metasploit-payloads 2.0.104 → 2.0.105
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +33 -15
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +1 -1
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 492cb2174246773050bdb8303448ea5f024ccaec9eb89ec14c4670019045a0a5
|
4
|
+
data.tar.gz: 82b26b9fa4527322c301bf6a69b894f726ff6ca2e91b2cb019a63444a3ebbf5c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 273f6a11ae840e161193c80c9e3048bad2cb2fdd4c264da34213fde52051fadfc59227f04cbe5ffd027b2c8e0bdf23ce5d75ddc2032814f9df859e63294addce
|
7
|
+
data.tar.gz: 6c44af6c8672acbbf5b9d32a66c81365e9ea8f60bd49e1099475f31fc50e3d5fd68be0241e8ca41a9526896c445cdb3ae6fe1633fb4a32a8f38acf4a5f9715a2
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -1440,7 +1440,10 @@ def stdapi_sys_power_exitwindows(request, response):
|
|
1440
1440
|
@register_function_if(has_windll)
|
1441
1441
|
def stdapi_sys_eventlog_open(request, response):
|
1442
1442
|
source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
|
1443
|
-
|
1443
|
+
OpenEventLogA = ctypes.windll.advapi32.OpenEventLogA
|
1444
|
+
OpenEventLogA.argtypes = [ctypes.c_char_p, ctypes.c_char_p]
|
1445
|
+
OpenEventLogA.restype = ctypes.c_void_p
|
1446
|
+
handle = OpenEventLogA(None, bytes(source_name, 'UTF-8'))
|
1444
1447
|
if not handle:
|
1445
1448
|
return error_result_windows(), response
|
1446
1449
|
response += tlv_pack(TLV_TYPE_EVENT_HANDLE, handle)
|
@@ -1451,13 +1454,15 @@ def stdapi_sys_eventlog_read(request, response):
|
|
1451
1454
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
1452
1455
|
flags = packet_get_tlv(request, TLV_TYPE_EVENT_READFLAGS)['value']
|
1453
1456
|
offset = packet_get_tlv(request, TLV_TYPE_EVENT_RECORDOFFSET)['value']
|
1454
|
-
|
1455
|
-
|
1456
|
-
|
1457
|
-
|
1457
|
+
bytes_read = ctypes.c_uint32(0)
|
1458
|
+
bytes_needed = ctypes.c_uint32(0)
|
1459
|
+
ReadEventLogA = ctypes.windll.advapi32.ReadEventLogA
|
1460
|
+
ReadEventLogA.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.c_uint32, ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(ctypes.c_uint32), ctypes.POINTER(ctypes.c_uint32)]
|
1461
|
+
ReadEventLogA.restype = ctypes.c_bool
|
1462
|
+
if ReadEventLogA(handle, flags, offset, ctypes.byref(bytes_read), 0, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
|
1458
1463
|
return error_result_windows(), response
|
1459
|
-
buf = ctypes.
|
1460
|
-
if not
|
1464
|
+
buf = (ctypes.c_uint8 * bytes_needed.value)()
|
1465
|
+
if not ReadEventLogA(handle, flags, offset, buf, bytes_needed, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
|
1461
1466
|
return error_result_windows(), response
|
1462
1467
|
record = ctstruct_unpack(EVENTLOGRECORD, buf)
|
1463
1468
|
response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, record.RecordNumber)
|
@@ -1466,8 +1471,9 @@ def stdapi_sys_eventlog_read(request, response):
|
|
1466
1471
|
response += tlv_pack(TLV_TYPE_EVENT_ID, record.EventID)
|
1467
1472
|
response += tlv_pack(TLV_TYPE_EVENT_TYPE, record.EventType)
|
1468
1473
|
response += tlv_pack(TLV_TYPE_EVENT_CATEGORY, record.EventCategory)
|
1469
|
-
response += tlv_pack(TLV_TYPE_EVENT_DATA, buf
|
1470
|
-
|
1474
|
+
response += tlv_pack(TLV_TYPE_EVENT_DATA, ctarray_to_bytes(buf[record.DataOffset:record.DataOffset + record.DataLength]))
|
1475
|
+
event_string_buf = (ctypes.c_uint8 * len(buf[record.StringOffset:]))(*buf[record.StringOffset:])
|
1476
|
+
event_strings = ctarray_to_bytes(event_string_buf).split(NULL_BYTE, record.NumStrings)[:record.NumStrings]
|
1471
1477
|
for event_string in event_strings:
|
1472
1478
|
response += tlv_pack(TLV_TYPE_EVENT_STRING, event_string)
|
1473
1479
|
return ERROR_SUCCESS, response
|
@@ -1475,14 +1481,20 @@ def stdapi_sys_eventlog_read(request, response):
|
|
1475
1481
|
@register_function_if(has_windll)
|
1476
1482
|
def stdapi_sys_eventlog_clear(request, response):
|
1477
1483
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
1478
|
-
|
1484
|
+
ClearEventLogA = ctypes.windll.advapi32.ClearEventLogA
|
1485
|
+
ClearEventLogA.argtypes = [ctypes.c_void_p, ctypes.c_char_p]
|
1486
|
+
ClearEventLogA.restype = ctypes.c_bool
|
1487
|
+
if not ClearEventLogA(handle, None):
|
1479
1488
|
return error_result_windows(), response
|
1480
1489
|
return ERROR_SUCCESS, response
|
1481
1490
|
|
1482
1491
|
@register_function_if(has_windll)
|
1483
1492
|
def stdapi_sys_eventlog_numrecords(request, response):
|
1484
1493
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
1485
|
-
total = ctypes.
|
1494
|
+
total = ctypes.c_uint32(0)
|
1495
|
+
GetNumberOfEventLogRecords = ctypes.windll.advapi32.GetNumberOfEventLogRecords
|
1496
|
+
GetNumberOfEventLogRecords.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_uint32)]
|
1497
|
+
GetNumberOfEventLogRecords.restype = ctypes.c_bool
|
1486
1498
|
if not ctypes.windll.advapi32.GetNumberOfEventLogRecords(handle, ctypes.byref(total)):
|
1487
1499
|
return error_result_windows(), response
|
1488
1500
|
response += tlv_pack(TLV_TYPE_EVENT_NUMRECORDS, total.value)
|
@@ -1491,16 +1503,22 @@ def stdapi_sys_eventlog_numrecords(request, response):
|
|
1491
1503
|
@register_function_if(has_windll)
|
1492
1504
|
def stdapi_sys_eventlog_oldest(request, response):
|
1493
1505
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
1494
|
-
|
1495
|
-
|
1506
|
+
GetOldestEventLogRecord = ctypes.windll.advapi32.GetOldestEventLogRecord
|
1507
|
+
GetOldestEventLogRecord.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_uint32)]
|
1508
|
+
GetOldestEventLogRecord.restype = ctypes.c_bool
|
1509
|
+
oldest = ctypes.c_uint32(0)
|
1510
|
+
if not GetOldestEventLogRecord(handle, ctypes.byref(oldest)):
|
1496
1511
|
return error_result_windows(), response
|
1497
|
-
response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest)
|
1512
|
+
response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest.value)
|
1498
1513
|
return ERROR_SUCCESS, response
|
1499
1514
|
|
1500
1515
|
@register_function_if(has_windll)
|
1501
1516
|
def stdapi_sys_eventlog_close(request, response):
|
1502
1517
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
1503
|
-
|
1518
|
+
CloseEventLog = ctypes.windll.advapi32.CloseEventLog
|
1519
|
+
CloseEventLog.argtypes = [ctypes.c_void_p]
|
1520
|
+
CloseEventLog.restype = ctypes.c_bool
|
1521
|
+
if not CloseEventLog(handle):
|
1504
1522
|
return error_result_windows(), response
|
1505
1523
|
return ERROR_SUCCESS, response
|
1506
1524
|
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
metadata.gz.sig
CHANGED
Binary file
|