metasploit-payloads 2.0.48 → 2.0.52

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b4ebeff606061a918b56af763ae9805ab29e677ed65babebc048750b77e1e64
-  data.tar.gz: '038ad1767ddd11bcc6f28bde15ba5db94b69cce108ffd125c006849787b2cf02'
+  metadata.gz: 44fbd2938803ac879371f61c66ba3f40c5939fa4afd8b2d4ec7de0c1c25aaa09
+  data.tar.gz: fab9960391ecf3b54398b01ab07c087a349dc24fbcd53e7de36a5691ddadf614
 SHA512:
-  metadata.gz: 01147ee86c2d166c2747d956779ad48d56341b7e320f28929512c83def63388adf2a6afa218b3f854fc092b6d7d69261e1fc963b999f6536f151c11f13e0fcbe
-  data.tar.gz: 37bd7b524e2d7622e9b97dfa6d780aa3490d2dcb0f3ba7b3b40098db9e36664dccad08bd01a8c9908c8323f7c0acd1165185aca466975319495c174fd10c09a3
+  metadata.gz: 7eb88c7bc0ab1e8d742b538c4cd8c8d7169dc6b46af6705494ccd82cd79c6ff2396589e2e9f2f4325956967c607b367b7347b2ee6a293075d0005c8fc06e7034
+  data.tar.gz: e0610123d50eb695ccaf6471d42fcbee4e5cd79f181f3990162998cc3cacf1be03f0574481f8a4186a6e58e26a5b10065ef1edc61190f9ecbe205260f723d027

data/data/meterpreter/ext_server_stdapi.py

@@ -649,6 +649,7 @@ PROCESS_EXECUTE_FLAG_HIDDEN = (1 << 0)
 PROCESS_EXECUTE_FLAG_CHANNELIZED = (1 << 1)
 PROCESS_EXECUTE_FLAG_SUSPENDED = (1 << 2)
 PROCESS_EXECUTE_FLAG_USE_THREAD_TOKEN = (1 << 3)
+PROCESS_EXECUTE_FLAG_SUBSHELL         = (1 << 6)
 
 PROCESS_ARCH_UNKNOWN = 0
 PROCESS_ARCH_X86 = 1
@@ -1146,11 +1147,12 @@ def stdapi_sys_process_execute(request, response):
     flags = packet_get_tlv(request, TLV_TYPE_PROCESS_FLAGS)['value']
     if len(cmd) == 0:
         return ERROR_FAILURE, response
-    if os.path.isfile('/bin/sh'):
-        args = ['/bin/sh', '-c', cmd + ' ' + raw_args]
+    if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
+        args = ['/bin/sh', '-c', cmd, raw_args]
     else:
         args = [cmd]
         args.extend(shlex.split(raw_args))
+
     if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):
         if has_pty:
             master, slave = pty.openpty()
@@ -1161,7 +1163,7 @@ def stdapi_sys_process_execute(request, response):
                     termios.tcsetattr(master, termios.TCSADRAIN, settings)
                 except:
                     pass
-            proc_h = STDProcess(args, stdin=slave, stdout=slave, stderr=slave, bufsize=0)
+            proc_h = STDProcess(args, stdin=slave, stdout=slave, stderr=slave, bufsize=0, preexec_fn=os.setsid)
             proc_h.stdin = os.fdopen(master, 'wb')
             proc_h.stdout = os.fdopen(master, 'rb')
             proc_h.stderr = open(os.devnull, 'rb')

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.48'
+  VERSION = '2.0.52'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.48
+  version: 2.0.52
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-07-16 00:00:00.000000000 Z
+date: 2021-08-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake