metasploit-payloads 2.0.112 → 2.0.114
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +58 -38
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/meterpreter.py +31 -5
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d456431a9a0a90f715b26555be5229cadc713769d07679c8da9f5370b6b78d6e
|
4
|
+
data.tar.gz: e91f7f5e8d2bf763dd7f04eee2933a2b2484376c131110adee2bf3a0a90f35cc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 04b6290da6753e8e1b84b4c5dbfb2182e62d4cb7067952e862c64118cc83b73134555f8d5b068106e348aec1931d244d4c3b640c82ada75e749a90cdfd3fbbb1
|
7
|
+
data.tar.gz: 9879bc24adddc5a902ad5dc27be22fb392f76414becaf8e99b526151c02bc0881d72486a0f0045baebb3f86f63d27ced8391c26d9d4d7e5144ffca7573f38d6d
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -12,6 +12,7 @@ import struct
|
|
12
12
|
import subprocess
|
13
13
|
import sys
|
14
14
|
import time
|
15
|
+
import binascii
|
15
16
|
|
16
17
|
try:
|
17
18
|
import ctypes
|
@@ -743,6 +744,7 @@ PROCESS_TERMINATE = 0x0001
|
|
743
744
|
PROCESS_VM_READ = 0x0010
|
744
745
|
PROCESS_QUERY_INFORMATION = 0x0400
|
745
746
|
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
|
747
|
+
PROCESS_ALL_ACCESS = 0x1fffff
|
746
748
|
VER_NT_WORKSTATION = 0x0001
|
747
749
|
VER_NT_DOMAIN_CONTROLLER = 0x0002
|
748
750
|
VER_NT_SERVER = 0x0003
|
@@ -1334,13 +1336,10 @@ def stdapi_sys_config_sysinfo(request, response):
|
|
1334
1336
|
|
1335
1337
|
@register_function
|
1336
1338
|
def stdapi_sys_process_close(request, response):
|
1337
|
-
proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
|
1339
|
+
proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']
|
1338
1340
|
if not proc_h_id:
|
1339
1341
|
return ERROR_SUCCESS, response
|
1340
|
-
|
1341
|
-
if proc_h_id in meterpreter.processes:
|
1342
|
-
del meterpreter.processes[proc_h_id]
|
1343
|
-
if not meterpreter.close_channel(proc_h_id):
|
1342
|
+
if not meterpreter.close_process(proc_h_id):
|
1344
1343
|
return ERROR_FAILURE, response
|
1345
1344
|
return ERROR_SUCCESS, response
|
1346
1345
|
|
@@ -1383,6 +1382,7 @@ def stdapi_sys_process_execute(request, response):
|
|
1383
1382
|
proc_h.start()
|
1384
1383
|
else:
|
1385
1384
|
proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
1385
|
+
|
1386
1386
|
proc_h_id = meterpreter.add_process(proc_h)
|
1387
1387
|
response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
|
1388
1388
|
response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
|
@@ -1851,47 +1851,67 @@ def stdapi_fs_mount_show(request, response):
|
|
1851
1851
|
response += tlv_pack(TLV_TYPE_MOUNT_GROUP, mount)
|
1852
1852
|
return ERROR_SUCCESS, response
|
1853
1853
|
|
1854
|
-
@register_function_if(has_windll)
|
1854
|
+
@register_function_if(sys.platform.startswith('linux') or has_windll)
|
1855
1855
|
def stdapi_net_config_get_arp_table(request, response):
|
1856
|
-
|
1857
|
-
|
1856
|
+
if has_windll:
|
1857
|
+
MIB_IPNET_TYPE_DYNAMIC = 3
|
1858
|
+
MIB_IPNET_TYPE_STATIC = 4
|
1858
1859
|
|
1859
|
-
|
1860
|
-
|
1861
|
-
|
1860
|
+
GetIpNetTable = ctypes.windll.iphlpapi.GetIpNetTable
|
1861
|
+
GetIpNetTable.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_ulong), ctypes.c_long]
|
1862
|
+
GetIpNetTable.restype = ctypes.c_ulong
|
1862
1863
|
|
1863
|
-
|
1864
|
-
|
1865
|
-
|
1864
|
+
ipnet_table = None
|
1865
|
+
size = ctypes.c_ulong(0)
|
1866
|
+
result = GetIpNetTable(ipnet_table, size, False)
|
1866
1867
|
|
1867
|
-
|
1868
|
-
|
1868
|
+
if result == ERROR_INSUFFICIENT_BUFFER:
|
1869
|
+
ipnet_table = ctypes.cast(ctypes.create_string_buffer(bytes(), size.value), ctypes.c_void_p)
|
1869
1870
|
|
1870
|
-
|
1871
|
-
|
1871
|
+
elif result != ERROR_SUCCESS and result != ERROR_NO_DATA:
|
1872
|
+
return error_result_windows(result), response
|
1872
1873
|
|
1873
|
-
|
1874
|
-
|
1874
|
+
if not ipnet_table:
|
1875
|
+
return error_result_windows(), response
|
1875
1876
|
|
1876
|
-
|
1877
|
-
|
1878
|
-
|
1877
|
+
result = GetIpNetTable(ipnet_table, size, False)
|
1878
|
+
if result != ERROR_SUCCESS:
|
1879
|
+
return error_result_windows(result), response
|
1879
1880
|
|
1880
|
-
|
1881
|
-
|
1882
|
-
|
1883
|
-
|
1884
|
-
|
1885
|
-
|
1886
|
-
|
1887
|
-
|
1888
|
-
|
1889
|
-
|
1890
|
-
|
1891
|
-
|
1892
|
-
|
1893
|
-
|
1894
|
-
|
1881
|
+
class MIB_IPNETTABLE(ctypes.Structure):
|
1882
|
+
_fields_ = [
|
1883
|
+
('dwNumEntries', ctypes.c_uint32),
|
1884
|
+
('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
|
1885
|
+
]
|
1886
|
+
|
1887
|
+
ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
|
1888
|
+
for ipnet_row in ipnet_table.contents.table:
|
1889
|
+
if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):
|
1890
|
+
continue
|
1891
|
+
arp_tlv = bytes()
|
1892
|
+
arp_tlv += tlv_pack(TLV_TYPE_IP, struct.pack('<L', ipnet_row.dwAddr))
|
1893
|
+
arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, bytes(ipnet_row.bPhysAddr)[:ipnet_row.dwPhysAddrLen])
|
1894
|
+
arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, str(ipnet_row.dwIndex))
|
1895
|
+
response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
|
1896
|
+
|
1897
|
+
elif sys.platform.startswith('linux'):
|
1898
|
+
arp_cache_file = '/proc/net/arp'
|
1899
|
+
if not os.path.exists(arp_cache_file):
|
1900
|
+
return ERROR_NOT_SUPPORTED, response
|
1901
|
+
|
1902
|
+
with open(arp_cache_file, 'r') as arp_cache:
|
1903
|
+
lines = arp_cache.readlines()
|
1904
|
+
for line in lines[1:]:
|
1905
|
+
fields = line.split()
|
1906
|
+
ip_address = fields[0]
|
1907
|
+
mac_address = fields[3]
|
1908
|
+
mac_address = binascii.unhexlify(mac_address.replace(':', ''))
|
1909
|
+
interface_name = fields[5]
|
1910
|
+
arp_tlv = bytes()
|
1911
|
+
arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
|
1912
|
+
arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
|
1913
|
+
arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
|
1914
|
+
response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
|
1895
1915
|
return ERROR_SUCCESS, response
|
1896
1916
|
|
1897
1917
|
@register_function
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -1260,11 +1260,37 @@ class PythonMeterpreter(object):
|
|
1260
1260
|
return idx
|
1261
1261
|
|
1262
1262
|
def add_process(self, process):
|
1263
|
-
|
1264
|
-
|
1265
|
-
|
1266
|
-
|
1267
|
-
|
1263
|
+
if has_windll:
|
1264
|
+
PROCESS_ALL_ACCESS = 0x1fffff
|
1265
|
+
OpenProcess = ctypes.windll.kernel32.OpenProcess
|
1266
|
+
OpenProcess.argtypes = [ctypes.c_ulong, ctypes.c_long, ctypes.c_ulong]
|
1267
|
+
OpenProcess.restype = ctypes.c_void_p
|
1268
|
+
handle = OpenProcess(PROCESS_ALL_ACCESS, False, process.pid)
|
1269
|
+
else:
|
1270
|
+
handle = self.next_process_id
|
1271
|
+
self.next_process_id += 1
|
1272
|
+
self.processes[handle] = process
|
1273
|
+
debug_print('[*] added process id: ' + str(process.pid) + ', handle: ' + str(handle))
|
1274
|
+
return handle
|
1275
|
+
|
1276
|
+
def close_process(self, proc_h_id):
|
1277
|
+
proc_h = self.processes.pop(proc_h_id, None)
|
1278
|
+
if not proc_h:
|
1279
|
+
return False
|
1280
|
+
for channel_id, channel in self.channels.items():
|
1281
|
+
if not isinstance(channel, MeterpreterProcess):
|
1282
|
+
continue
|
1283
|
+
if not channel.proc_h is proc_h:
|
1284
|
+
continue
|
1285
|
+
self.close_channel(channel_id)
|
1286
|
+
break
|
1287
|
+
if has_windll:
|
1288
|
+
CloseHandle = ctypes.windll.kernel32.CloseHandle
|
1289
|
+
CloseHandle.argtypes = [ctypes.c_void_p]
|
1290
|
+
CloseHandle.restype = ctypes.c_long
|
1291
|
+
CloseHandle(proc_h_id)
|
1292
|
+
debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
|
1293
|
+
return True
|
1268
1294
|
|
1269
1295
|
def close_channel(self, channel_id):
|
1270
1296
|
if channel_id not in self.channels:
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.114
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OJ Reeves
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
98
98
|
-----END CERTIFICATE-----
|
99
|
-
date: 2023-02-
|
99
|
+
date: 2023-02-24 00:00:00.000000000 Z
|
100
100
|
dependencies:
|
101
101
|
- !ruby/object:Gem::Dependency
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
Binary file
|