metasploit-payloads 2.0.118 → 2.0.120

Sign up to get free protection for your applications and to get access to all the features.
Files changed (76) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +147 -13
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  66. data/data/meterpreter/metsrv.x64.dll +0 -0
  67. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.dll +0 -0
  69. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.dll +0 -0
  71. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.dll +0 -0
  73. data/lib/metasploit-payloads/version.rb +1 -1
  74. data.tar.gz.sig +1 -1
  75. metadata +2 -2
  76. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55f62a6ddb8ad54b97366b04f5b95e70859d702e29e461c3cf860c7958b61ec5
4
- data.tar.gz: e72be5a99ca78cd07501b9d9cc3f61bd285da2f818e2c4bc23d8fc9ba524fb90
3
+ metadata.gz: 2ff980455249d53eb739d2cc6ebde4973bc3bf647932a6bc529f99e4f627e843
4
+ data.tar.gz: 1a5d9ba1d7a6cc5f6521b11b8c468b51ea13c2a04bd9b93f903e715ebac0d3de
5
5
  SHA512:
6
- metadata.gz: c91365effac6f9f697441f8356f273f403eb92973e3dd8ecb187d4419299a377e12353cfd6708799ced35fe1839faec70586a9131c61f0e7dbcb01a6d5bfb94d
7
- data.tar.gz: 47a8af6283b7dc2e668278548580642b94c8808b5df062c5a7cc51f3663f012fd767a86af8e9bbe7ae23bc9c107ed8cc1799c640593c38e42235dad5ca076eda
6
+ metadata.gz: 5b74e3680e087cb1c25f0fb69fcca0ade906ac587aa22926182c9dad92656346677a0eda6d0a9fd152dbae418e8944be471d9c962ef64bff0bc1f709f25e16fe
7
+ data.tar.gz: 578453774bcf09f5cd5f413efcd2a898424b2ab74ebc646d0d568276d68f2df9e5fcd9c152f26da08848a6d44d4f714b952bfb8c16270f711ca3b1847d9d282a
checksums.yaml.gz.sig CHANGED
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -728,6 +728,7 @@ ERROR_FAILURE = 1
728
728
  ERROR_INSUFFICIENT_BUFFER = 0x0000007a
729
729
  ERROR_NOT_SUPPORTED = 0x00000032
730
730
  ERROR_NO_DATA = 0x000000e8
731
+ ERROR_INVALID_PARAMETER = 87
731
732
 
732
733
  # Special return value to match up with Windows error codes for network
733
734
  # errors.
@@ -1002,6 +1003,9 @@ def getaddrinfo_from_request(request, socktype, proto):
1002
1003
  local_address_info = None
1003
1004
  return peer_address_info, local_address_info
1004
1005
 
1006
+ def addr_atoi4(address):
1007
+ return struct.unpack('!I', socket.inet_aton(address))[0]
1008
+
1005
1009
  def netlink_request(req_type, req_data):
1006
1010
  # See RFC 3549
1007
1011
  NLM_F_REQUEST = 0x0001
@@ -1415,6 +1419,66 @@ def stdapi_sys_process_execute(request, response):
1415
1419
  response += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id)
1416
1420
  return ERROR_SUCCESS, response
1417
1421
 
1422
+ @register_function_if(has_windll)
1423
+ def stdapi_sys_process_get_info(request, response):
1424
+ proc_h = packet_get_tlv(request, TLV_TYPE_HANDLE).get('value')
1425
+ if not proc_h:
1426
+ return ERROR_INVALID_PARAMETER, response
1427
+
1428
+ MAX_PATH = 260
1429
+
1430
+ EnumProcessModules = ctypes.windll.Psapi.EnumProcessModules
1431
+ EnumProcessModules.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_ulong, ctypes.POINTER(ctypes.c_ulong)]
1432
+ EnumProcessModules.restype = ctypes.c_long
1433
+
1434
+ GetModuleFileNameExW = ctypes.windll.Psapi.GetModuleFileNameExW
1435
+ GetModuleFileNameExW.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_ulong]
1436
+ GetModuleFileNameExW.restype = ctypes.c_ulong
1437
+
1438
+ GetModuleBaseNameW = ctypes.windll.Psapi.GetModuleBaseNameW
1439
+ GetModuleBaseNameW.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_ulong]
1440
+ GetModuleBaseNameW.restype = ctypes.c_ulong
1441
+
1442
+ def enum_process_modules(hProcess):
1443
+ buf_count = 256
1444
+ while True:
1445
+ buffer = (ctypes.c_void_p * buf_count)()
1446
+ buf_size = ctypes.sizeof(buffer)
1447
+ needed = ctypes.c_ulong()
1448
+ if not EnumProcessModules(hProcess, ctypes.byref(buffer), buf_size, ctypes.byref(needed)):
1449
+ raise OSError('EnumProcessModules')
1450
+ if buf_size < needed.value:
1451
+ buf_count = needed.value // (buf_size // buf_count)
1452
+ continue
1453
+ count = needed.value // (buf_size // buf_count)
1454
+ return map(ctypes.c_void_p, buffer[:count])
1455
+
1456
+ def get_module_name(hProcess, hModule):
1457
+ base_name_buffer = ctypes.create_unicode_buffer(MAX_PATH)
1458
+ if not GetModuleBaseNameW(hProcess, hModule, base_name_buffer, MAX_PATH):
1459
+ raise OSError('GetModuleBaseNameW')
1460
+ return base_name_buffer.value
1461
+
1462
+ def get_module_filename(hProcess, hModule):
1463
+ buffer = ctypes.create_unicode_buffer(MAX_PATH)
1464
+ nSize = ctypes.c_ulong(MAX_PATH)
1465
+ if not GetModuleFileNameExW(hProcess, hModule, ctypes.byref(buffer), nSize):
1466
+ raise OSError('GetModuleFileNameExW')
1467
+ return buffer.value
1468
+
1469
+ try:
1470
+ for hModule in enum_process_modules(proc_h):
1471
+ module_name = get_module_name(proc_h, hModule)
1472
+ module_filename = get_module_filename(proc_h, hModule)
1473
+ response += tlv_pack(TLV_TYPE_PROCESS_NAME, module_name)
1474
+ response += tlv_pack(TLV_TYPE_PROCESS_PATH, module_filename)
1475
+ break
1476
+ except OSError as error:
1477
+ debug_print('[-] method stdapi_sys_process_get_info failed on: ' + str(error))
1478
+ return error_result_windows(), response
1479
+
1480
+ return ERROR_SUCCESS, response
1481
+
1418
1482
  @register_function
1419
1483
  def stdapi_sys_process_getpid(request, response):
1420
1484
  response += tlv_pack(TLV_TYPE_PID, os.getpid())
@@ -1923,19 +1987,22 @@ def stdapi_net_config_get_arp_table(request, response):
1923
1987
  if not os.path.exists(arp_cache_file):
1924
1988
  return ERROR_NOT_SUPPORTED, response
1925
1989
 
1926
- with open(arp_cache_file, 'r') as arp_cache:
1927
- lines = arp_cache.readlines()
1928
- for line in lines[1:]:
1929
- fields = line.split()
1930
- ip_address = fields[0]
1931
- mac_address = fields[3]
1932
- mac_address = binascii.unhexlify(mac_address.replace(':', ''))
1933
- interface_name = fields[5]
1934
- arp_tlv = bytes()
1935
- arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
1936
- arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
1937
- arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
1938
- response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1990
+ arp_cache = open('/proc/net/arp', 'r')
1991
+ lines = arp_cache.readlines()
1992
+ for line in lines[1:]:
1993
+ fields = line.split()
1994
+ ip_address = fields[0]
1995
+ mac_address = fields[3]
1996
+ mac_address = bytes().join(binascii.unhexlify(h) for h in mac_address.split(':'))
1997
+ interface_name = fields[5]
1998
+ arp_tlv = bytes()
1999
+ arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
2000
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
2001
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
2002
+ response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
2003
+ arp_cache.close()
2004
+ else:
2005
+ return ERROR_NOT_SUPPORTED, response
1939
2006
  return ERROR_SUCCESS, response
1940
2007
 
1941
2008
  @register_function
@@ -2146,6 +2213,73 @@ def stdapi_net_config_get_routes(request, response):
2146
2213
  response += tlv_pack(TLV_TYPE_NETWORK_ROUTE, route_tlv)
2147
2214
  return ERROR_SUCCESS, response
2148
2215
 
2216
+ def _win_route_add_remove(is_add, request, response):
2217
+ class IPAddr(ctypes.Structure):
2218
+ _fields_ = [
2219
+ ("S_addr", ctypes.c_ulong)]
2220
+
2221
+ MIB_IPROUTE_TYPE_INDIRECT = 4
2222
+ MIB_IPPROTO_NETMGMT = 3
2223
+
2224
+ GetBestInterface = ctypes.windll.Iphlpapi.GetBestInterface
2225
+ GetBestInterface.argtypes = [IPAddr, ctypes.POINTER(ctypes.c_ulong)]
2226
+ GetBestInterface.restype = ctypes.c_ulong
2227
+
2228
+ CreateIpForwardEntry = ctypes.windll.Iphlpapi.CreateIpForwardEntry
2229
+ CreateIpForwardEntry.argtypes = [PMIB_IPFORWARDROW]
2230
+ CreateIpForwardEntry.restype = ctypes.c_ulong
2231
+
2232
+ DeleteIpForwardEntry = ctypes.windll.Iphlpapi.DeleteIpForwardEntry
2233
+ DeleteIpForwardEntry.argtypes = [PMIB_IPFORWARDROW]
2234
+ DeleteIpForwardEntry.restype = ctypes.c_ulong
2235
+
2236
+ GetIpInterfaceEntry = ctypes.windll.Iphlpapi.GetIpInterfaceEntry
2237
+ GetIpInterfaceEntry.argtypes = [ctypes.POINTER(MIB_IPINTERFACE_ROW)]
2238
+ GetIpInterfaceEntry.restype = ctypes.c_ulong
2239
+
2240
+ subnet = packet_get_tlv(request, TLV_TYPE_SUBNET_STRING)['value']
2241
+ netmask = packet_get_tlv(request, TLV_TYPE_NETMASK_STRING)['value']
2242
+ gateway = packet_get_tlv(request, TLV_TYPE_GATEWAY_STRING)['value']
2243
+
2244
+ route = MIB_IPFORWARDROW()
2245
+ route.dwForwardDest = socket.ntohl(addr_atoi4(subnet))
2246
+ route.dwForwardMask = socket.ntohl(addr_atoi4(netmask))
2247
+ route.dwForwardNextHop = socket.ntohl(addr_atoi4(gateway))
2248
+ route.dwForwardType = MIB_IPROUTE_TYPE_INDIRECT
2249
+ route.dwForwardProto = MIB_IPPROTO_NETMGMT
2250
+ route.dwForwardAge = -1
2251
+ route.dwForwardMetric1 = 0
2252
+
2253
+ best_iface = ctypes.c_ulong()
2254
+ ip_addr = IPAddr(socket.ntohl(addr_atoi4(subnet)))
2255
+ result = GetBestInterface(ip_addr, ctypes.byref(best_iface))
2256
+ if result != ERROR_SUCCESS:
2257
+ return error_result_windows(result), response
2258
+ route.dwForwardIfIndex = best_iface
2259
+
2260
+ iface = MIB_IPINTERFACE_ROW(Family=WIN_AF_INET, InterfaceIndex=route.dwForwardIfIndex)
2261
+ result = GetIpInterfaceEntry(ctypes.byref(iface))
2262
+ if result != ERROR_SUCCESS:
2263
+ return error_result_windows(result), response
2264
+ route.dwForwardMetric1 = iface.Metric
2265
+
2266
+ if is_add:
2267
+ result = CreateIpForwardEntry(ctypes.byref(route))
2268
+ else:
2269
+ result = DeleteIpForwardEntry(ctypes.byref(route))
2270
+ if result != ERROR_SUCCESS:
2271
+ return error_result_windows(result), response
2272
+
2273
+ return ERROR_SUCCESS, response
2274
+
2275
+ @register_function_if(has_windll)
2276
+ def stdapi_net_config_add_route(request, response):
2277
+ return _win_route_add_remove(True, request, response)
2278
+
2279
+ @register_function_if(has_windll)
2280
+ def stdapi_net_config_remove_route(request, response):
2281
+ return _win_route_add_remove(False, request, response)
2282
+
2149
2283
  def stdapi_net_config_get_routes_via_netlink():
2150
2284
  rta_align = lambda l: l+3 & ~3
2151
2285
  responses = netlink_request(RTM_GETROUTE, RTMSG(family=socket.AF_UNSPEC))
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.118'
3
+ VERSION = '2.0.120'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
@@ -1 +1 @@
1
- :�:RSE"���͕�S�58+����=�"�/ҏI��}f�A�Тa��oF��AP�̂W'ګ�7H��{�O�Wƶ�ɸT[P��rִ�"�Ijw��\���bX5F��H=���8-BcuJOEy-���u��U�ķ܎��peJ�9ۢ59�:�$�U֬�]��FhH�+��@9@�T�Mh<E�������c����07a�zU@)*m�s"���^�q�f8��i��mB��l���F��T�U
1
+ E&�����7!H��Z)87W<�����K��}y^W}J��ʎ1C��� ���e&�U������hT,�(rI��U�Ox�b��f4?�AVw�W��Eou${p��-8��X" ����hW8'V��);Z9d戞ybHd��!���Ȅ�ᗰΜ �-�����#I��:����,@�-��*O q�a�##�^�����*J"�Al<>��PC�5z`h̠-�H�x��Vgj�$o���@�W��et�T�fQ77��
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.118
4
+ version: 2.0.120
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2023-03-03 00:00:00.000000000 Z
99
+ date: 2023-03-07 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
Binary file