metasploit-payloads 2.0.156 → 2.0.158

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c6cbabcdd26a813470c5b122520a700c3da82d8eb029bae6b82fc3fefed970db
-  data.tar.gz: 03bc7c08180258b0b2a71fba8896cc28e86e6ff569ce5411448eb992359fede2
+  metadata.gz: 1fa9221a85e2591eab9dab6309317996ccd631d0f2c576f5cdf62e2869e01517
+  data.tar.gz: cb87dba217909cedccf0c296c9e9e05a71dc8b09b67843b00075ead98f17e6b2
 SHA512:
-  metadata.gz: 7e1ddeb4d9cf667736924aa448485ba1d0efb3a60f5e8715f36ac56d77da2b89b4b02f3e0ea4e32fd9f1283cddb8962ee054688e49097c2b2d5950f6fa71b3d5
-  data.tar.gz: dc6b055f7a8db8dbed810e600f5fa486a889184f2390fbb295f0819bca93e9018b3af227c3c9bc84a2a5f0fbf727fe4359699b2ecb72a1285f77a385e8da4f26
+  metadata.gz: c15c7decd13d472b4953e53772876aa378e66317e7d4994b1aaa224de45186987067da73e81aaa6a138607dc342643fae3a826605a2c1eb3458b3b8de37de47d
+  data.tar.gz: e6a66ad7b89298fbd2e405b4bde4dd352fc03ad7e87ff6773e326bf0b9fbfa3a57d532238f3673c9bd9ca5fe451c61f045cb4f383115ff32b945fa9edbbd4d1d

data/Rakefile

@@ -1,5 +1,6 @@
 require "bundler/gem_tasks"
 require 'openssl'
+require 'metasploit-payloads/crypto'
 
 c_source = "../c/meterpreter/"
 java_source = "../java"
@@ -7,6 +8,8 @@ php_source = "../php/meterpreter/"
 python_source = "../python/meterpreter/"
 dest = "./data"
 meterpreter_dest = "./data/meterpreter"
+android_dest = "./data/android"
+java_dest = "./data/java"
 manifest_file = './manifest'
 manifest_uuid_file = './manifest.uuid'
 manifest_hash_type = 'SHA3-256'
@@ -20,7 +23,7 @@ platform_config = {
       "dll"
     ]
   },
-  :java => {
+  :java_meterpreter => {
     :sources => [
       "../java/output/data/meterpreter"
     ],
@@ -28,6 +31,25 @@ platform_config = {
       "jar"
     ],
   },
+  :java_output => {
+    :sources => [
+      "../java/output/data/java"
+    ],
+    :extensions => [
+      "class"
+    ]
+  },
+  :android => {
+    :sources => [
+      "../java/output/data/android"
+    ],
+    :extensions => [
+      "jar",
+      "dex",
+      "xml",
+      "arsc"
+    ]
+  },
   :php => {
     :sources => [
       php_source
@@ -49,10 +71,16 @@ platform_config = {
 def copy_files(cnf, meterpreter_dest)
   cnf[:sources].each do |f|
     cnf[:extensions].each do |ext|
-      Dir.glob("#{f}/*.#{ext}").each do |bin|
-        target = File.join(meterpreter_dest, File.basename(bin))
+      Dir.glob("#{f}/**/*.#{ext}").each do |bin|
+        f_path = ::Pathname.new(f)
+        bin_path = ::Pathname.new(bin)
+        target = File.join(meterpreter_dest, bin_path.relative_path_from(f_path))
         print("Copying: #{bin} -> #{target}\n")
-        FileUtils.cp(bin, target)
+        contents = ::File.binread(bin_path)
+        encrypted_contents = ::MetasploitPayloads::Crypto.encrypt(plaintext: contents)
+        output = ::Pathname.new(::File.expand_path(target))
+        ::FileUtils.mkdir_p(output.dirname) unless output.dirname.exist?
+        ::File.binwrite(output, encrypted_contents)
       end
     end
   end
@@ -61,6 +89,8 @@ end
 task :create_dir do
   Dir.mkdir(dest) unless Dir.exist?(dest)
   Dir.mkdir(meterpreter_dest) unless Dir.exist?(meterpreter_dest)
+  Dir.mkdir(java_dest) unless Dir.exist?(java_dest)
+  Dir.mkdir(android_dest) unless Dir.exist?(android_dest)
 end
 
 task :win_compile do
@@ -80,10 +110,9 @@ task :win_copy do
 end
 
 task :java_copy do
-  copy_files(platform_config[:java], meterpreter_dest)
-  FileUtils.remove_entry_secure('./java', :force => true)
-  FileUtils.cp_r('../java/output/data/android', dest)
-  FileUtils.cp_r('../java/output/data/java', dest)
+  copy_files(platform_config[:java_meterpreter], meterpreter_dest)
+  copy_files(platform_config[:java_output], java_dest)
+  copy_files(platform_config[:android], android_dest)
 end
 
 task :php_copy do

data/lib/metasploit-payloads/crypto.rb

@@ -0,0 +1,66 @@
+require 'openssl'
+
+module MetasploitPayloads
+  module Crypto
+    CIPHERS = {
+      chacha20: {
+        name: 'chacha20'.b,
+        version: 1,
+        iv: {
+          value: "\x52\x25\xd7\xab\x52\x8f\x3f\xf8\x94\x97\x08\x42\x33\xb9\xd3\xb6".b, # 16 bytes
+          version: 1
+        },
+        key: {
+          value: "\x28\x39\x97\x4c\x95\x11\x9d\x42\x6c\x8b\xff\x43\x3e\x5d\x3c\x33\x1b\x95\xd3\xea\xeb\xc9\xae\x71\x0a\x36\xe7\x98\x3d\x9d\x09\x52".b, # 32 bytes
+          version: 1
+        }
+      }
+    }.freeze
+    CURRENT_CIPHER = CIPHERS[:chacha20]
+    CIPHER_VERSION = CURRENT_CIPHER[:version]
+    KEY_VERSION = CURRENT_CIPHER[:key][:version]
+    IV_VERSION = CURRENT_CIPHER[:iv][:version]
+    # Binary String, unsigned char, unsigned char, unsigned char
+    ENCRYPTED_PAYLOAD_HEADER = ['msf', CIPHER_VERSION, IV_VERSION, KEY_VERSION].pack('A*CCC')
+
+    private_constant :CIPHERS
+    private_constant :CURRENT_CIPHER
+    private_constant :CIPHER_VERSION
+    private_constant :KEY_VERSION
+    private_constant :IV_VERSION
+
+    def self.encrypt(plaintext: '')
+      raise ::ArgumentError, 'Unable to encrypt plaintext: ' << plaintext, caller unless plaintext.to_s
+
+      cipher = ::OpenSSL::Cipher.new(CURRENT_CIPHER[:name])
+
+      cipher.encrypt
+      cipher.iv = CURRENT_CIPHER[:iv][:value]
+      cipher.key = CURRENT_CIPHER[:key][:value]
+
+      output = ENCRYPTED_PAYLOAD_HEADER.dup
+      output << cipher.update(plaintext)
+      output << cipher.final
+
+      output
+    end
+
+    def self.decrypt(ciphertext: '')
+      raise ::ArgumentError, 'Unable to decrypt ciphertext: ' << ciphertext, caller unless ciphertext.to_s
+
+      cipher = ::OpenSSL::Cipher.new(CURRENT_CIPHER[:name])
+
+      cipher.decrypt
+      cipher.iv = CURRENT_CIPHER[:iv][:value]
+      cipher.key = CURRENT_CIPHER[:key][:value]
+
+      # Remove encrypted header if present
+      ciphertext = ciphertext.sub(ENCRYPTED_PAYLOAD_HEADER, '')
+
+      output = cipher.update(ciphertext)
+      output << cipher.final
+
+      output
+    end
+  end
+end

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.156'
+  VERSION = '2.0.158'
 
   def self.version
     VERSION

data/lib/metasploit-payloads.rb

@@ -3,6 +3,7 @@
 require 'openssl' unless defined? OpenSSL::Digest
 require 'metasploit-payloads/version' unless defined? MetasploitPayloads::VERSION
 require 'metasploit-payloads/error' unless defined? MetasploitPayloads::Error
+require 'metasploit-payloads/crypto' unless defined? MetasploitPayloads::Crypto
 
 #
 # This module dispenses Metasploit payload binary files
@@ -43,8 +44,9 @@ module MetasploitPayloads
     manifest_contents.each_line do |line|
       filename, hash_type, hash = line.chomp.split(':')
       begin
+        filename = filename.sub('./data/', '')
         # self.path prepends the gem data directory, which is already present in the manifest file.
-        out_path = self.path(filename.sub('./data/', ''))
+        out_path = self.path(filename)
         # self.path can return a path to the gem data, or user's local data.
         bundled_file = out_path.start_with?(data_directory)
         if bundled_file
@@ -137,15 +139,25 @@ module MetasploitPayloads
 
   #
   # Get the contents of any file packaged in this gem by local path and name.
+  # If the file is encrypted using ChaCha20, automatically decrypt it and return the file contents.
   #
   def self.read(*path_parts)
-    file_path = path(path_parts)
-    if file_path.nil?
-      full_path = ::File.join(path_parts)
-      raise ::MetasploitPayloads::NotFoundError, full_path, caller
+    file_path = self.path(path_parts)
+
+    begin
+      file_contents = ::File.binread(file_path)
+    rescue ::Errno::ENOENT => _e
+      raise ::MetasploitPayloads::NotFoundError, file_path, caller
+    rescue ::Errno::EACCES => _e
+      raise ::MetasploitPayloads::NotReadableError, file_path, caller
+    rescue ::StandardError => e
+      raise e
     end
 
-    ::File.binread(file_path)
+    encrypted_file = file_contents.start_with?(Crypto::ENCRYPTED_PAYLOAD_HEADER)
+    return file_contents unless encrypted_file
+
+    Crypto.decrypt(ciphertext: file_contents)
   end
 
   #

data/manifest

@@ -1,96 +1,97 @@
-./data/android/apk/AndroidManifest.xml:SHA3-256:cff0a10406eef30a6e8b558efa6695a2e183f11ada105e2fc2342ab174f1fc95
-./data/android/apk/classes.dex:SHA3-256:0ca34b9e74428678ca808e3601eb30ec78256d76a38c8eecf26e5f419837b769
-./data/android/apk/resources.arsc:SHA3-256:9a6f5eb5cb24fb1f83808a67c692e66c1a698d6222db2000b8b07e595689311f
-./data/android/meterpreter.dex:SHA3-256:4596cdac6b36141c35d026f6c349416097f6968f8fb95a7a1421e0fbd1da9d65
-./data/android/meterpreter.jar:SHA3-256:9074f6c3d94225e8c7e35efd0ae9f16da760137fb355637e670d83d40e7b6c15
-./data/android/metstage.jar:SHA3-256:0de4dddf289ebe0d03bfe8b13161a3ddb284c5d658634c9988b73fd5f21db064
-./data/android/shell.jar:SHA3-256:f3a4554d8eeee773247f50e8bf951ced61cf521f0ab867329f7a23d8e21c90c4
-./data/java/com/metasploit/meterpreter/JarFileClassLoader.class:SHA3-256:70e39898965b1cdcf7efeab2fff76471950fb19d6e0d03589ff3a15705c35f2b
-./data/java/javapayload/stage/Meterpreter.class:SHA3-256:7c2cada964463b28f0d9d900e4979d79a7d8931d00c514f46cf589cf7b77e2e7
-./data/java/javapayload/stage/Shell.class:SHA3-256:78aeee685de937bd62a5364ca1a16a798f1c963968b829bcfcb675723d4f8650
-./data/java/javapayload/stage/Stage.class:SHA3-256:d99ce29ee9dfc87830e114bf872c7f75c40eac6f759a85537a661dfdea62a003
-./data/java/javapayload/stage/StreamForwarder.class:SHA3-256:d2b38771450580a68f7ff6131798d53ff979f2bcd2e5b0f444f6d90a25274599
-./data/java/metasploit/AESEncryption.class:SHA3-256:66007714b525a8151208e133755f7e0fe1fbf1bd27fe11618722d428886fbb69
-./data/java/metasploit/JMXPayload.class:SHA3-256:74a131478fd1afa1c863cc000674cf145182ece98e8f8cfba5e406022d6be0e9
-./data/java/metasploit/JMXPayloadMBean.class:SHA3-256:58e5dd1100a80110264f249e01eca58a56ed05f255f70fc30b67e1c0859d7873
-./data/java/metasploit/Payload.class:SHA3-256:c53080cf5ab6ea1d57cd1430419234fc0146e0d5cb970db569e4ddabcf3e0c66
-./data/java/metasploit/PayloadServlet.class:SHA3-256:56f7c3d907ec4cea0a0685627fe5be2edc021e5fd13a62d26846bfc41373d0bb
-./data/java/metasploit/PayloadTrustManager.class:SHA3-256:e2d25c8b3e43f584e198e46c2576b367f96275800a96a42fd2dc2c81059a3c41
-./data/java/metasploit/RMILoader.class:SHA3-256:4add539548d76e0142ff5e6ccdba6ee4b21191354be1a40499cb2a745b480bee
-./data/java/metasploit/RMIPayload.class:SHA3-256:0d3e96836a8c3591f4bc827b33c4edb0b4f505a9f17cb0bdb27a367fb71d53c3
-./data/meterpreter/dump_sam.x64.debug.dll:SHA3-256:210ad070a13d5cd32ec2dfe95fc9910df0fa23470a21fcc6d93e93ea100fc6e5
-./data/meterpreter/dump_sam.x64.dll:SHA3-256:1a0df7078309c0965bec5abfaa64983307f0b7d7576e5240b245d7752f6ece30
-./data/meterpreter/dump_sam.x86.debug.dll:SHA3-256:2926f9244f12450c35c21f69c8a9773643bc225dcf62a811e107b9763ffc5cef
-./data/meterpreter/dump_sam.x86.dll:SHA3-256:316fbf8def866355610c638d9b98a04df8e1e391a8703142530ff537658a082a
-./data/meterpreter/elevator.x64.debug.dll:SHA3-256:c726c77c374d91cbe159b675ae0d93e831a9fcc23b5136e75ae0a3d8b2e71159
-./data/meterpreter/elevator.x64.dll:SHA3-256:107ec906e21ed775c43808b2fa88cbfae05f1d9c9f6731f7182ce43856aba927
-./data/meterpreter/elevator.x86.debug.dll:SHA3-256:e03a77137fad589549e6d7acc845eb31f7077eeb65a387921b3b50a61dba988f
-./data/meterpreter/elevator.x86.dll:SHA3-256:db4d7b24eb3b8c75754f6df3820c2b0e5a9f433303d735ea5718ce461d5daee7
-./data/meterpreter/ext_server_bofloader.x64.debug.dll:SHA3-256:86cd4aae0e0820172ea8143a75f2007f35bd5b07a1c6370661730703543a7267
-./data/meterpreter/ext_server_bofloader.x64.dll:SHA3-256:b32856c79b57d3ad29349c660d530adfa4c4af117ca63621575761009eac5536
-./data/meterpreter/ext_server_bofloader.x86.debug.dll:SHA3-256:9e8a105a7dd51696d67447487e10e07f7b468c556cee033babbd2e4e783d6b0a
-./data/meterpreter/ext_server_bofloader.x86.dll:SHA3-256:afd4ec3557826f65c57d7ecdc781120328b7dbabcabccbe414b357aed590072c
-./data/meterpreter/ext_server_espia.x64.debug.dll:SHA3-256:c307139cc083a5eae712064aca67a873165c8f943b6af0f23dee09e3929ffaad
-./data/meterpreter/ext_server_espia.x64.dll:SHA3-256:4f92b773010179756a924c42b38c2f9a160a9699e9d41853813ee3997c525ba7
-./data/meterpreter/ext_server_espia.x86.debug.dll:SHA3-256:a7e999d3e858251dc82f33a6466d0852fd81326b411dcd06297a8dabfa45bd4f
-./data/meterpreter/ext_server_espia.x86.dll:SHA3-256:2b2683578077600cd4b0bf25912560a411437a10859e2e747e78129202affb7a
-./data/meterpreter/ext_server_extapi.x64.debug.dll:SHA3-256:e432dc133cae38ee435ff5f389ddebd9ef3cd8d6c8ce5da0e38e0ef437aaa73a
-./data/meterpreter/ext_server_extapi.x64.dll:SHA3-256:b09236045935ce0da6b94aaf73e3e5c51b3692f11a267708184f70489ac8e562
-./data/meterpreter/ext_server_extapi.x86.debug.dll:SHA3-256:b4e7bdb466e151605b4e5d0012a284cbc231704800ca45a29b9ea06d592c3f3d
-./data/meterpreter/ext_server_extapi.x86.dll:SHA3-256:a0356d0a6cb3dda0d6bb3c1245bf2ac7166a40e4567e21305b95672a214c694c
-./data/meterpreter/ext_server_incognito.x64.debug.dll:SHA3-256:78ef2be792033d026d37d7af9b952d97a09c17128f95dab31155cc6c864633ed
-./data/meterpreter/ext_server_incognito.x64.dll:SHA3-256:b3195b67d68df83512eb36c9c3c95f7a335edb839cbd03ba0354359438523ed0
-./data/meterpreter/ext_server_incognito.x86.debug.dll:SHA3-256:877181c0e6ab162080331383930b539c36aecd70526d939625b0a9d4b90618f5
-./data/meterpreter/ext_server_incognito.x86.dll:SHA3-256:de7bfafb59c4e6f23902471abaf74d77b09f26967df42ac9c78bee75bb4f8496
-./data/meterpreter/ext_server_kiwi.x64.debug.dll:SHA3-256:a49803f0217c57d4a3a92a3905b250d301c7d379d9560fd24dfce377fc7f423f
-./data/meterpreter/ext_server_kiwi.x64.dll:SHA3-256:1b1d42b6bb01d6794afae78dea6b2d867d760d040e488167de2b7142dce928ee
-./data/meterpreter/ext_server_kiwi.x86.debug.dll:SHA3-256:408925fd63c768d36102ef857c57ace393fa41e1783bb2017b5f6278afefa18e
-./data/meterpreter/ext_server_kiwi.x86.dll:SHA3-256:89af43428e57a31bd3e5f84044769318309cd5d8f005689e2ff4608cb6b628c6
-./data/meterpreter/ext_server_lanattacks.x64.debug.dll:SHA3-256:9484e761b31a76a5fc288b1933822152ca08d71cf6a64445fb230089c8e728c8
-./data/meterpreter/ext_server_lanattacks.x64.dll:SHA3-256:4234237328b5f0f540bb93aa6ce7c6682e71ed40a944e12c9d4e01084dee5c68
-./data/meterpreter/ext_server_lanattacks.x86.debug.dll:SHA3-256:ab113fba6dde79a67cc010f2633dfedb345de1a0b89fe614a2cd5e7d626ffafa
-./data/meterpreter/ext_server_lanattacks.x86.dll:SHA3-256:e3ffe31dc855c30b0ff5f72e240c2c08277c6d36c74a854ca9029cdb36bb282d
-./data/meterpreter/ext_server_peinjector.x64.debug.dll:SHA3-256:d2c6731da0d83fedd735d8436cb8237eb09a3f59cad41e1dfb65a6c8953dca0b
-./data/meterpreter/ext_server_peinjector.x64.dll:SHA3-256:cc1388554865d38ce867685a3a803b98ad080be530ef1f6947de652fba60f273
-./data/meterpreter/ext_server_peinjector.x86.debug.dll:SHA3-256:d95569a0bafb1c66984bc79130be1a33fec9821dd131218281be0b462b118946
-./data/meterpreter/ext_server_peinjector.x86.dll:SHA3-256:77a657310da3c849ae0de7c769836bdf4f332c163d346ed08162b2ac038af495
-./data/meterpreter/ext_server_powershell.x64.debug.dll:SHA3-256:18a2e248f611d1aa544728c79bdaf4d7152261aeacf582245dfb5f8a170c76a6
-./data/meterpreter/ext_server_powershell.x64.dll:SHA3-256:3890dcf225589e36d07cc3822b63c4536618c60e1febcc8b9c5c4d3eab2515c9
-./data/meterpreter/ext_server_powershell.x86.debug.dll:SHA3-256:bae3a83a1d568c9f14c152a3c1f9e1988437ece468b3dc20d723552178e9fda7
-./data/meterpreter/ext_server_powershell.x86.dll:SHA3-256:2dc642fa5928fd5df8074d71417bba6e650d3c8905c26134931a15a0368cb007
-./data/meterpreter/ext_server_priv.x64.debug.dll:SHA3-256:3224d1f57a53b1a0667c0c16959a204c31e6c525a515b9de2123163917366397
-./data/meterpreter/ext_server_priv.x64.dll:SHA3-256:9af57b094b96f2b7c5a14fd537569c2087a2e3cf3a730df9ecd37a90dcddc811
-./data/meterpreter/ext_server_priv.x86.debug.dll:SHA3-256:996b53e9cf462e5389f478de5ae0315cec338f5e03e9c0ec5759095bdc074b96
-./data/meterpreter/ext_server_priv.x86.dll:SHA3-256:2717144646b5e1e95fbc041242799c6cc3b9a9e2efca8e6b6048b4804c0d7844
-./data/meterpreter/ext_server_python.x64.debug.dll:SHA3-256:7a45d68793a4c2bda635ed8bdfdf2369713aaa3a58877707c1a7dea8bb93211b
-./data/meterpreter/ext_server_python.x64.dll:SHA3-256:fc6e14e715d66e4308190a11ba623efd5346d8e52254ee527e49ab32f0373aeb
-./data/meterpreter/ext_server_python.x86.debug.dll:SHA3-256:eb03bea52ab72e16d42188ca57efad2cd27a1da72a76d4986d040222ea49459f
-./data/meterpreter/ext_server_python.x86.dll:SHA3-256:41a2e5169c9e207aa561135394e0ee370868ab87213db249fa0d2bb502c22ec0
-./data/meterpreter/ext_server_sniffer.x64.dll:SHA3-256:0aaa1cb3ef5b808ae490eee28e11104567710b2525ae85aa8deeb1de29610568
-./data/meterpreter/ext_server_sniffer.x86.dll:SHA3-256:a7274d7490e62c3f32cdf3305fc6b269d7c010ad48b488a9b45196f3165bf9ff
-./data/meterpreter/ext_server_stdapi.jar:SHA3-256:c064899075585b124102f7015ba6d0ab8aa5e773377ebed7e69cd467d3b6aa26
-./data/meterpreter/ext_server_stdapi.php:SHA3-256:92e931e6b47caad6df4249cc263fdbe5d2975c4163f5b06963208163b7af97b5
-./data/meterpreter/ext_server_stdapi.py:SHA3-256:3ed09316bdc2038873e5a3dc42bd8d725fdb66cf93a0f87300876d1e64ce6b3c
-./data/meterpreter/ext_server_stdapi.x64.debug.dll:SHA3-256:b0f652fba54a7ce8a5cc187af7bb1248f47d2b09195dd0457413c2806531a4fc
-./data/meterpreter/ext_server_stdapi.x64.dll:SHA3-256:575b89ff2ed5e5266b4fd0618e98c0fc84d5f4db9dc0717068c996447ee1bb61
-./data/meterpreter/ext_server_stdapi.x86.debug.dll:SHA3-256:c53766248a9e84f12b1b4ff2549be12516d4ae3c1a51d81b419cf94ee0f2df26
-./data/meterpreter/ext_server_stdapi.x86.dll:SHA3-256:79d42a3398819bbcb0cf184f836cbec311d58080c5a32a6a0bd2dde3cafbda29
-./data/meterpreter/ext_server_unhook.x64.debug.dll:SHA3-256:f231419e2df81147b09982c94fb1f14a81673e686aa2782b021e661bcc6439d6
-./data/meterpreter/ext_server_unhook.x64.dll:SHA3-256:cbab50027a607db6ffb67c140638ca4725c581fe8ae01da28ada826476d5c93d
-./data/meterpreter/ext_server_unhook.x86.debug.dll:SHA3-256:8a2d4617284696696caeb9ebca41d4543126a410b9bc04f2ed05cfc009875e9a
-./data/meterpreter/ext_server_unhook.x86.dll:SHA3-256:c8fdedf8cc8e85a86acfe19d0be82bb579c02db8ace4ff3c3206e8bfc056721e
-./data/meterpreter/ext_server_winpmem.x64.debug.dll:SHA3-256:4d32b56104c7bc6197b32f9136a55def6b960c289f2899c56340630990fd2d04
-./data/meterpreter/ext_server_winpmem.x64.dll:SHA3-256:5cb718650c24d821aececbbe117dc314ce9bc91aa00c5eaaead4fb36a47b3e67
-./data/meterpreter/ext_server_winpmem.x86.debug.dll:SHA3-256:f846b25220c77c22691f77c04f66f603a5117c4931224feeb7bf90029d520692
-./data/meterpreter/ext_server_winpmem.x86.dll:SHA3-256:1d79d29eb081b219cdbe7d2a66b05c67049a4ea396ff49d1992ae8d390f33456
-./data/meterpreter/meterpreter.jar:SHA3-256:79b0877c2683e2760ab8dfdf723b281100f721f76cd8f0a72ff590e504a3570d
-./data/meterpreter/meterpreter.php:SHA3-256:9389b1548410438d93ce12a2e276b7b2e77046845e6fca43b419b516de3871f9
-./data/meterpreter/meterpreter.py:SHA3-256:a4ed4d3bb4c28c208a3f00453ccd1c50bb958cc8c20905599e7ba40a3259dba5
-./data/meterpreter/metsrv.x64.debug.dll:SHA3-256:f81fa482712bf8255ea3bef05b4882689f7a3c3d6b14acfd0f1c9a4b4e26cd2f
-./data/meterpreter/metsrv.x64.dll:SHA3-256:9e1ecec54a771d25398d73f2d5dfa431d5dfb660c0ebef7add1064435b0a26bc
-./data/meterpreter/metsrv.x86.debug.dll:SHA3-256:106c7fcdb081c7a974efd027a407ebd5e3d9cc2daa1e6d66bab8827ed43197ee
-./data/meterpreter/metsrv.x86.dll:SHA3-256:850a4f9ebaaf93009c5a1be03d0820f61614eb773779ca62a0acb90af0c196d3
-./data/meterpreter/screenshot.x64.debug.dll:SHA3-256:5cf51eb791a3989b384ae9588fea28ae48065217a7b668076c8a1bb4d724bf9e
-./data/meterpreter/screenshot.x64.dll:SHA3-256:b00baa223f43463d7f1c75aa511fd685e643b72a1ba1e03c08eaf973bfcd76ee
-./data/meterpreter/screenshot.x86.debug.dll:SHA3-256:31410b67a47714fc52abab54b168cba2ef8753d6c6de9985c67a9e116c60d36a
-./data/meterpreter/screenshot.x86.dll:SHA3-256:b74544725f34d13b065c2364d4d75e07292c848b006e05a0122c4d1ac1ca8555
+./data/android/apk/AndroidManifest.xml:SHA3-256:7840cf2362a585c08443473d1088c173153440dcc34c3f33a7b26b4c7f63993d
+./data/android/apk/classes.dex:SHA3-256:79ea58d8048f53964fda2e6b074e4d7cd91895d5372e608bba8efa7bb8f4f927
+./data/android/apk/resources.arsc:SHA3-256:33b8f83a96ea99006deabf174315933770223dc9f3aa0fee11d2713a82cef9c2
+./data/android/meterpreter.dex:SHA3-256:b905c212e2aae1291cae39fff63e8108936e0b4ebd12de419df7b0cd96c7bbe2
+./data/android/meterpreter.jar:SHA3-256:d355fd28b29545a9eaed5be86b17b31f4dd2d081263cb0341da6556c513f1974
+./data/android/metstage.jar:SHA3-256:b87fe4caf3494e15b6bbd954772e8963a5caf16ccda56fe827cffcc21cffac4b
+./data/android/shell.jar:SHA3-256:535a06f8e1f320ed8677e1d97b86a90157e28821631c2c0b0706e17608bf7ec7
+./data/java/com/metasploit/meterpreter/JarFileClassLoader.class:SHA3-256:c0565db516427155e818c93338a48c5e9b2863d1c78f67e7aed910f530fb3cd5
+./data/java/javapayload/stage/Meterpreter.class:SHA3-256:cb82de46d567072f15768ef33b78dc69e8dfe841100d2828138aa090eddbf957
+./data/java/javapayload/stage/Shell.class:SHA3-256:1f6fe1a4a8b43432635e9b88174b493b0d99ee30207f1b5a1f2cac941286cdac
+./data/java/javapayload/stage/Stage.class:SHA3-256:523e88dbd0ec8eb3fb643a7645634eda25ab868498d6f4df344c5d1c7a7f088e
+./data/java/javapayload/stage/StreamForwarder.class:SHA3-256:52e4340d05e222172c691ccf4a5254a924351b3c9c2a23300734304bc09d4a4e
+./data/java/metasploit/AESEncryption.class:SHA3-256:79e8b020c485365820f88cc6b56b72856470a7e87791e34fed4e89fc50087b09
+./data/java/metasploit/JMXPayload.class:SHA3-256:fc5ebb5232145099180c968111eeb7dc87720ecdf7d7537510e5c7cf2cfb24ee
+./data/java/metasploit/JMXPayloadMBean.class:SHA3-256:5c5a727171d4f01d81f3577e0a1e8a09acfe40e3cbf5b6154ee1ec453f429161
+./data/java/metasploit/Payload.class:SHA3-256:eaad07fd25db8e1befd644f50b542f19c4f26615b4e65149105070695d82157a
+./data/java/metasploit/PayloadServlet.class:SHA3-256:e3ae5fa9f9335f0acf53f6767fb7a9e5623300d3717a47604feef67e8493e530
+./data/java/metasploit/PayloadTrustManager.class:SHA3-256:ca554af859554552a58e30c26fd91423e0a8e4a28d798c57607dd33896eb6623
+./data/java/metasploit/RMILoader.class:SHA3-256:dafa8e46003791bef91734eec2693cb19d5ed86688af9127e1698d526a0da9a9
+./data/java/metasploit/RMIPayload.class:SHA3-256:ff5dbf1ab4ac01408db958b7dd802be2f08d23c14552a7f51401ff62f366422b
+./data/meterpreter/dump_sam.x64.debug.dll:SHA3-256:6754c7febcb0d03b0ef15dc99815df0fa542b60c0d78bd86e2ec0375404c46f5
+./data/meterpreter/dump_sam.x64.dll:SHA3-256:325bb11a670424a0a2f738fd65e320f029792b22f03430a0d7c383de7e082539
+./data/meterpreter/dump_sam.x86.debug.dll:SHA3-256:b85081c3332be5be84cd74f7cd22d0e81951198563d408559ca6f4e3ffb345ca
+./data/meterpreter/dump_sam.x86.dll:SHA3-256:8ca4e23a18c1b827290bb6bc03c64c28f4df7167f04135923345bf8f07035b03
+./data/meterpreter/elevator.x64.debug.dll:SHA3-256:a4ff3c6e4bb276009c2d391166e8843d58221bd61c3ab967264ef8d4665c0284
+./data/meterpreter/elevator.x64.dll:SHA3-256:6987bcb06d77a32691a4222afb19e091e4b71b8afdddf8e931cbdd39b1655200
+./data/meterpreter/elevator.x86.debug.dll:SHA3-256:26aa25fb3b4d80d8a7bdd0d214bbe08daf942a566c4955e89819490ac6329002
+./data/meterpreter/elevator.x86.dll:SHA3-256:d25c174430d88356fb38acbe5f1a918b86dca7d82ac6f824979b089a39d77aa8
+./data/meterpreter/ext_server_bofloader.x64.debug.dll:SHA3-256:447c3f59849f8f2d169b3be04bf13c5c154d53cf5f917e0c03d1025352304988
+./data/meterpreter/ext_server_bofloader.x64.dll:SHA3-256:6352e3a5030417f7b1c497a003cbb8e9b74cd9556c7ea011619f973889fc9ec6
+./data/meterpreter/ext_server_bofloader.x86.debug.dll:SHA3-256:9330aac1edf6e87cbd600c2b2ee44f7187a91b1cfc72bbf8a1d45e5fc15d9cf5
+./data/meterpreter/ext_server_bofloader.x86.dll:SHA3-256:644d8c8eeb4ceaee530dbd7d04379068af398eab7a8c2647721b58f32455fa94
+./data/meterpreter/ext_server_espia.x64.debug.dll:SHA3-256:02e2a550c9d7fc2ba3fd996cef03d5f55b6676900934b32e0d80da4f56786e7a
+./data/meterpreter/ext_server_espia.x64.dll:SHA3-256:213be244f651604164f2c2fda3c9df320099c99740194f575b12db8394a03cb7
+./data/meterpreter/ext_server_espia.x86.debug.dll:SHA3-256:93a5f0a8d1f4487cfd924d15a0ed37e696e1f06a2db31818a13d4e70febbcd25
+./data/meterpreter/ext_server_espia.x86.dll:SHA3-256:ac965a7c8f7a4ee9171bc7b66f4fb6bc355e379fc204188746eb77aff9f881dd
+./data/meterpreter/ext_server_extapi.x64.debug.dll:SHA3-256:4ca236199c2858f7f73e65addc794be1907f63cfd0e5fa9b76af9e980859f34b
+./data/meterpreter/ext_server_extapi.x64.dll:SHA3-256:ba4c960ab497e940abee379fbf876fe6268ff3a3052d84a83b3188e54aa3953d
+./data/meterpreter/ext_server_extapi.x86.debug.dll:SHA3-256:83a102450e21bd93ea3ab5b9e39f3cfe167585247af0fa9841c089c9fd38a6a5
+./data/meterpreter/ext_server_extapi.x86.dll:SHA3-256:d444bb4b044a666f40d95db98075eca80f39b7c07edb77b43b97507d3c798aad
+./data/meterpreter/ext_server_incognito.x64.debug.dll:SHA3-256:354de8eb185bd8baf56d9849c63a7154981529b3b96cd46bac871516975065f3
+./data/meterpreter/ext_server_incognito.x64.dll:SHA3-256:391394c882e2b83a73615be7684d4a7c6b50a28ac17ee01702bd3a8c1ec88927
+./data/meterpreter/ext_server_incognito.x86.debug.dll:SHA3-256:08cccbac96da86527a71915e8248821bc1223cf966715f7be08666a8a1d8c263
+./data/meterpreter/ext_server_incognito.x86.dll:SHA3-256:e6a0fbeaef44f93c8d9255b713213967ea37d97acf32237cee020bd0b43f7683
+./data/meterpreter/ext_server_kiwi.x64.debug.dll:SHA3-256:616caa2df3a5254fef7cf7320d5ea5471c93e4f1ea1753393a00e51b33a639d9
+./data/meterpreter/ext_server_kiwi.x64.dll:SHA3-256:83676ac9b1b5737e550e763ec5d75771f48aeec46968085aa0ffc36d9240ad7a
+./data/meterpreter/ext_server_kiwi.x86.debug.dll:SHA3-256:f35c33f85b0a7ef133168d88eda99f387569be0691a2c0d1c35e74204058bf91
+./data/meterpreter/ext_server_kiwi.x86.dll:SHA3-256:4ddb5b71c2c6ad1bbef5f70a51a72d7c994b75649650c3fa1d9ae6db3fb251ac
+./data/meterpreter/ext_server_lanattacks.x64.debug.dll:SHA3-256:759fd8cdb2e3b983c1b4533efeb48889a7150253fd72745f0fbb3dbcbf681745
+./data/meterpreter/ext_server_lanattacks.x64.dll:SHA3-256:caefffcd6239affbb39b6479185fa115d8c61a4512a4dcf72f257948a0359c23
+./data/meterpreter/ext_server_lanattacks.x86.debug.dll:SHA3-256:75382e26f6510355504c0d641564e4a73dd077607812845fd8eab4dc16f2bb9f
+./data/meterpreter/ext_server_lanattacks.x86.dll:SHA3-256:195ed2bbb501e058ff2384150993319a96cc78aa1b1a70f2c796c59dc5f6c3b9
+./data/meterpreter/ext_server_peinjector.x64.debug.dll:SHA3-256:ca7eb8aedf03a8359655017c54f43461ba2c57bfee4d523018713cf3a8febb20
+./data/meterpreter/ext_server_peinjector.x64.dll:SHA3-256:de213f9e96fdec46aa7718e9fb3b55ba0698efdfed34b6838af690f3abad17e8
+./data/meterpreter/ext_server_peinjector.x86.debug.dll:SHA3-256:ad2a4a388cc6f7af7356178543a61781399695348f64fc702b0a88c0cc7802a6
+./data/meterpreter/ext_server_peinjector.x86.dll:SHA3-256:ad3bbeca797e879d8a23a7f14fbe949c8262b51cd91a2b20cf65dea01fc90879
+./data/meterpreter/ext_server_powershell.x64.debug.dll:SHA3-256:1ea8b483d269725a3c126d60ea2da254c3557c8b72a01f1be947711c0796cbda
+./data/meterpreter/ext_server_powershell.x64.dll:SHA3-256:7bf3d98cead48716bde4763d3f956c3490bd9e8604e30c8253cd3bc7530de3b9
+./data/meterpreter/ext_server_powershell.x86.debug.dll:SHA3-256:072ac649894fd570f1c37284eccab0c0a58f4adea9f4aad06965fef40ff1a5cb
+./data/meterpreter/ext_server_powershell.x86.dll:SHA3-256:65ed5569cf48934515004e6082525bd97dbe56ea6c528b4e349009485e3cf6fe
+./data/meterpreter/ext_server_priv.x64.debug.dll:SHA3-256:b4e6327d7c762c89bea367952d24dde65207d04e58ff3c3803b9e491c781ad3f
+./data/meterpreter/ext_server_priv.x64.dll:SHA3-256:9379d35c137ef8911b962ab503f1ef394ebdbb46d8d03196f8e57cee24587456
+./data/meterpreter/ext_server_priv.x86.debug.dll:SHA3-256:6c477af2aa7251517cc32f78c788fca77bb8072b096ac0ed341a2d5349934d63
+./data/meterpreter/ext_server_priv.x86.dll:SHA3-256:f8af77b54a67c9e945f46070d8840b212967a9d763ee964671f4568871690c69
+./data/meterpreter/ext_server_python.x64.debug.dll:SHA3-256:2e8c8c8896397c686fa63b3658986d498884f835776c3bb53425f503ba691e43
+./data/meterpreter/ext_server_python.x64.dll:SHA3-256:eaaf729f678744602ca90319d78fb5b40939d8b11876cd243cd75c0f22bdb38e
+./data/meterpreter/ext_server_python.x86.debug.dll:SHA3-256:44e8de6f8b3de8b574e25f9476a83d9fa86e4c7706b7d9015c625726a08d9f7e
+./data/meterpreter/ext_server_python.x86.dll:SHA3-256:61988ded99dca844f5a9b456c70f6a2ddd4c090ebb049203f1c3d2a378b0f1e5
+./data/meterpreter/ext_server_sniffer.x64.dll:SHA3-256:d2b79ecd70e482537c6d567b638a735ac558572b76989687649f5180be139de7
+./data/meterpreter/ext_server_sniffer.x86.dll:SHA3-256:7459e98adc4b3c499fcfedeff5fb6dd20c5d28f089dd9e523f004ed276b5ec31
+./data/meterpreter/ext_server_stdapi.jar:SHA3-256:1b0f9989d196b5e01c9bdf8bf2b5f7a6905bd454c2d9cb19be16ab1f23690f89
+./data/meterpreter/ext_server_stdapi.php:SHA3-256:405f79d15b270baa012f1d2875b6d26abdb987401ca0321ca027e8ab0d5ef28d
+./data/meterpreter/ext_server_stdapi.py:SHA3-256:752606a378d2da68d1be8e8c01389f04505c1f2bcce38be43e0deab675794592
+./data/meterpreter/ext_server_stdapi.x64.debug.dll:SHA3-256:8d8b0c4a582ae0c68dabce0cd737a5248a30d83dae9144e0bc9eeb0bd191ad66
+./data/meterpreter/ext_server_stdapi.x64.dll:SHA3-256:b7be52b28dbad0e4a7e2f92d5ae5bb1524c3cf0aa067dfe97b5db5feab4b6dfd
+./data/meterpreter/ext_server_stdapi.x86.debug.dll:SHA3-256:ba2d387df9e0c7167d66c5e35052e86a7772138c41c2fb1fec3c92f93ef7aac1
+./data/meterpreter/ext_server_stdapi.x86.dll:SHA3-256:29da7c51a97281ce3922eceb559016724a9b8533412e4dc2ec5a6c0636629604
+./data/meterpreter/ext_server_unhook.x64.debug.dll:SHA3-256:26378dacb381a28fe9e595a1b5fd572086214920224385c8f3dc4cd819d8dbd6
+./data/meterpreter/ext_server_unhook.x64.dll:SHA3-256:a4fa483f59dbeb43cab92069480b3f7dd48d86eb6debbbce3babc40fa5a1eb69
+./data/meterpreter/ext_server_unhook.x86.debug.dll:SHA3-256:f04c293495daf9eac22915651b9661bee67aaa12319c5bb566e4d9e92b2dad55
+./data/meterpreter/ext_server_unhook.x86.dll:SHA3-256:efcc529d3b5b98d6a1d9c8414922fc6699e87fde41e6fa50092be76bb5526f3c
+./data/meterpreter/ext_server_winpmem.x64.debug.dll:SHA3-256:b8d32c50d4efaf28a05d834e9f248495aba56270311a220436b931c8befa68de
+./data/meterpreter/ext_server_winpmem.x64.dll:SHA3-256:c59284a53ed2883ade5b8cae76065a7c2e39fec2da695bf20495ca0597d47116
+./data/meterpreter/ext_server_winpmem.x86.debug.dll:SHA3-256:4a6fc66c6437274d0b639ec9310e0b9eac0ec192b445f15a88871b35d5754c62
+./data/meterpreter/ext_server_winpmem.x86.dll:SHA3-256:e3bcf3692f88b45168f0e00cd28e69c9800edb0fa127892fe5bdc835a228a0bf
+./data/meterpreter/meterpreter.jar:SHA3-256:f9103d8aaf5053ebe1a52c0fb1e9f3ba5fdcac70bfee1ba95b9681c910e95244
+./data/meterpreter/meterpreter.php:SHA3-256:5de0fa5a38305c9fde9f2617df0a96f669cd7a9bb8b4bba6885a6413eb6779b6
+./data/meterpreter/meterpreter.py:SHA3-256:eb979cb8e4743c33a44731218b9ef9bff02967f0384c828465aa8cfc41f66e15
+./data/meterpreter/metsrv.x64.debug.dll:SHA3-256:9b551ac393f9be4f17086084684cad16a8b429a470643b3e78413524a8c7008a
+./data/meterpreter/metsrv.x64.dll:SHA3-256:23469b8f7b5243505c56aee382851a24af659bc6745a41761e43f3554b8a6a32
+./data/meterpreter/metsrv.x86.debug.dll:SHA3-256:dfff236bf37f0df80cd73d42a036bd066f818866408a29f901cfc1d26e05df7f
+./data/meterpreter/metsrv.x86.dll:SHA3-256:9181b3a2671397560e092d55831a638343338d6d08e6c875afa62a27205fa9a8
+./data/meterpreter/screenshot.x64.debug.dll:SHA3-256:b4179caf48aecaf9583556159cc07d5bb22217a64eb484580bed25ac7602e0f8
+./data/meterpreter/screenshot.x64.dll:SHA3-256:ea7482255a6b05a8935f5d8f3f7089cf0e5e0eb0d0a287ed4db327e9f4381d55
+./data/meterpreter/screenshot.x86.debug.dll:SHA3-256:6a35f58ffc39c63f442f793442ced5bf52624166b355373e6bbc921e61dc01dd
+./data/meterpreter/screenshot.x86.dll:SHA3-256:6c91c4a9d1beaa3b41dc5053bb3534213deeb84373cdaa948ed93fa00b4b391b
+./data/meterpreter/tests/test_ext_server_stdapi.py:SHA3-256:80d2f7a0f3fc80ad429e33d9b1afb22e230c3a2da559f8e9ebf11cba26d575f7

data/manifest.uuid

@@ -1 +1 @@
-70cc90c25d23f0b4c91f1377e4f12535cff1a2d7e70768f79c547ee0ef5c70d9
+763897d12e762d9c13ddd7407fd200a7f97b3445d95c50fd465dd2deaa7cd5be

data/spec/metasploit_payloads/crypto_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+require 'metasploit-payloads'
+
+RSpec.describe ::MetasploitPayloads::Crypto do
+  describe '#encrypt' do
+    let(:encrypted_header) { ::MetasploitPayloads::Crypto::ENCRYPTED_PAYLOAD_HEADER }
+    let(:plaintext) { "Hello World!".b }
+    let(:ciphertext) { encrypted_header + "\x89:^r\xC1\xC9\xD9\xA1\xDC\xEB\xBFm".b }
+
+    it 'can encrypt plaintext' do
+      expect(described_class.encrypt(plaintext: plaintext)).to eq ciphertext
+    end
+
+    it 'can decrypt ciphertext' do
+      expect(described_class.decrypt(ciphertext: ciphertext)).to eq plaintext
+    end
+
+    it 'is idempotent' do
+      expect(described_class.decrypt(ciphertext: described_class.encrypt(plaintext: plaintext))).to eq plaintext
+    end
+  end
+end

data/spec/metasploit_payloads/metasploit_payloads_spec.rb

@@ -246,4 +246,34 @@ RSpec.describe ::MetasploitPayloads do
       end
     end
   end
+
+  describe '#read' do
+    let(:encrypted_header) { 'encrypted_payload_chacha20_v1' }
+    let(:raw_file) { { name: 'meterpreter.py', contents: 'sample_file_contents' } }
+    # ChaCha20 encrypted contents
+    let(:encrypted_contents) { "gg\xB7R\x96\xA00\x84\xC4\xBF5\x1D\xDBG6J\n\x86\x06\xF1" }
+    let(:encrypted_file) { { name: raw_file[:name], contents: encrypted_header + encrypted_contents } }
+
+    before :each do
+      allow(::MetasploitPayloads).to receive(:path).and_call_original
+      allow(::MetasploitPayloads).to receive(:path).with([encrypted_file[:name]]).and_return(encrypted_file[:name])
+      allow(::MetasploitPayloads).to receive(:path).with([raw_file[:name]]).and_return(raw_file[:name])
+
+      allow(::File).to receive(:binread).and_call_original
+      allow(::File).to receive(:binread).with(encrypted_file[:name]).and_return(encrypted_file[:contents])
+      allow(::File).to receive(:binread).with(raw_file[:name]).and_return(raw_file[:contents])
+    end
+
+    context 'an encrypted file' do
+      it 'returns plain-text file contents' do
+        expect(subject.read(encrypted_file[:name])).to eq(raw_file[:contents])
+      end
+    end
+
+    context 'a plain-text file' do
+      it 'returns plain-text file contents' do
+        expect(subject.read(raw_file[:name])).to eq(raw_file[:contents])
+      end
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.156
+  version: 2.0.158
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2023-10-11 00:00:00.000000000 Z
+date: 2023-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -239,12 +239,15 @@ files:
 - data/meterpreter/screenshot.x64.dll
 - data/meterpreter/screenshot.x86.debug.dll
 - data/meterpreter/screenshot.x86.dll
+- data/meterpreter/tests/test_ext_server_stdapi.py
 - lib/metasploit-payloads.rb
+- lib/metasploit-payloads/crypto.rb
 - lib/metasploit-payloads/error.rb
 - lib/metasploit-payloads/version.rb
 - manifest
 - manifest.uuid
 - metasploit-payloads.gemspec
+- spec/metasploit_payloads/crypto_spec.rb
 - spec/metasploit_payloads/metasploit_payloads_spec.rb
 - spec/spec_helper.rb
 homepage: http://www.metasploit.com