metasploit-payloads 2.0.112 → 2.0.114

Sign up to get free protection for your applications and to get access to all the features.
Files changed (77) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +58 -38
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/meterpreter.py +31 -5
  66. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  67. data/data/meterpreter/metsrv.x64.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  69. data/data/meterpreter/metsrv.x86.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  71. data/data/meterpreter/screenshot.x64.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  73. data/data/meterpreter/screenshot.x86.dll +0 -0
  74. data/lib/metasploit-payloads/version.rb +1 -1
  75. data.tar.gz.sig +0 -0
  76. metadata +2 -2
  77. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dff880efffb98315c75fd5b99d9b8d18d38b00b89b895402efec6d3a75391a34
4
- data.tar.gz: 7c46f591405adf2dc595752bfcfeb43883eecdf371ffaf33a27b2e1ef3765b02
3
+ metadata.gz: d456431a9a0a90f715b26555be5229cadc713769d07679c8da9f5370b6b78d6e
4
+ data.tar.gz: e91f7f5e8d2bf763dd7f04eee2933a2b2484376c131110adee2bf3a0a90f35cc
5
5
  SHA512:
6
- metadata.gz: 827953f6a7fd7aa3013d1aab5b44731ed50ea31b68821744cd48889344055c79ca9ab837a26e161acc4e63b5b78422b549933b1a8990083b860dcc8e2825e6dc
7
- data.tar.gz: 8db85ed51660aace2c95c2083ec9d62c827e1505dc900e97eae93e2f6fbbf1bf1a27271b7ce768d06151a96870153fd35bc2b1db1e3edd9a99dd3f6153994dc9
6
+ metadata.gz: 04b6290da6753e8e1b84b4c5dbfb2182e62d4cb7067952e862c64118cc83b73134555f8d5b068106e348aec1931d244d4c3b640c82ada75e749a90cdfd3fbbb1
7
+ data.tar.gz: 9879bc24adddc5a902ad5dc27be22fb392f76414becaf8e99b526151c02bc0881d72486a0f0045baebb3f86f63d27ced8391c26d9d4d7e5144ffca7573f38d6d
checksums.yaml.gz.sig CHANGED
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -12,6 +12,7 @@ import struct
12
12
  import subprocess
13
13
  import sys
14
14
  import time
15
+ import binascii
15
16
 
16
17
  try:
17
18
  import ctypes
@@ -743,6 +744,7 @@ PROCESS_TERMINATE = 0x0001
743
744
  PROCESS_VM_READ = 0x0010
744
745
  PROCESS_QUERY_INFORMATION = 0x0400
745
746
  PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
747
+ PROCESS_ALL_ACCESS = 0x1fffff
746
748
  VER_NT_WORKSTATION = 0x0001
747
749
  VER_NT_DOMAIN_CONTROLLER = 0x0002
748
750
  VER_NT_SERVER = 0x0003
@@ -1334,13 +1336,10 @@ def stdapi_sys_config_sysinfo(request, response):
1334
1336
 
1335
1337
  @register_function
1336
1338
  def stdapi_sys_process_close(request, response):
1337
- proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
1339
+ proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']
1338
1340
  if not proc_h_id:
1339
1341
  return ERROR_SUCCESS, response
1340
- proc_h_id = proc_h_id['value']
1341
- if proc_h_id in meterpreter.processes:
1342
- del meterpreter.processes[proc_h_id]
1343
- if not meterpreter.close_channel(proc_h_id):
1342
+ if not meterpreter.close_process(proc_h_id):
1344
1343
  return ERROR_FAILURE, response
1345
1344
  return ERROR_SUCCESS, response
1346
1345
 
@@ -1383,6 +1382,7 @@ def stdapi_sys_process_execute(request, response):
1383
1382
  proc_h.start()
1384
1383
  else:
1385
1384
  proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
1385
+
1386
1386
  proc_h_id = meterpreter.add_process(proc_h)
1387
1387
  response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
1388
1388
  response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
@@ -1851,47 +1851,67 @@ def stdapi_fs_mount_show(request, response):
1851
1851
  response += tlv_pack(TLV_TYPE_MOUNT_GROUP, mount)
1852
1852
  return ERROR_SUCCESS, response
1853
1853
 
1854
- @register_function_if(has_windll)
1854
+ @register_function_if(sys.platform.startswith('linux') or has_windll)
1855
1855
  def stdapi_net_config_get_arp_table(request, response):
1856
- MIB_IPNET_TYPE_DYNAMIC = 3
1857
- MIB_IPNET_TYPE_STATIC = 4
1856
+ if has_windll:
1857
+ MIB_IPNET_TYPE_DYNAMIC = 3
1858
+ MIB_IPNET_TYPE_STATIC = 4
1858
1859
 
1859
- GetIpNetTable = ctypes.windll.iphlpapi.GetIpNetTable
1860
- GetIpNetTable.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_ulong), ctypes.c_long]
1861
- GetIpNetTable.restype = ctypes.c_ulong
1860
+ GetIpNetTable = ctypes.windll.iphlpapi.GetIpNetTable
1861
+ GetIpNetTable.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_ulong), ctypes.c_long]
1862
+ GetIpNetTable.restype = ctypes.c_ulong
1862
1863
 
1863
- ipnet_table = None
1864
- size = ctypes.c_ulong(0)
1865
- result = GetIpNetTable(ipnet_table, size, False)
1864
+ ipnet_table = None
1865
+ size = ctypes.c_ulong(0)
1866
+ result = GetIpNetTable(ipnet_table, size, False)
1866
1867
 
1867
- if result == ERROR_INSUFFICIENT_BUFFER:
1868
- ipnet_table = ctypes.cast(ctypes.create_string_buffer(bytes(), size.value), ctypes.c_void_p)
1868
+ if result == ERROR_INSUFFICIENT_BUFFER:
1869
+ ipnet_table = ctypes.cast(ctypes.create_string_buffer(bytes(), size.value), ctypes.c_void_p)
1869
1870
 
1870
- elif result != ERROR_SUCCESS and result != ERROR_NO_DATA:
1871
- return error_result_windows(result), response
1871
+ elif result != ERROR_SUCCESS and result != ERROR_NO_DATA:
1872
+ return error_result_windows(result), response
1872
1873
 
1873
- if not ipnet_table:
1874
- return error_result_windows(), response
1874
+ if not ipnet_table:
1875
+ return error_result_windows(), response
1875
1876
 
1876
- result = GetIpNetTable(ipnet_table, size, False)
1877
- if result != ERROR_SUCCESS:
1878
- return error_result_windows(result), response
1877
+ result = GetIpNetTable(ipnet_table, size, False)
1878
+ if result != ERROR_SUCCESS:
1879
+ return error_result_windows(result), response
1879
1880
 
1880
- class MIB_IPNETTABLE(ctypes.Structure):
1881
- _fields_ = [
1882
- ('dwNumEntries', ctypes.c_uint32),
1883
- ('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
1884
- ]
1885
-
1886
- ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
1887
- for ipnet_row in ipnet_table.contents.table:
1888
- if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):
1889
- continue
1890
- arp_tlv = bytes()
1891
- arp_tlv += tlv_pack(TLV_TYPE_IP, struct.pack('<L', ipnet_row.dwAddr))
1892
- arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, bytes(ipnet_row.bPhysAddr)[:ipnet_row.dwPhysAddrLen])
1893
- arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, str(ipnet_row.dwIndex))
1894
- response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1881
+ class MIB_IPNETTABLE(ctypes.Structure):
1882
+ _fields_ = [
1883
+ ('dwNumEntries', ctypes.c_uint32),
1884
+ ('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
1885
+ ]
1886
+
1887
+ ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
1888
+ for ipnet_row in ipnet_table.contents.table:
1889
+ if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):
1890
+ continue
1891
+ arp_tlv = bytes()
1892
+ arp_tlv += tlv_pack(TLV_TYPE_IP, struct.pack('<L', ipnet_row.dwAddr))
1893
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, bytes(ipnet_row.bPhysAddr)[:ipnet_row.dwPhysAddrLen])
1894
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, str(ipnet_row.dwIndex))
1895
+ response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1896
+
1897
+ elif sys.platform.startswith('linux'):
1898
+ arp_cache_file = '/proc/net/arp'
1899
+ if not os.path.exists(arp_cache_file):
1900
+ return ERROR_NOT_SUPPORTED, response
1901
+
1902
+ with open(arp_cache_file, 'r') as arp_cache:
1903
+ lines = arp_cache.readlines()
1904
+ for line in lines[1:]:
1905
+ fields = line.split()
1906
+ ip_address = fields[0]
1907
+ mac_address = fields[3]
1908
+ mac_address = binascii.unhexlify(mac_address.replace(':', ''))
1909
+ interface_name = fields[5]
1910
+ arp_tlv = bytes()
1911
+ arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
1912
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
1913
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
1914
+ response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1895
1915
  return ERROR_SUCCESS, response
1896
1916
 
1897
1917
  @register_function
@@ -1260,11 +1260,37 @@ class PythonMeterpreter(object):
1260
1260
  return idx
1261
1261
 
1262
1262
  def add_process(self, process):
1263
- idx = self.next_process_id
1264
- self.processes[idx] = process
1265
- debug_print('[*] added process id: ' + str(idx))
1266
- self.next_process_id += 1
1267
- return idx
1263
+ if has_windll:
1264
+ PROCESS_ALL_ACCESS = 0x1fffff
1265
+ OpenProcess = ctypes.windll.kernel32.OpenProcess
1266
+ OpenProcess.argtypes = [ctypes.c_ulong, ctypes.c_long, ctypes.c_ulong]
1267
+ OpenProcess.restype = ctypes.c_void_p
1268
+ handle = OpenProcess(PROCESS_ALL_ACCESS, False, process.pid)
1269
+ else:
1270
+ handle = self.next_process_id
1271
+ self.next_process_id += 1
1272
+ self.processes[handle] = process
1273
+ debug_print('[*] added process id: ' + str(process.pid) + ', handle: ' + str(handle))
1274
+ return handle
1275
+
1276
+ def close_process(self, proc_h_id):
1277
+ proc_h = self.processes.pop(proc_h_id, None)
1278
+ if not proc_h:
1279
+ return False
1280
+ for channel_id, channel in self.channels.items():
1281
+ if not isinstance(channel, MeterpreterProcess):
1282
+ continue
1283
+ if not channel.proc_h is proc_h:
1284
+ continue
1285
+ self.close_channel(channel_id)
1286
+ break
1287
+ if has_windll:
1288
+ CloseHandle = ctypes.windll.kernel32.CloseHandle
1289
+ CloseHandle.argtypes = [ctypes.c_void_p]
1290
+ CloseHandle.restype = ctypes.c_long
1291
+ CloseHandle(proc_h_id)
1292
+ debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
1293
+ return True
1268
1294
 
1269
1295
  def close_channel(self, channel_id):
1270
1296
  if channel_id not in self.channels:
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.112'
3
+ VERSION = '2.0.114'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.112
4
+ version: 2.0.114
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2023-02-17 00:00:00.000000000 Z
99
+ date: 2023-02-24 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
Binary file