metasploit-payloads 2.0.111 → 2.0.113

Sign up to get free protection for your applications and to get access to all the features.
Files changed (77) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +6 -7
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/meterpreter.py +44 -17
  66. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  67. data/data/meterpreter/metsrv.x64.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  69. data/data/meterpreter/metsrv.x86.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  71. data/data/meterpreter/screenshot.x64.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  73. data/data/meterpreter/screenshot.x86.dll +0 -0
  74. data/lib/metasploit-payloads/version.rb +1 -1
  75. data.tar.gz.sig +0 -0
  76. metadata +2 -2
  77. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7909c1b37004dee1af5bed7dbe25381e5a3fcaba7a7d0ee4101f5e518aef6a36
4
- data.tar.gz: e438b3747393682ffe47594ce438ed27086781602b524071aa73c51f7477e07a
3
+ metadata.gz: 2dc5e006186337d50009cb0436f562ab25cc109867c07a6cde0734e29aa1a0ab
4
+ data.tar.gz: 024611f12e3b854a9a033d7d76d284773ebb434cf491118254231fe999301a10
5
5
  SHA512:
6
- metadata.gz: cda77751aa1547b93c6be12c0fe4fbedafa915bf5f34a1931d6bef4e44ad6c7c0a89a96fbe6b4878c050a196aa9fd6032800341a38826b5718d0fa3695772240
7
- data.tar.gz: d40c9e8db0fd4d02e8f8e807fc26ce095b6703548de0c74cce5ad514a9082cee4ebe3b0010d4f2ab1b978d93c79c7184249540839e52f89b1b3bdb7bc8c594b4
6
+ metadata.gz: 95ff44c78979d456f703e7ceffbb93354e04526ec0ba1e20d1e9ef5e4cac0cebec34cbf1b5e69ae02a9fd3a2bd39557e8f7f69c1f9fbcca09a3c6d7cbc49dbb7
7
+ data.tar.gz: d95484a3f3c8cf1e916d0c2033854567c54499fd3d97bcbcd79ca0968e227725218067b9f39feefdbf3c169bfef39baaec208ab9d94d2149d9d271e447dd631c
checksums.yaml.gz.sig CHANGED
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -743,6 +743,7 @@ PROCESS_TERMINATE = 0x0001
743
743
  PROCESS_VM_READ = 0x0010
744
744
  PROCESS_QUERY_INFORMATION = 0x0400
745
745
  PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
746
+ PROCESS_ALL_ACCESS = 0x1fffff
746
747
  VER_NT_WORKSTATION = 0x0001
747
748
  VER_NT_DOMAIN_CONTROLLER = 0x0002
748
749
  VER_NT_SERVER = 0x0003
@@ -1334,13 +1335,10 @@ def stdapi_sys_config_sysinfo(request, response):
1334
1335
 
1335
1336
  @register_function
1336
1337
  def stdapi_sys_process_close(request, response):
1337
- proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
1338
+ proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']
1338
1339
  if not proc_h_id:
1339
1340
  return ERROR_SUCCESS, response
1340
- proc_h_id = proc_h_id['value']
1341
- if proc_h_id in meterpreter.processes:
1342
- del meterpreter.processes[proc_h_id]
1343
- if not meterpreter.close_channel(proc_h_id):
1341
+ if not meterpreter.close_process(proc_h_id):
1344
1342
  return ERROR_FAILURE, response
1345
1343
  return ERROR_SUCCESS, response
1346
1344
 
@@ -1383,6 +1381,7 @@ def stdapi_sys_process_execute(request, response):
1383
1381
  proc_h.start()
1384
1382
  else:
1385
1383
  proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
1384
+
1386
1385
  proc_h_id = meterpreter.add_process(proc_h)
1387
1386
  response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
1388
1387
  response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
@@ -1865,7 +1864,7 @@ def stdapi_net_config_get_arp_table(request, response):
1865
1864
  result = GetIpNetTable(ipnet_table, size, False)
1866
1865
 
1867
1866
  if result == ERROR_INSUFFICIENT_BUFFER:
1868
- ipnet_table = ctypes.cast(ctypes.create_string_buffer(b'', size.value), ctypes.c_void_p)
1867
+ ipnet_table = ctypes.cast(ctypes.create_string_buffer(bytes(), size.value), ctypes.c_void_p)
1869
1868
 
1870
1869
  elif result != ERROR_SUCCESS and result != ERROR_NO_DATA:
1871
1870
  return error_result_windows(result), response
@@ -1882,7 +1881,7 @@ def stdapi_net_config_get_arp_table(request, response):
1882
1881
  ('dwNumEntries', ctypes.c_uint32),
1883
1882
  ('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
1884
1883
  ]
1885
-
1884
+
1886
1885
  ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
1887
1886
  for ipnet_row in ipnet_table.contents.table:
1888
1887
  if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):
@@ -361,18 +361,19 @@ if DEBUGGING:
361
361
  file_handler.setLevel(logging.DEBUG)
362
362
  logging.getLogger().addHandler(file_handler)
363
363
 
364
- class SYSTEM_INFO(ctypes.Structure):
365
- _fields_ = [("wProcessorArchitecture", ctypes.c_uint16),
366
- ("wReserved", ctypes.c_uint16),
367
- ("dwPageSize", ctypes.c_uint32),
368
- ("lpMinimumApplicationAddress", ctypes.c_void_p),
369
- ("lpMaximumApplicationAddress", ctypes.c_void_p),
370
- ("dwActiveProcessorMask", ctypes.c_uint32),
371
- ("dwNumberOfProcessors", ctypes.c_uint32),
372
- ("dwProcessorType", ctypes.c_uint32),
373
- ("dwAllocationGranularity", ctypes.c_uint32),
374
- ("wProcessorLevel", ctypes.c_uint16),
375
- ("wProcessorRevision", ctypes.c_uint16)]
364
+ if has_windll:
365
+ class SYSTEM_INFO(ctypes.Structure):
366
+ _fields_ = [("wProcessorArchitecture", ctypes.c_uint16),
367
+ ("wReserved", ctypes.c_uint16),
368
+ ("dwPageSize", ctypes.c_uint32),
369
+ ("lpMinimumApplicationAddress", ctypes.c_void_p),
370
+ ("lpMaximumApplicationAddress", ctypes.c_void_p),
371
+ ("dwActiveProcessorMask", ctypes.c_uint32),
372
+ ("dwNumberOfProcessors", ctypes.c_uint32),
373
+ ("dwProcessorType", ctypes.c_uint32),
374
+ ("dwAllocationGranularity", ctypes.c_uint32),
375
+ ("wProcessorLevel", ctypes.c_uint16),
376
+ ("wProcessorRevision", ctypes.c_uint16)]
376
377
 
377
378
  def rand_bytes(n):
378
379
  return os.urandom(n)
@@ -1259,11 +1260,37 @@ class PythonMeterpreter(object):
1259
1260
  return idx
1260
1261
 
1261
1262
  def add_process(self, process):
1262
- idx = self.next_process_id
1263
- self.processes[idx] = process
1264
- debug_print('[*] added process id: ' + str(idx))
1265
- self.next_process_id += 1
1266
- return idx
1263
+ if has_windll:
1264
+ PROCESS_ALL_ACCESS = 0x1fffff
1265
+ OpenProcess = ctypes.windll.kernel32.OpenProcess
1266
+ OpenProcess.argtypes = [ctypes.c_ulong, ctypes.c_long, ctypes.c_ulong]
1267
+ OpenProcess.restype = ctypes.c_void_p
1268
+ handle = OpenProcess(PROCESS_ALL_ACCESS, False, process.pid)
1269
+ else:
1270
+ handle = self.next_process_id
1271
+ self.next_process_id += 1
1272
+ self.processes[handle] = process
1273
+ debug_print('[*] added process id: ' + str(process.pid) + ', handle: ' + str(handle))
1274
+ return handle
1275
+
1276
+ def close_process(self, proc_h_id):
1277
+ proc_h = self.processes.pop(proc_h_id, None)
1278
+ if not proc_h:
1279
+ return False
1280
+ for channel_id, channel in self.channels.items():
1281
+ if not isinstance(channel, MeterpreterProcess):
1282
+ continue
1283
+ if not channel.proc_h is proc_h:
1284
+ continue
1285
+ self.close_channel(channel_id)
1286
+ break
1287
+ if has_windll:
1288
+ CloseHandle = ctypes.windll.kernel32.CloseHandle
1289
+ CloseHandle.argtypes = [ctypes.c_void_p]
1290
+ CloseHandle.restype = ctypes.c_long
1291
+ CloseHandle(proc_h_id)
1292
+ debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
1293
+ return True
1267
1294
 
1268
1295
  def close_channel(self, channel_id):
1269
1296
  if channel_id not in self.channels:
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.111'
3
+ VERSION = '2.0.113'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.111
4
+ version: 2.0.113
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2023-02-16 00:00:00.000000000 Z
99
+ date: 2023-02-24 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
Binary file