){D[s].uid=F[D[s].Username]}Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}},function(s){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}})});p._child.stdout.Parent=p._child;p._child.stdout.on("data",function(q){this.Parent._txt+=q.toString()});return(p)};this._recheckLoggedInUsers=function a(){this.enumerateUsers().then(function(o){if(o.Active.length>0){if(this.parent._linux_lock_watcher!=null&&this.parent._linux_lock_watcher.uid!=o.Active[0].uid){delete this.parent._linux_lock_watcher}this.parent._linux_lock_watcher=new g(process.env.XDG_CURRENT_DESKTOP=="Unity"?"com.ubuntu.Upstart0_6":"org.gnome.ScreenSaver",o.Active[0].uid);this.parent._linux_lock_watcher.user_session=this.parent;this.parent._linux_lock_watcher.on("signal",function(r){var q=this.user_session.enumerateUsers();q.signalData=r.data[0];q.then(function(p){switch(this.signalData){case true:case"desktop-lock":this.parent.emit("locked",p.Active[0]);break;case false:case"desktop-unlock":this.parent.emit("unlocked",p.Active[0]);break}})})}else{if(this.parent._linux_lock_watcher!=null){delete this.parent._linux_lock_watcher}}})};this.on("changed",this._recheckLoggedInUsers);this._recheckLoggedInUsers()}else{if(process.platform=="darwin"){this._users=function(){var o=require("child_process").execFile("/usr/bin/dscl",["dscl",".","list","/Users","UniqueID"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("exit\n");o.waitExit();var q=o.stdout.str.split("\n");var r,p;var s={};for(p=0;p0;++r){if(!u[s[r].split(" ")[0]]){try{u[s[r].split(" ")[0]]={Username:s[r].split(" ")[0],State:s[r].split("still logged in").length>1?"Active":"Inactive",uid:t.uid[s[r].split(" ")[0]]}}catch(q){}}else{if(u[s[r].split(" ")[0]].State!="Active"&&s[r].split("still logged in").length>1){u[s[r].split(" ")[0]].State="Active"}}}Object.defineProperty(u,"Active",{value:showActiveOnly(u)});if(o){o.call(this,u)}}}}}if(process.platform=="linux"||process.platform=="darwin"){this._self=function b(){var o=require("child_process").execFile("/usr/bin/id",["id","-u"]);o.stdout.str="";o.stdout.on("data",function(p){this.str+=p.toString()});o.waitExit();return(parseInt(o.stdout.str))};this.isRoot=function k(){return(this._self()==0)};this.consoleUid=function e(){var o=process.platform=="darwin"?"console":((process.env.DISPLAY)?process.env.DISPLAY:":0");var p=require("child_process").execFile("/bin/sh",["sh"]);p.stdout.str="";p.stdout.on("data",function(u){this.str+=u.toString()});p.stdin.write("who\nexit\n");p.waitExit();var s=p.stdout.str.split("\n");var t,q,r;for(q in s){t=s[q].split(" ");for(r=1;r0&&(t[r]==o||t[r]==("("+o+")"))){return(parseInt(this._users()[t[0]]))}}}throw ("nobody logged into console")}}}function showActiveOnly(c){var b=[];var e={};var f=[];var d;for(var a in c){if(c[a].State=="Active"){b.push(c[a]);d=(c[a].Domain?(c[a].Domain+"\\"):"")+c[a].Username;if(!e[d]){e[d]=d}}}for(var a in e){f.push(a)}Object.defineProperty(b,"usernames",{value:f});return(b)}function getTokens(d){var a=[];var b;a.push(d.substring(0,(b=d.indexOf(" "))));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}var c=d.substring(b).trim();a.push(c);return(a)}module.exports=new UserSessions(); \ No newline at end of file diff --git a/agents/modules_meshcore/user-sessions.js b/agents/modules_meshcore/user-sessions.js index cf4eb6e2..730949b9 100644 --- a/agents/modules_meshcore/user-sessions.js +++ b/agents/modules_meshcore/user-sessions.js @@ -92,6 +92,11 @@ function UserSessions() { } + this._advapi = this._marshal.CreateNativeProxy('Advapi32.dll'); + this._advapi.CreateMethod('AllocateAndInitializeSid'); + this._advapi.CreateMethod('CheckTokenMembership'); + this._advapi.CreateMethod('FreeSid'); + this._user32 = this._marshal.CreateNativeProxy('user32.dll'); this._user32.CreateMethod({ method: 'RegisterPowerSettingNotification', threadDispatch: 1}); this._user32.CreateMethod('UnregisterPowerSettingNotification'); @@ -150,6 +155,26 @@ function UserSessions() 'WTSIsRemoteSession': 29 }; + this.isRoot = function isRoot() + { + var NTAuthority = this._marshal.CreateVariable(6); + NTAuthority.toBuffer().writeInt8(5, 5); + + var AdministratorsGroup = this._marshal.CreatePointer(); + var admin = false; + + if (this._advapi.AllocateAndInitializeSid(NTAuthority, 2, 32, 544, 0, 0, 0, 0, 0, 0, AdministratorsGroup).Val != 0) + { + var member = this._marshal.CreateInteger(); + if (this._advapi.CheckTokenMembership(0, AdministratorsGroup.Deref(), member).Val != 0) + { + if (member.toBuffer().readUInt32LE() != 0) { admin = true; } + } + this._advapi.FreeSid(AdministratorsGroup.Deref()); + } + return admin; + } + this.getSessionAttribute = function getSessionAttribute(sessionId, attr) { var buffer = this._marshal.CreatePointer(); diff --git a/agents/modules_meshcore/win-registry.js b/agents/modules_meshcore/win-registry.js index 88cd649d..88dde0c3 100644 --- a/agents/modules_meshcore/win-registry.js +++ b/agents/modules_meshcore/win-registry.js @@ -1,5 +1,5 @@ /* -Copyright 2018-2019 Intel Corporation +Copyright 2018 Intel Corporation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ limitations under the License. */ var KEY_QUERY_VALUE = 0x0001; +var KEY_ENUMERATE_SUB_KEYS = 0x0008; var KEY_WRITE = 0x20006; var KEY_DATA_TYPES = @@ -39,7 +40,10 @@ function windows_registry() this._marshal = require('_GenericMarshal'); this._AdvApi = this._marshal.CreateNativeProxy('Advapi32.dll'); this._AdvApi.CreateMethod('RegCreateKeyExA'); + this._AdvApi.CreateMethod('RegEnumKeyExA'); + this._AdvApi.CreateMethod('RegEnumValueA'); this._AdvApi.CreateMethod('RegOpenKeyExA'); + this._AdvApi.CreateMethod('RegQueryInfoKeyA'); this._AdvApi.CreateMethod('RegQueryValueExA'); this._AdvApi.CreateMethod('RegCloseKey'); this._AdvApi.CreateMethod('RegDeleteKeyA'); @@ -49,18 +53,65 @@ function windows_registry() this.QueryKey = function QueryKey(hkey, path, key) { + var err; var h = this._marshal.CreatePointer(); var len = this._marshal.CreateVariable(4); var valType = this._marshal.CreateVariable(4); - key = this._marshal.CreateVariable(key); var HK = this._marshal.CreatePointer(hkey); var retVal = null; + if (key) { key = this._marshal.CreateVariable(key); } + if (!path) { path = ''; } - if (this._AdvApi.RegOpenKeyExA(HK, this._marshal.CreateVariable(path), 0, KEY_QUERY_VALUE, h).Val != 0) + + if ((err = this._AdvApi.RegOpenKeyExA(HK, this._marshal.CreateVariable(path), 0, KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS, h).Val) != 0) { - throw ('Error Opening Registry Key: ' + path); + throw ('Opening Registry Key: ' + path + ' => Returned Error: ' + err); } + if ((path == '' && !key) || !key) + { + var result = { subkeys: [], values: [] }; + + // Enumerate keys + var achClass = this._marshal.CreateVariable(1024); + var achKey = this._marshal.CreateVariable(1024); + var achValue = this._marshal.CreateVariable(32768); + var achValueSize = this._marshal.CreateVariable(4); + var nameSize = this._marshal.CreateVariable(4); + var achClassSize = this._marshal.CreateVariable(4); achClassSize.toBuffer().writeUInt32LE(1024); + var numSubKeys = this._marshal.CreateVariable(4); + var numValues = this._marshal.CreateVariable(4); + var longestSubkeySize = this._marshal.CreateVariable(4); + var longestClassString = this._marshal.CreateVariable(4); + var longestValueName = this._marshal.CreateVariable(4); + var longestValueData = this._marshal.CreateVariable(4); + var securityDescriptor = this._marshal.CreateVariable(4); + var lastWriteTime = this._marshal.CreateVariable(8); + + retVal = this._AdvApi.RegQueryInfoKeyA(h.Deref(), achClass, achClassSize, 0, + numSubKeys, longestSubkeySize, longestClassString, numValues, + longestValueName, longestValueData, securityDescriptor, lastWriteTime); + if (retVal.Val != 0) { throw ('RegQueryInfoKeyA() returned error: ' + retVal.Val); } + for(var i = 0; i < numSubKeys.toBuffer().readUInt32LE(); ++i) + { + nameSize.toBuffer().writeUInt32LE(1024); + retVal = this._AdvApi.RegEnumKeyExA(h.Deref(), i, achKey, nameSize, 0, 0, 0, lastWriteTime); + if(retVal.Val == 0) + { + result.subkeys.push(achKey.String); + } + } + for (var i = 0; i < numValues.toBuffer().readUInt32LE() ; ++i) + { + achValueSize.toBuffer().writeUInt32LE(32768); + if(this._AdvApi.RegEnumValueA(h.Deref(), i, achValue, achValueSize, 0, 0, 0, 0).Val == 0) + { + result.values.push(achValue.String); + } + } + return (result); + } + if(this._AdvApi.RegQueryValueExA(h.Deref(), key, 0, 0, 0, len).Val == 0) { var data = this._marshal.CreateVariable(len.toBuffer().readUInt32LE()); diff --git a/agents/modules_meshcore_min/user-sessions.min.js b/agents/modules_meshcore_min/user-sessions.min.js index 20cfbdbf..20d83153 100644 --- a/agents/modules_meshcore_min/user-sessions.min.js +++ b/agents/modules_meshcore_min/user-sessions.min.js @@ -1 +1 @@ -var NOTIFY_FOR_THIS_SESSION=0;var NOTIFY_FOR_ALL_SESSIONS=1;var WM_WTSSESSION_CHANGE=689;var WM_POWERBROADCAST=536;var PBT_POWERSETTINGCHANGE=32787;var PBT_APMSUSPEND=4;var PBT_APMRESUMESUSPEND=7;var PBT_APMRESUMEAUTOMATIC=18;var PBT_APMPOWERSTATUSCHANGE=10;var WTS_CONSOLE_CONNECT=(1);var WTS_CONSOLE_DISCONNECT=(2);var WTS_REMOTE_CONNECT=(3);var WTS_REMOTE_DISCONNECT=(4);var WTS_SESSION_LOGON=(5);var WTS_SESSION_LOGOFF=(6);var WTS_SESSION_LOCK=(7);var WTS_SESSION_UNLOCK=(8);var WTS_SESSION_REMOTE_CONTROL=(9);var WTS_SESSION_CREATE=(10);var WTS_SESSION_TERMINATE=(11);var GUID_ACDC_POWER_SOURCE;var GUID_BATTERY_PERCENTAGE_REMAINING;var GUID_CONSOLE_DISPLAY_STATE;function UserSessions(){this._ObjectID="user-sessions";require("events").EventEmitter.call(this,true).createEvent("changed").createEvent("locked").createEvent("unlocked");this.enumerateUsers=function h(){var s=require("promise");var r=new s(function(t,p){this.__resolver=t;this.__rejector=p});r.__handler=function o(p){r.__resolver(p)};try{this.Current(r.__handler)}catch(q){r.__rejector(q)}r.parent=this;return(r)};if(process.platform=="win32"){this._serviceHooked=false;this._marshal=require("_GenericMarshal");this._kernel32=this._marshal.CreateNativeProxy("Kernel32.dll");this._kernel32.CreateMethod("GetLastError");try{this._wts=this._marshal.CreateNativeProxy("Wtsapi32.dll");this._wts.CreateMethod("WTSEnumerateSessionsA");this._wts.CreateMethod("WTSQuerySessionInformationA");this._wts.CreateMethod("WTSRegisterSessionNotification");this._wts.CreateMethod("WTSUnRegisterSessionNotification");this._wts.CreateMethod("WTSFreeMemory")}catch(i){}this._user32=this._marshal.CreateNativeProxy("user32.dll");this._user32.CreateMethod({method:"RegisterPowerSettingNotification",threadDispatch:1});this._user32.CreateMethod("UnregisterPowerSettingNotification");this._rpcrt=this._marshal.CreateNativeProxy("Rpcrt4.dll");this._rpcrt.CreateMethod("UuidFromStringA");this._rpcrt.StringToUUID=function n(o){var p=n.us._marshal.CreateVariable(16);if(n.us._rpcrt.UuidFromStringA(n.us._marshal.CreateVariable(o),p).Val==0){return(p)}else{throw ("Could not convert string to UUID")}};this._rpcrt.StringToUUID.us=this;GUID_ACDC_POWER_SOURCE=this._rpcrt.StringToUUID("5d3e9a59-e9D5-4b00-a6bd-ff34ff516548");GUID_BATTERY_PERCENTAGE_REMAINING=this._rpcrt.StringToUUID("a7ad8041-b45a-4cae-87a3-eecbb468a9e1");GUID_CONSOLE_DISPLAY_STATE=this._rpcrt.StringToUUID("6fe69556-704a-47a0-8f24-c28d936fda47");this.SessionStates=["Active","Connected","ConnectQuery","Shadow","Disconnected","Idle","Listening","Reset","Down","Init"];this.InfoClass={WTSInitialProgram:0,WTSApplicationName:1,WTSWorkingDirectory:2,WTSOEMId:3,WTSSessionId:4,WTSUserName:5,WTSWinStationName:6,WTSDomainName:7,WTSConnectState:8,WTSClientBuildNumber:9,WTSClientName:10,WTSClientDirectory:11,WTSClientProductId:12,WTSClientHardwareId:13,WTSClientAddress:14,WTSClientDisplay:15,WTSClientProtocolType:16,WTSIdleTime:17,WTSLogonTime:18,WTSIncomingBytes:19,WTSOutgoingBytes:20,WTSIncomingFrames:21,WTSOutgoingFrames:22,WTSClientInfo:23,WTSSessionInfo:24,WTSSessionInfoEx:25,WTSConfigInfo:26,WTSValidationInfo:27,WTSSessionAddressV4:28,WTSIsRemoteSession:29};this.getSessionAttribute=function j(s,o){var p=this._marshal.CreatePointer();var q=this._marshal.CreateVariable(4);if(this._wts.WTSQuerySessionInformationA(0,s,o,p,q).Val==0){throw ("Error calling WTSQuerySessionInformation: "+this._kernel32.GetLastError.Val)}var r=p.Deref().String;this._wts.WTSFreeMemory(p.Deref());return(r)};this.Current=function f(o){var u={};var t=this._marshal.CreatePointer();var p=this._marshal.CreateVariable(4);if(this._wts.WTSEnumerateSessionsA(0,0,1,t,p).Val==0){throw ("Error calling WTSEnumerateSessionsA: "+this._kernel32.GetLastError().Val)}for(var q=0;q= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[0]]=s[1]}}return(r)};this._uids=function c(){var o=require("child_process").execFile("/bin/sh",["sh"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("awk -F: '($3 >= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[1]]=s[0]}}return(r)};this.Self=function m(){var q=require("promise");var o=new q(function(r,p){this.__resolver=r;this.__rejector=p;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u"]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(s){this._txt+=s.toString()});this.__child.on("exit",function(s){try{parseInt(this.stdout._txt)}catch(t){this.promise.__rejector("invalid uid");return}var u=parseInt(this.stdout._txt);this.promise.__resolver(u)})});return(o)};this.Current=function f(o){var p={};p._ObjectID="UserSession";Object.defineProperty(p,"_callback",{value:o});Object.defineProperty(p,"_child",{value:require("child_process").execFile("/usr/bin/last",["last","-f","/var/run/utmp"])});p._child.Parent=p;p._child._txt="";p._child.on("exit",function(q){var u=this._txt.split("\n");var A=[];var D={};for(var t in u){if(u[t]){var B=getTokens(u[t]);var z={Username:B[0],SessionId:B[1]};if(B[3].includes("still logged in")){z.State="Active"}else{z.LastActive=B[3]}A.push(z)}}A.pop();var C={};var y=[];for(var t in A){if(A[t].Username!="reboot"){D[A[t].SessionId]=A[t];if(C[A[t].Username]==null){C[A[t].Username]=-1}}}try{require("promise")}catch(r){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(this.Parent._callback){this.Parent._callback.call(this.Parent,D)}return}var x=require("promise");for(var v in C){var w=new x(function(E,s){this.__username=v;this.__resolver=E;this.__rejector=s;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u",v]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(F){this._txt+=F.toString()});this.__child.on("exit",function(F){try{parseInt(this.stdout._txt)}catch(G){this.promise.__rejector("invalid uid");return}var H=parseInt(this.stdout._txt);this.promise.__resolver(H)})});y.push(w)}x.all(y).then(function(E){var F={};for(var s in E){F[E[s].__username]=E[s]._internal.completedArgs[0]}for(var s in D){D[s].uid=F[D[s].Username]}Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}},function(s){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}})});p._child.stdout.Parent=p._child;p._child.stdout.on("data",function(q){this.Parent._txt+=q.toString()});return(p)};this._recheckLoggedInUsers=function a(){this.enumerateUsers().then(function(o){if(o.Active.length>0){if(this.parent._linux_lock_watcher!=null&&this.parent._linux_lock_watcher.uid!=o.Active[0].uid){delete this.parent._linux_lock_watcher}this.parent._linux_lock_watcher=new g(process.env.XDG_CURRENT_DESKTOP=="Unity"?"com.ubuntu.Upstart0_6":"org.gnome.ScreenSaver",o.Active[0].uid);this.parent._linux_lock_watcher.user_session=this.parent;this.parent._linux_lock_watcher.on("signal",function(r){var q=this.user_session.enumerateUsers();q.signalData=r.data[0];q.then(function(p){switch(this.signalData){case true:case"desktop-lock":this.parent.emit("locked",p.Active[0]);break;case false:case"desktop-unlock":this.parent.emit("unlocked",p.Active[0]);break}})})}else{if(this.parent._linux_lock_watcher!=null){delete this.parent._linux_lock_watcher}}})};this.on("changed",this._recheckLoggedInUsers);this._recheckLoggedInUsers()}else{if(process.platform=="darwin"){this._users=function(){var o=require("child_process").execFile("/usr/bin/dscl",["dscl",".","list","/Users","UniqueID"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("exit\n");o.waitExit();var q=o.stdout.str.split("\n");var r,p;var s={};for(p=0;p0;++r){if(!u[s[r].split(" ")[0]]){try{u[s[r].split(" ")[0]]={Username:s[r].split(" ")[0],State:s[r].split("still logged in").length>1?"Active":"Inactive",uid:t.uid[s[r].split(" ")[0]]}}catch(q){}}else{if(u[s[r].split(" ")[0]].State!="Active"&&s[r].split("still logged in").length>1){u[s[r].split(" ")[0]].State="Active"}}}Object.defineProperty(u,"Active",{value:showActiveOnly(u)});if(o){o.call(this,u)}}}}}if(process.platform=="linux"||process.platform=="darwin"){this._self=function b(){var o=require("child_process").execFile("/usr/bin/id",["id","-u"]);o.stdout.str="";o.stdout.on("data",function(p){this.str+=p.toString()});o.waitExit();return(parseInt(o.stdout.str))};this.isRoot=function k(){return(this._self()==0)};this.consoleUid=function e(){var o=process.platform=="darwin"?"console":((process.env.DISPLAY)?process.env.DISPLAY:":0");var p=require("child_process").execFile("/bin/sh",["sh"]);p.stdout.str="";p.stdout.on("data",function(u){this.str+=u.toString()});p.stdin.write("who\nexit\n");p.waitExit();var s=p.stdout.str.split("\n");var t,q,r;for(q in s){t=s[q].split(" ");for(r=1;r0&&(t[r]==o||t[r]==("("+o+")"))){return(parseInt(this._users()[t[0]]))}}}throw ("nobody logged into console")}}}function showActiveOnly(c){var b=[];var e={};var f=[];var d;for(var a in c){if(c[a].State=="Active"){b.push(c[a]);d=(c[a].Domain?(c[a].Domain+"\\"):"")+c[a].Username;if(!e[d]){e[d]=d}}}for(var a in e){f.push(a)}Object.defineProperty(b,"usernames",{value:f});return(b)}function getTokens(d){var a=[];var b;a.push(d.substring(0,(b=d.indexOf(" "))));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}var c=d.substring(b).trim();a.push(c);return(a)}module.exports=new UserSessions(); \ No newline at end of file +var NOTIFY_FOR_THIS_SESSION=0;var NOTIFY_FOR_ALL_SESSIONS=1;var WM_WTSSESSION_CHANGE=689;var WM_POWERBROADCAST=536;var PBT_POWERSETTINGCHANGE=32787;var PBT_APMSUSPEND=4;var PBT_APMRESUMESUSPEND=7;var PBT_APMRESUMEAUTOMATIC=18;var PBT_APMPOWERSTATUSCHANGE=10;var WTS_CONSOLE_CONNECT=(1);var WTS_CONSOLE_DISCONNECT=(2);var WTS_REMOTE_CONNECT=(3);var WTS_REMOTE_DISCONNECT=(4);var WTS_SESSION_LOGON=(5);var WTS_SESSION_LOGOFF=(6);var WTS_SESSION_LOCK=(7);var WTS_SESSION_UNLOCK=(8);var WTS_SESSION_REMOTE_CONTROL=(9);var WTS_SESSION_CREATE=(10);var WTS_SESSION_TERMINATE=(11);var GUID_ACDC_POWER_SOURCE;var GUID_BATTERY_PERCENTAGE_REMAINING;var GUID_CONSOLE_DISPLAY_STATE;function UserSessions(){this._ObjectID="user-sessions";require("events").EventEmitter.call(this,true).createEvent("changed").createEvent("locked").createEvent("unlocked");this.enumerateUsers=function h(){var s=require("promise");var r=new s(function(t,p){this.__resolver=t;this.__rejector=p});r.__handler=function o(p){r.__resolver(p)};try{this.Current(r.__handler)}catch(q){r.__rejector(q)}r.parent=this;return(r)};if(process.platform=="win32"){this._serviceHooked=false;this._marshal=require("_GenericMarshal");this._kernel32=this._marshal.CreateNativeProxy("Kernel32.dll");this._kernel32.CreateMethod("GetLastError");try{this._wts=this._marshal.CreateNativeProxy("Wtsapi32.dll");this._wts.CreateMethod("WTSEnumerateSessionsA");this._wts.CreateMethod("WTSQuerySessionInformationA");this._wts.CreateMethod("WTSRegisterSessionNotification");this._wts.CreateMethod("WTSUnRegisterSessionNotification");this._wts.CreateMethod("WTSFreeMemory")}catch(i){}this._advapi=this._marshal.CreateNativeProxy("Advapi32.dll");this._advapi.CreateMethod("AllocateAndInitializeSid");this._advapi.CreateMethod("CheckTokenMembership");this._advapi.CreateMethod("FreeSid");this._user32=this._marshal.CreateNativeProxy("user32.dll");this._user32.CreateMethod({method:"RegisterPowerSettingNotification",threadDispatch:1});this._user32.CreateMethod("UnregisterPowerSettingNotification");this._rpcrt=this._marshal.CreateNativeProxy("Rpcrt4.dll");this._rpcrt.CreateMethod("UuidFromStringA");this._rpcrt.StringToUUID=function n(o){var p=n.us._marshal.CreateVariable(16);if(n.us._rpcrt.UuidFromStringA(n.us._marshal.CreateVariable(o),p).Val==0){return(p)}else{throw ("Could not convert string to UUID")}};this._rpcrt.StringToUUID.us=this;GUID_ACDC_POWER_SOURCE=this._rpcrt.StringToUUID("5d3e9a59-e9D5-4b00-a6bd-ff34ff516548");GUID_BATTERY_PERCENTAGE_REMAINING=this._rpcrt.StringToUUID("a7ad8041-b45a-4cae-87a3-eecbb468a9e1");GUID_CONSOLE_DISPLAY_STATE=this._rpcrt.StringToUUID("6fe69556-704a-47a0-8f24-c28d936fda47");this.SessionStates=["Active","Connected","ConnectQuery","Shadow","Disconnected","Idle","Listening","Reset","Down","Init"];this.InfoClass={WTSInitialProgram:0,WTSApplicationName:1,WTSWorkingDirectory:2,WTSOEMId:3,WTSSessionId:4,WTSUserName:5,WTSWinStationName:6,WTSDomainName:7,WTSConnectState:8,WTSClientBuildNumber:9,WTSClientName:10,WTSClientDirectory:11,WTSClientProductId:12,WTSClientHardwareId:13,WTSClientAddress:14,WTSClientDisplay:15,WTSClientProtocolType:16,WTSIdleTime:17,WTSLogonTime:18,WTSIncomingBytes:19,WTSOutgoingBytes:20,WTSIncomingFrames:21,WTSOutgoingFrames:22,WTSClientInfo:23,WTSSessionInfo:24,WTSSessionInfoEx:25,WTSConfigInfo:26,WTSValidationInfo:27,WTSSessionAddressV4:28,WTSIsRemoteSession:29};this.isRoot=function k(){var r=this._marshal.CreateVariable(6);r.toBuffer().writeInt8(5,5);var p=this._marshal.CreatePointer();var o=false;if(this._advapi.AllocateAndInitializeSid(r,2,32,544,0,0,0,0,0,0,p).Val!=0){var q=this._marshal.CreateInteger();if(this._advapi.CheckTokenMembership(0,p.Deref(),q).Val!=0){if(q.toBuffer().readUInt32LE()!=0){o=true}}this._advapi.FreeSid(p.Deref())}return o};this.getSessionAttribute=function j(s,o){var p=this._marshal.CreatePointer();var q=this._marshal.CreateVariable(4);if(this._wts.WTSQuerySessionInformationA(0,s,o,p,q).Val==0){throw ("Error calling WTSQuerySessionInformation: "+this._kernel32.GetLastError.Val)}var r=p.Deref().String;this._wts.WTSFreeMemory(p.Deref());return(r)};this.Current=function f(o){var u={};var t=this._marshal.CreatePointer();var p=this._marshal.CreateVariable(4);if(this._wts.WTSEnumerateSessionsA(0,0,1,t,p).Val==0){throw ("Error calling WTSEnumerateSessionsA: "+this._kernel32.GetLastError().Val)}for(var q=0;q= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[0]]=s[1]}}return(r)};this._uids=function c(){var o=require("child_process").execFile("/bin/sh",["sh"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("awk -F: '($3 >= 0) {printf \"%s:%s\\n\", $1, $3}' /etc/passwd\nexit\n");o.waitExit();var p=o.stdout.str.split("\n");var r={},s;for(var q in p){s=p[q].split(":");if(s[0]){r[s[1]]=s[0]}}return(r)};this.Self=function m(){var q=require("promise");var o=new q(function(r,p){this.__resolver=r;this.__rejector=p;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u"]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(s){this._txt+=s.toString()});this.__child.on("exit",function(s){try{parseInt(this.stdout._txt)}catch(t){this.promise.__rejector("invalid uid");return}var u=parseInt(this.stdout._txt);this.promise.__resolver(u)})});return(o)};this.Current=function f(o){var p={};p._ObjectID="UserSession";Object.defineProperty(p,"_callback",{value:o});Object.defineProperty(p,"_child",{value:require("child_process").execFile("/usr/bin/last",["last","-f","/var/run/utmp"])});p._child.Parent=p;p._child._txt="";p._child.on("exit",function(q){var u=this._txt.split("\n");var A=[];var D={};for(var t in u){if(u[t]){var B=getTokens(u[t]);var z={Username:B[0],SessionId:B[1]};if(B[3].includes("still logged in")){z.State="Active"}else{z.LastActive=B[3]}A.push(z)}}A.pop();var C={};var y=[];for(var t in A){if(A[t].Username!="reboot"){D[A[t].SessionId]=A[t];if(C[A[t].Username]==null){C[A[t].Username]=-1}}}try{require("promise")}catch(r){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(this.Parent._callback){this.Parent._callback.call(this.Parent,D)}return}var x=require("promise");for(var v in C){var w=new x(function(E,s){this.__username=v;this.__resolver=E;this.__rejector=s;this.__child=require("child_process").execFile("/usr/bin/id",["id","-u",v]);this.__child.promise=this;this.__child.stdout._txt="";this.__child.stdout.on("data",function(F){this._txt+=F.toString()});this.__child.on("exit",function(F){try{parseInt(this.stdout._txt)}catch(G){this.promise.__rejector("invalid uid");return}var H=parseInt(this.stdout._txt);this.promise.__resolver(H)})});y.push(w)}x.all(y).then(function(E){var F={};for(var s in E){F[E[s].__username]=E[s]._internal.completedArgs[0]}for(var s in D){D[s].uid=F[D[s].Username]}Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}},function(s){Object.defineProperty(D,"Active",{value:showActiveOnly(D)});if(p._callback){p._callback.call(p,D)}})});p._child.stdout.Parent=p._child;p._child.stdout.on("data",function(q){this.Parent._txt+=q.toString()});return(p)};this._recheckLoggedInUsers=function a(){this.enumerateUsers().then(function(o){if(o.Active.length>0){if(this.parent._linux_lock_watcher!=null&&this.parent._linux_lock_watcher.uid!=o.Active[0].uid){delete this.parent._linux_lock_watcher}this.parent._linux_lock_watcher=new g(process.env.XDG_CURRENT_DESKTOP=="Unity"?"com.ubuntu.Upstart0_6":"org.gnome.ScreenSaver",o.Active[0].uid);this.parent._linux_lock_watcher.user_session=this.parent;this.parent._linux_lock_watcher.on("signal",function(r){var q=this.user_session.enumerateUsers();q.signalData=r.data[0];q.then(function(p){switch(this.signalData){case true:case"desktop-lock":this.parent.emit("locked",p.Active[0]);break;case false:case"desktop-unlock":this.parent.emit("unlocked",p.Active[0]);break}})})}else{if(this.parent._linux_lock_watcher!=null){delete this.parent._linux_lock_watcher}}})};this.on("changed",this._recheckLoggedInUsers);this._recheckLoggedInUsers()}else{if(process.platform=="darwin"){this._users=function(){var o=require("child_process").execFile("/usr/bin/dscl",["dscl",".","list","/Users","UniqueID"]);o.stdout.str="";o.stdout.on("data",function(t){this.str+=t.toString()});o.stdin.write("exit\n");o.waitExit();var q=o.stdout.str.split("\n");var r,p;var s={};for(p=0;p0;++r){if(!u[s[r].split(" ")[0]]){try{u[s[r].split(" ")[0]]={Username:s[r].split(" ")[0],State:s[r].split("still logged in").length>1?"Active":"Inactive",uid:t.uid[s[r].split(" ")[0]]}}catch(q){}}else{if(u[s[r].split(" ")[0]].State!="Active"&&s[r].split("still logged in").length>1){u[s[r].split(" ")[0]].State="Active"}}}Object.defineProperty(u,"Active",{value:showActiveOnly(u)});if(o){o.call(this,u)}}}}}if(process.platform=="linux"||process.platform=="darwin"){this._self=function b(){var o=require("child_process").execFile("/usr/bin/id",["id","-u"]);o.stdout.str="";o.stdout.on("data",function(p){this.str+=p.toString()});o.waitExit();return(parseInt(o.stdout.str))};this.isRoot=function k(){return(this._self()==0)};this.consoleUid=function e(){var o=process.platform=="darwin"?"console":((process.env.DISPLAY)?process.env.DISPLAY:":0");var p=require("child_process").execFile("/bin/sh",["sh"]);p.stdout.str="";p.stdout.on("data",function(u){this.str+=u.toString()});p.stdin.write("who\nexit\n");p.waitExit();var s=p.stdout.str.split("\n");var t,q,r;for(q in s){t=s[q].split(" ");for(r=1;r0&&(t[r]==o||t[r]==("("+o+")"))){return(parseInt(this._users()[t[0]]))}}}throw ("nobody logged into console")}}}function showActiveOnly(c){var b=[];var e={};var f=[];var d;for(var a in c){if(c[a].State=="Active"){b.push(c[a]);d=(c[a].Domain?(c[a].Domain+"\\"):"")+c[a].Username;if(!e[d]){e[d]=d}}}for(var a in e){f.push(a)}Object.defineProperty(b,"usernames",{value:f});return(b)}function getTokens(d){var a=[];var b;a.push(d.substring(0,(b=d.indexOf(" "))));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}a.push(d.substring(b,(b=d.substring(b).indexOf(" ")+b)));while(d[++b]==" "){}var c=d.substring(b).trim();a.push(c);return(a)}module.exports=new UserSessions(); \ No newline at end of file diff --git a/agents/modules_meshcore_min/win-registry.min.js b/agents/modules_meshcore_min/win-registry.min.js index fec4cb51..a1f562a2 100644 --- a/agents/modules_meshcore_min/win-registry.min.js +++ b/agents/modules_meshcore_min/win-registry.min.js @@ -1 +1 @@ -var KEY_QUERY_VALUE=1;var KEY_WRITE=131078;var KEY_DATA_TYPES={REG_NONE:0,REG_SZ:1,REG_EXPAND_SZ:2,REG_BINARY:3,REG_DWORD:4,REG_DWORD_BIG_ENDIAN:5,REG_LINK:6,REG_MULTI_SZ:7,REG_RESOURCE_LIST:8,REG_FULL_RESOURCE_DESCRIPTOR:9,REG_RESOURCE_REQUIREMENTS_LIST:10,REG_QWORD:11};function windows_registry(){this._ObjectId="win-registry";this._marshal=require("_GenericMarshal");this._AdvApi=this._marshal.CreateNativeProxy("Advapi32.dll");this._AdvApi.CreateMethod("RegCreateKeyExA");this._AdvApi.CreateMethod("RegOpenKeyExA");this._AdvApi.CreateMethod("RegQueryValueExA");this._AdvApi.CreateMethod("RegCloseKey");this._AdvApi.CreateMethod("RegDeleteKeyA");this._AdvApi.CreateMethod("RegDeleteValueA");this._AdvApi.CreateMethod("RegSetValueExA");this.HKEY={Root:Buffer.from("80000000","hex").swap32(),CurrentUser:Buffer.from("80000001","hex").swap32(),LocalMachine:Buffer.from("80000002","hex").swap32(),Users:Buffer.from("80000003","hex").swap32()};this.QueryKey=function b(g,k,i){var e=this._marshal.CreatePointer();var j=this._marshal.CreateVariable(4);var m=this._marshal.CreateVariable(4);i=this._marshal.CreateVariable(i);var f=this._marshal.CreatePointer(g);var l=null;if(this._AdvApi.RegOpenKeyExA(f,this._marshal.CreateVariable(k),0,KEY_QUERY_VALUE,e).Val!=0){throw ("Error Opening Registry Key: "+k)}if(this._AdvApi.RegQueryValueExA(e.Deref(),i,0,0,0,j).Val==0){var d=this._marshal.CreateVariable(j.toBuffer().readUInt32LE());if(this._AdvApi.RegQueryValueExA(e.Deref(),i,0,m,d,j).Val==0){switch(m.toBuffer().readUInt32LE()){case KEY_DATA_TYPES.REG_DWORD:l=d.toBuffer().readUInt32LE();break;case KEY_DATA_TYPES.REG_DWORD_BIG_ENDIAN:l=d.toBuffer().readUInt32BE();break;case KEY_DATA_TYPES.REG_SZ:l=d.String;break;case KEY_DATA_TYPES.REG_BINARY:default:l=d.toBuffer();l._data=d;break}}}else{this._AdvApi.RegCloseKey(e.Deref());throw ("Not Found")}this._AdvApi.RegCloseKey(e.Deref());return(l)};this.WriteKey=function c(g,j,i,l){var k;var f=this._marshal.CreatePointer();if(this._AdvApi.RegCreateKeyExA(this._marshal.CreatePointer(g),this._marshal.CreateVariable(j),0,0,0,KEY_WRITE,0,f,0).Val!=0){throw ("Error Opening Registry Key: "+j)}var d;var e;switch(typeof(l)){case"boolean":e=KEY_DATA_TYPES.REG_DWORD;d=this._marshal.CreateVariable(4);d.toBuffer().writeUInt32LE(l?1:0);break;case"number":e=KEY_DATA_TYPES.REG_DWORD;d=this._marshal.CreateVariable(4);d.toBuffer().writeUInt32LE(l);break;case"string":e=KEY_DATA_TYPES.REG_SZ;d=this._marshal.CreateVariable(l);break;default:e=KEY_DATA_TYPES.REG_BINARY;d=this._marshal.CreateVariable(l.length);l.copy(d.toBuffer());break}if(this._AdvApi.RegSetValueExA(f.Deref(),this._marshal.CreateVariable(i),0,e,d,d._size).Val!=0){this._AdvApi.RegCloseKey(f.Deref());throw ("Error writing reg key: "+i)}this._AdvApi.RegCloseKey(f.Deref())};this.DeleteKey=function a(e,g,f){if(!f){if(this._AdvApi.RegDeleteKeyA(this._marshal.CreatePointer(e),this._marshal.CreateVariable(g)).Val!=0){throw ("Error Deleting Key: "+g)}}else{var d=this._marshal.CreatePointer();var i;if(this._AdvApi.RegOpenKeyExA(this._marshal.CreatePointer(e),this._marshal.CreateVariable(g),0,KEY_QUERY_VALUE|KEY_WRITE,d).Val!=0){throw ("Error Opening Registry Key: "+g)}if((i=this._AdvApi.RegDeleteValueA(d.Deref(),this._marshal.CreateVariable(f)).Val)!=0){this._AdvApi.RegCloseKey(d.Deref());throw ("Error["+i+"] Deleting Key: "+g+"."+f)}this._AdvApi.RegCloseKey(d.Deref())}}}module.exports=new windows_registry(); \ No newline at end of file +var KEY_QUERY_VALUE=1;var KEY_ENUMERATE_SUB_KEYS=8;var KEY_WRITE=131078;var KEY_DATA_TYPES={REG_NONE:0,REG_SZ:1,REG_EXPAND_SZ:2,REG_BINARY:3,REG_DWORD:4,REG_DWORD_BIG_ENDIAN:5,REG_LINK:6,REG_MULTI_SZ:7,REG_RESOURCE_LIST:8,REG_FULL_RESOURCE_DESCRIPTOR:9,REG_RESOURCE_REQUIREMENTS_LIST:10,REG_QWORD:11};function windows_registry(){this._ObjectId="win-registry";this._marshal=require("_GenericMarshal");this._AdvApi=this._marshal.CreateNativeProxy("Advapi32.dll");this._AdvApi.CreateMethod("RegCreateKeyExA");this._AdvApi.CreateMethod("RegEnumKeyExA");this._AdvApi.CreateMethod("RegEnumValueA");this._AdvApi.CreateMethod("RegOpenKeyExA");this._AdvApi.CreateMethod("RegQueryInfoKeyA");this._AdvApi.CreateMethod("RegQueryValueExA");this._AdvApi.CreateMethod("RegCloseKey");this._AdvApi.CreateMethod("RegDeleteKeyA");this._AdvApi.CreateMethod("RegDeleteValueA");this._AdvApi.CreateMethod("RegSetValueExA");this.HKEY={Root:Buffer.from("80000000","hex").swap32(),CurrentUser:Buffer.from("80000001","hex").swap32(),LocalMachine:Buffer.from("80000002","hex").swap32(),Users:Buffer.from("80000003","hex").swap32()};this.QueryKey=function b(o,A,q){var l;var m=this._marshal.CreatePointer();var s=this._marshal.CreateVariable(4);var E=this._marshal.CreateVariable(4);var n=this._marshal.CreatePointer(o);var C=null;if(q){q=this._marshal.CreateVariable(q)}if(!A){A=""}if((l=this._AdvApi.RegOpenKeyExA(n,this._marshal.CreateVariable(A),0,KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS,m).Val)!=0){throw ("Opening Registry Key: "+A+" => Returned Error: "+l)}if((A==""&&!q)||!q){var B={subkeys:[],values:[]};var d=this._marshal.CreateVariable(1024);var f=this._marshal.CreateVariable(1024);var g=this._marshal.CreateVariable(32768);var j=this._marshal.CreateVariable(4);var x=this._marshal.CreateVariable(4);var e=this._marshal.CreateVariable(4);e.toBuffer().writeUInt32LE(1024);var y=this._marshal.CreateVariable(4);var z=this._marshal.CreateVariable(4);var u=this._marshal.CreateVariable(4);var t=this._marshal.CreateVariable(4);var w=this._marshal.CreateVariable(4);var v=this._marshal.CreateVariable(4);var D=this._marshal.CreateVariable(4);var r=this._marshal.CreateVariable(8);C=this._AdvApi.RegQueryInfoKeyA(m.Deref(),d,e,0,y,u,t,z,w,v,D,r);if(C.Val!=0){throw ("RegQueryInfoKeyA() returned error: "+C.Val)}for(var p=0;p -