metasploit-payloads 2.0.144 → 2.0.146
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/dump_sam.x64.debug.dll +0 -0
- data/data/meterpreter/dump_sam.x64.dll +0 -0
- data/data/meterpreter/dump_sam.x86.debug.dll +0 -0
- data/data/meterpreter/dump_sam.x86.dll +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +21 -13
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a695570653272110d9cc50296602a02485433e0311bb6fe0f1a9e25972a7205c
|
4
|
+
data.tar.gz: efdb8e928a925f21b576c637cf4a6a761144960101a5542d8234152a2907957c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 80a2c79fe93d6ffa444e40b3fbae50625e9a4f5249946c573a9c1046797ba88794d415d1d783dfe4a5f1d3be015ac0051186c3d649af773c894a7b9b52f13292
|
7
|
+
data.tar.gz: 9601afeea9ff7d54c7b71fdc3aa58aa70a9541cc4ebee7287b00aff53c0310f633d22ee640f901c99ada9d0aecece0f768566a080dae4c2e27b0bce5396d2e20
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -899,7 +899,7 @@ def get_stat_buffer(path):
|
|
899
899
|
st_buf += struct.pack('<QQQQ', long(si.st_size), long(si.st_atime), long(si.st_mtime), long(si.st_ctime))
|
900
900
|
return st_buf
|
901
901
|
|
902
|
-
def
|
902
|
+
def get_token_user_sid(handle):
|
903
903
|
TokenUser = 1
|
904
904
|
advapi32 = ctypes.windll.advapi32
|
905
905
|
advapi32.OpenProcessToken.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(ctypes.c_void_p)]
|
@@ -913,9 +913,17 @@ def get_token_user(handle):
|
|
913
913
|
ctypes.windll.kernel32.CloseHandle(token_handle)
|
914
914
|
if not result:
|
915
915
|
return None
|
916
|
-
|
916
|
+
token_user = ctstruct_unpack(TOKEN_USER, token_user_buffer)
|
917
917
|
|
918
|
-
|
918
|
+
GetLengthSid = ctypes.windll.advapi32.GetLengthSid
|
919
|
+
GetLengthSid.argtypes = [ctypes.c_void_p]
|
920
|
+
GetLengthSid.restype = ctypes.c_uint32
|
921
|
+
sid_length = GetLengthSid(token_user.User.Sid)
|
922
|
+
sid_bytes = ctypes.string_at(token_user.User.Sid, sid_length)
|
923
|
+
|
924
|
+
return sid_bytes
|
925
|
+
|
926
|
+
def get_username_from_sid(sid):
|
919
927
|
user = (ctypes.c_char * 512)()
|
920
928
|
domain = (ctypes.c_char * 512)()
|
921
929
|
user_len = ctypes.c_uint32()
|
@@ -926,7 +934,7 @@ def get_username_from_token(token_user):
|
|
926
934
|
use.value = 0
|
927
935
|
LookupAccountSid = ctypes.windll.advapi32.LookupAccountSidA
|
928
936
|
LookupAccountSid.argtypes = [ctypes.c_void_p] * 7
|
929
|
-
if not LookupAccountSid(None,
|
937
|
+
if not LookupAccountSid(None, sid, user, ctypes.byref(user_len), domain, ctypes.byref(domain_len), ctypes.byref(use)):
|
930
938
|
return None
|
931
939
|
return str(ctypes.string_at(domain)) + '\\' + str(ctypes.string_at(user))
|
932
940
|
|
@@ -1232,13 +1240,13 @@ def stdapi_sys_config_getenv(request, response):
|
|
1232
1240
|
|
1233
1241
|
@register_function_if(has_windll)
|
1234
1242
|
def stdapi_sys_config_getsid(request, response):
|
1235
|
-
|
1236
|
-
if not
|
1243
|
+
sid = get_token_user_sid(ctypes.windll.kernel32.GetCurrentProcess())
|
1244
|
+
if not sid:
|
1237
1245
|
return error_result_windows(), response
|
1238
1246
|
sid_str = ctypes.c_char_p()
|
1239
1247
|
ConvertSidToStringSid = ctypes.windll.advapi32.ConvertSidToStringSidA
|
1240
1248
|
ConvertSidToStringSid.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
1241
|
-
if not ConvertSidToStringSid(
|
1249
|
+
if not ConvertSidToStringSid(sid, ctypes.byref(sid_str)):
|
1242
1250
|
return error_result_windows(), response
|
1243
1251
|
sid_str = str(ctypes.string_at(sid_str))
|
1244
1252
|
response += tlv_pack(TLV_TYPE_SID, sid_str)
|
@@ -1249,10 +1257,10 @@ def stdapi_sys_config_getuid(request, response):
|
|
1249
1257
|
if has_pwd:
|
1250
1258
|
username = pwd.getpwuid(os.getuid()).pw_name
|
1251
1259
|
elif has_windll:
|
1252
|
-
|
1253
|
-
if not
|
1260
|
+
sid = get_token_user_sid(ctypes.windll.kernel32.GetCurrentProcess())
|
1261
|
+
if not sid:
|
1254
1262
|
return error_result_windows(), response
|
1255
|
-
username =
|
1263
|
+
username = get_username_from_sid(sid)
|
1256
1264
|
if not username:
|
1257
1265
|
return error_result_windows(), response
|
1258
1266
|
else:
|
@@ -1607,9 +1615,9 @@ def stdapi_sys_process_get_processes_via_windll(request, response):
|
|
1607
1615
|
else:
|
1608
1616
|
exe_path = ''
|
1609
1617
|
process_username = ''
|
1610
|
-
|
1611
|
-
if
|
1612
|
-
process_username =
|
1618
|
+
process_token_user_sid = get_token_user_sid(proc_h)
|
1619
|
+
if process_token_user_sid:
|
1620
|
+
process_username = get_username_from_sid(process_token_user_sid) or ''
|
1613
1621
|
parch = windll_GetNativeSystemInfo()
|
1614
1622
|
is_wow64 = ctypes.c_ubyte()
|
1615
1623
|
is_wow64.value = 0
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.146
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OJ Reeves
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
98
98
|
-----END CERTIFICATE-----
|
99
|
-
date: 2023-06-
|
99
|
+
date: 2023-06-28 00:00:00.000000000 Z
|
100
100
|
dependencies:
|
101
101
|
- !ruby/object:Gem::Dependency
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
@@ -1 +1,2 @@
|
|
1
|
-
|
1
|
+
"V��}24@+��։WN�i[���nM��~�����
|
2
|
+
�0���F�����8�_L�B�����ExY��A��D�w���[K������C��22���������4l)�#�b�9#�"Cu�5D���0���i<G�z���{b�*�+J�e�ب1ܽdkK�Y[�~����2�
|