metasploit-payloads 2.0.111 → 2.0.113
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +6 -7
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/meterpreter.py +44 -17
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2dc5e006186337d50009cb0436f562ab25cc109867c07a6cde0734e29aa1a0ab
|
4
|
+
data.tar.gz: 024611f12e3b854a9a033d7d76d284773ebb434cf491118254231fe999301a10
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 95ff44c78979d456f703e7ceffbb93354e04526ec0ba1e20d1e9ef5e4cac0cebec34cbf1b5e69ae02a9fd3a2bd39557e8f7f69c1f9fbcca09a3c6d7cbc49dbb7
|
7
|
+
data.tar.gz: d95484a3f3c8cf1e916d0c2033854567c54499fd3d97bcbcd79ca0968e227725218067b9f39feefdbf3c169bfef39baaec208ab9d94d2149d9d271e447dd631c
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -743,6 +743,7 @@ PROCESS_TERMINATE = 0x0001
|
|
743
743
|
PROCESS_VM_READ = 0x0010
|
744
744
|
PROCESS_QUERY_INFORMATION = 0x0400
|
745
745
|
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
|
746
|
+
PROCESS_ALL_ACCESS = 0x1fffff
|
746
747
|
VER_NT_WORKSTATION = 0x0001
|
747
748
|
VER_NT_DOMAIN_CONTROLLER = 0x0002
|
748
749
|
VER_NT_SERVER = 0x0003
|
@@ -1334,13 +1335,10 @@ def stdapi_sys_config_sysinfo(request, response):
|
|
1334
1335
|
|
1335
1336
|
@register_function
|
1336
1337
|
def stdapi_sys_process_close(request, response):
|
1337
|
-
proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
|
1338
|
+
proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']
|
1338
1339
|
if not proc_h_id:
|
1339
1340
|
return ERROR_SUCCESS, response
|
1340
|
-
|
1341
|
-
if proc_h_id in meterpreter.processes:
|
1342
|
-
del meterpreter.processes[proc_h_id]
|
1343
|
-
if not meterpreter.close_channel(proc_h_id):
|
1341
|
+
if not meterpreter.close_process(proc_h_id):
|
1344
1342
|
return ERROR_FAILURE, response
|
1345
1343
|
return ERROR_SUCCESS, response
|
1346
1344
|
|
@@ -1383,6 +1381,7 @@ def stdapi_sys_process_execute(request, response):
|
|
1383
1381
|
proc_h.start()
|
1384
1382
|
else:
|
1385
1383
|
proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
1384
|
+
|
1386
1385
|
proc_h_id = meterpreter.add_process(proc_h)
|
1387
1386
|
response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
|
1388
1387
|
response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
|
@@ -1865,7 +1864,7 @@ def stdapi_net_config_get_arp_table(request, response):
|
|
1865
1864
|
result = GetIpNetTable(ipnet_table, size, False)
|
1866
1865
|
|
1867
1866
|
if result == ERROR_INSUFFICIENT_BUFFER:
|
1868
|
-
ipnet_table = ctypes.cast(ctypes.create_string_buffer(
|
1867
|
+
ipnet_table = ctypes.cast(ctypes.create_string_buffer(bytes(), size.value), ctypes.c_void_p)
|
1869
1868
|
|
1870
1869
|
elif result != ERROR_SUCCESS and result != ERROR_NO_DATA:
|
1871
1870
|
return error_result_windows(result), response
|
@@ -1882,7 +1881,7 @@ def stdapi_net_config_get_arp_table(request, response):
|
|
1882
1881
|
('dwNumEntries', ctypes.c_uint32),
|
1883
1882
|
('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
|
1884
1883
|
]
|
1885
|
-
|
1884
|
+
|
1886
1885
|
ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
|
1887
1886
|
for ipnet_row in ipnet_table.contents.table:
|
1888
1887
|
if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -361,18 +361,19 @@ if DEBUGGING:
|
|
361
361
|
file_handler.setLevel(logging.DEBUG)
|
362
362
|
logging.getLogger().addHandler(file_handler)
|
363
363
|
|
364
|
-
|
365
|
-
|
366
|
-
("
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
|
375
|
-
|
364
|
+
if has_windll:
|
365
|
+
class SYSTEM_INFO(ctypes.Structure):
|
366
|
+
_fields_ = [("wProcessorArchitecture", ctypes.c_uint16),
|
367
|
+
("wReserved", ctypes.c_uint16),
|
368
|
+
("dwPageSize", ctypes.c_uint32),
|
369
|
+
("lpMinimumApplicationAddress", ctypes.c_void_p),
|
370
|
+
("lpMaximumApplicationAddress", ctypes.c_void_p),
|
371
|
+
("dwActiveProcessorMask", ctypes.c_uint32),
|
372
|
+
("dwNumberOfProcessors", ctypes.c_uint32),
|
373
|
+
("dwProcessorType", ctypes.c_uint32),
|
374
|
+
("dwAllocationGranularity", ctypes.c_uint32),
|
375
|
+
("wProcessorLevel", ctypes.c_uint16),
|
376
|
+
("wProcessorRevision", ctypes.c_uint16)]
|
376
377
|
|
377
378
|
def rand_bytes(n):
|
378
379
|
return os.urandom(n)
|
@@ -1259,11 +1260,37 @@ class PythonMeterpreter(object):
|
|
1259
1260
|
return idx
|
1260
1261
|
|
1261
1262
|
def add_process(self, process):
|
1262
|
-
|
1263
|
-
|
1264
|
-
|
1265
|
-
|
1266
|
-
|
1263
|
+
if has_windll:
|
1264
|
+
PROCESS_ALL_ACCESS = 0x1fffff
|
1265
|
+
OpenProcess = ctypes.windll.kernel32.OpenProcess
|
1266
|
+
OpenProcess.argtypes = [ctypes.c_ulong, ctypes.c_long, ctypes.c_ulong]
|
1267
|
+
OpenProcess.restype = ctypes.c_void_p
|
1268
|
+
handle = OpenProcess(PROCESS_ALL_ACCESS, False, process.pid)
|
1269
|
+
else:
|
1270
|
+
handle = self.next_process_id
|
1271
|
+
self.next_process_id += 1
|
1272
|
+
self.processes[handle] = process
|
1273
|
+
debug_print('[*] added process id: ' + str(process.pid) + ', handle: ' + str(handle))
|
1274
|
+
return handle
|
1275
|
+
|
1276
|
+
def close_process(self, proc_h_id):
|
1277
|
+
proc_h = self.processes.pop(proc_h_id, None)
|
1278
|
+
if not proc_h:
|
1279
|
+
return False
|
1280
|
+
for channel_id, channel in self.channels.items():
|
1281
|
+
if not isinstance(channel, MeterpreterProcess):
|
1282
|
+
continue
|
1283
|
+
if not channel.proc_h is proc_h:
|
1284
|
+
continue
|
1285
|
+
self.close_channel(channel_id)
|
1286
|
+
break
|
1287
|
+
if has_windll:
|
1288
|
+
CloseHandle = ctypes.windll.kernel32.CloseHandle
|
1289
|
+
CloseHandle.argtypes = [ctypes.c_void_p]
|
1290
|
+
CloseHandle.restype = ctypes.c_long
|
1291
|
+
CloseHandle(proc_h_id)
|
1292
|
+
debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
|
1293
|
+
return True
|
1267
1294
|
|
1268
1295
|
def close_channel(self, channel_id):
|
1269
1296
|
if channel_id not in self.channels:
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.113
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OJ Reeves
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
98
98
|
-----END CERTIFICATE-----
|
99
|
-
date: 2023-02-
|
99
|
+
date: 2023-02-24 00:00:00.000000000 Z
|
100
100
|
dependencies:
|
101
101
|
- !ruby/object:Gem::Dependency
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
Binary file
|