metasploit-payloads 2.0.51 → 2.0.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +23 -1
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/meterpreter.py +39 -22
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0fbcfbe46a267ae62eb3d0311ad2b8f74c67b554af643e831d572e5f5884f632
|
|
4
|
+
data.tar.gz: 7aa3192b0be1dd60541b609fdd0d5888b3a4d59c19756322b9c899417916d54c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 19dce631c6385cf74d2238790f9b249dd888df53ef92cc29a7f0e126b55e25bb699021cd4fe7ae44b76aa52f80c8fdd4e42949f80dd7b9c60cbb806993ad219a
|
|
7
|
+
data.tar.gz: bc994d5b3681824e3f22713abdf19bdc7f23d3c96922601288135701b9ab0d68cace7bbf171d4b2eeffadf78b5a3c044de05c9ad5e4a704f2f10d22998e1e6c0
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
Binary file
|
data/data/android/metstage.jar
CHANGED
|
Binary file
|
data/data/android/shell.jar
CHANGED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -39,6 +39,12 @@ try:
|
|
|
39
39
|
except ImportError:
|
|
40
40
|
has_termios = False
|
|
41
41
|
|
|
42
|
+
try:
|
|
43
|
+
import fcntl
|
|
44
|
+
has_fcntl = True
|
|
45
|
+
except ImportError:
|
|
46
|
+
has_fcntl = False
|
|
47
|
+
|
|
42
48
|
try:
|
|
43
49
|
import _winreg as winreg
|
|
44
50
|
has_winreg = True
|
|
@@ -610,6 +616,9 @@ TLV_TYPE_REGISTER_SIZE = TLV_META_TYPE_UINT | 2541
|
|
|
610
616
|
TLV_TYPE_REGISTER_VALUE_32 = TLV_META_TYPE_UINT | 2542
|
|
611
617
|
TLV_TYPE_REGISTER = TLV_META_TYPE_GROUP | 2550
|
|
612
618
|
|
|
619
|
+
TLV_TYPE_TERMINAL_ROWS = TLV_META_TYPE_UINT | 2600
|
|
620
|
+
TLV_TYPE_TERMINAL_COLUMNS = TLV_META_TYPE_UINT | 2601
|
|
621
|
+
|
|
613
622
|
##
|
|
614
623
|
# Ui
|
|
615
624
|
##
|
|
@@ -1159,7 +1168,6 @@ def stdapi_sys_process_execute(request, response):
|
|
|
1159
1168
|
if has_termios:
|
|
1160
1169
|
try:
|
|
1161
1170
|
settings = termios.tcgetattr(master)
|
|
1162
|
-
settings[3] = settings[3] & ~termios.ECHO
|
|
1163
1171
|
termios.tcsetattr(master, termios.TCSADRAIN, settings)
|
|
1164
1172
|
except:
|
|
1165
1173
|
pass
|
|
@@ -1167,6 +1175,7 @@ def stdapi_sys_process_execute(request, response):
|
|
|
1167
1175
|
proc_h.stdin = os.fdopen(master, 'wb')
|
|
1168
1176
|
proc_h.stdout = os.fdopen(master, 'rb')
|
|
1169
1177
|
proc_h.stderr = open(os.devnull, 'rb')
|
|
1178
|
+
proc_h.ptyfd = slave
|
|
1170
1179
|
else:
|
|
1171
1180
|
proc_h = STDProcess(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
1172
1181
|
proc_h.echo_protection = True
|
|
@@ -2548,3 +2557,16 @@ def stdapi_ui_get_idle_time(request, response):
|
|
|
2548
2557
|
idle_time = (GetTickCount() - info.dwTime) / 1000
|
|
2549
2558
|
response += tlv_pack(TLV_TYPE_IDLE_TIME, idle_time)
|
|
2550
2559
|
return ERROR_SUCCESS, response
|
|
2560
|
+
|
|
2561
|
+
@register_function_if(has_termios and has_fcntl)
|
|
2562
|
+
def stdapi_sys_process_set_term_size(request, response):
|
|
2563
|
+
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
|
|
2564
|
+
rows = packet_get_tlv(request, TLV_TYPE_TERMINAL_ROWS)['value']
|
|
2565
|
+
columns = packet_get_tlv(request, TLV_TYPE_TERMINAL_COLUMNS)['value']
|
|
2566
|
+
if channel_id in meterpreter.interact_channels:
|
|
2567
|
+
proc_h = meterpreter.channels[channel_id].proc_h
|
|
2568
|
+
winsize = struct.pack("HHHH", rows, columns, 0, 0)
|
|
2569
|
+
fcntl.ioctl(proc_h.stdin, termios.TIOCSWINSZ, winsize)
|
|
2570
|
+
else:
|
|
2571
|
+
return ERROR_FAILURE, response
|
|
2572
|
+
return ERROR_SUCCESS, response
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -347,6 +347,8 @@ COMMAND_IDS = (
|
|
|
347
347
|
(1115, 'stdapi_audio_mic_start'),
|
|
348
348
|
(1116, 'stdapi_audio_mic_stop'),
|
|
349
349
|
(1117, 'stdapi_audio_mic_list'),
|
|
350
|
+
(1118, 'stdapi_sys_process_set_term_size'),
|
|
351
|
+
|
|
350
352
|
)
|
|
351
353
|
# ---------------------------------------------------------------
|
|
352
354
|
|
|
@@ -639,13 +641,17 @@ class MeterpreterProcess(MeterpreterChannel):
|
|
|
639
641
|
super(MeterpreterProcess, self).__init__()
|
|
640
642
|
|
|
641
643
|
def close(self):
|
|
642
|
-
self.proc_h.
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
644
|
+
if self.proc_h.poll() is None:
|
|
645
|
+
self.proc_h.kill()
|
|
646
|
+
if self.proc_h.ptyfd is not None:
|
|
647
|
+
os.close(self.proc_h.ptyfd)
|
|
648
|
+
for stream in (self.proc_h.stdin, self.proc_h.stdout, self.proc_h.stderr):
|
|
649
|
+
if not hasattr(stream, 'close'):
|
|
650
|
+
continue
|
|
651
|
+
try:
|
|
652
|
+
stream.close()
|
|
653
|
+
except (IOError, OSError):
|
|
654
|
+
pass
|
|
649
655
|
|
|
650
656
|
def is_alive(self):
|
|
651
657
|
return self.proc_h.poll() is None
|
|
@@ -739,18 +745,26 @@ class MeterpreterSocketUDPClient(MeterpreterSocket):
|
|
|
739
745
|
export(MeterpreterSocketUDPClient)
|
|
740
746
|
|
|
741
747
|
class STDProcessBuffer(threading.Thread):
|
|
742
|
-
def __init__(self, std, is_alive):
|
|
743
|
-
threading.Thread.__init__(self)
|
|
748
|
+
def __init__(self, std, is_alive, name=None):
|
|
749
|
+
threading.Thread.__init__(self, name=name or self.__class__.__name__)
|
|
744
750
|
self.std = std
|
|
745
751
|
self.is_alive = is_alive
|
|
746
752
|
self.data = bytes()
|
|
747
753
|
self.data_lock = threading.RLock()
|
|
748
754
|
|
|
755
|
+
def _read1(self):
|
|
756
|
+
try:
|
|
757
|
+
return self.std.read(1)
|
|
758
|
+
except (IOError, OSError):
|
|
759
|
+
return bytes()
|
|
760
|
+
|
|
749
761
|
def run(self):
|
|
750
|
-
|
|
762
|
+
byte = self._read1()
|
|
763
|
+
while len(byte):
|
|
751
764
|
self.data_lock.acquire()
|
|
752
765
|
self.data += byte
|
|
753
766
|
self.data_lock.release()
|
|
767
|
+
byte = self._read1()
|
|
754
768
|
|
|
755
769
|
def is_read_ready(self):
|
|
756
770
|
return len(self.data) != 0
|
|
@@ -778,14 +792,15 @@ class STDProcess(subprocess.Popen):
|
|
|
778
792
|
debug_print('[*] starting process: ' + repr(args[0]))
|
|
779
793
|
subprocess.Popen.__init__(self, *args, **kwargs)
|
|
780
794
|
self.echo_protection = False
|
|
795
|
+
self.ptyfd = None
|
|
781
796
|
|
|
782
797
|
def is_alive(self):
|
|
783
798
|
return self.poll() is None
|
|
784
799
|
|
|
785
800
|
def start(self):
|
|
786
|
-
self.stdout_reader = STDProcessBuffer(self.stdout, self.is_alive)
|
|
801
|
+
self.stdout_reader = STDProcessBuffer(self.stdout, self.is_alive, name='STDProcessBuffer.stdout')
|
|
787
802
|
self.stdout_reader.start()
|
|
788
|
-
self.stderr_reader = STDProcessBuffer(self.stderr, self.is_alive)
|
|
803
|
+
self.stderr_reader = STDProcessBuffer(self.stderr, self.is_alive, name='STDProcessBuffer.stderr')
|
|
789
804
|
self.stderr_reader.start()
|
|
790
805
|
|
|
791
806
|
def write(self, channel_data):
|
|
@@ -1273,15 +1288,15 @@ class PythonMeterpreter(object):
|
|
|
1273
1288
|
data = bytes()
|
|
1274
1289
|
write_request_parts = []
|
|
1275
1290
|
if isinstance(channel, MeterpreterProcess):
|
|
1276
|
-
if
|
|
1277
|
-
|
|
1278
|
-
|
|
1279
|
-
|
|
1280
|
-
|
|
1281
|
-
|
|
1282
|
-
|
|
1283
|
-
elif not channel.is_alive():
|
|
1291
|
+
if channel_id in self.interact_channels:
|
|
1292
|
+
proc_h = channel.proc_h
|
|
1293
|
+
if proc_h.stderr_reader.is_read_ready():
|
|
1294
|
+
data = proc_h.stderr_reader.read()
|
|
1295
|
+
elif proc_h.stdout_reader.is_read_ready():
|
|
1296
|
+
data = proc_h.stdout_reader.read()
|
|
1297
|
+
if not channel.is_alive():
|
|
1284
1298
|
self.handle_dead_resource_channel(channel_id)
|
|
1299
|
+
channel.close()
|
|
1285
1300
|
elif isinstance(channel, MeterpreterSocketTCPClient):
|
|
1286
1301
|
while select.select([channel.fileno()], [], [], 0)[0]:
|
|
1287
1302
|
try:
|
|
@@ -1552,7 +1567,6 @@ class PythonMeterpreter(object):
|
|
|
1552
1567
|
status, response = channel.core_eof(request, response)
|
|
1553
1568
|
return ERROR_SUCCESS, response
|
|
1554
1569
|
|
|
1555
|
-
|
|
1556
1570
|
def _core_channel_interact(self, request, response):
|
|
1557
1571
|
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
|
|
1558
1572
|
if channel_id not in self.channels:
|
|
@@ -1614,7 +1628,10 @@ class PythonMeterpreter(object):
|
|
|
1614
1628
|
if result != ERROR_SUCCESS:
|
|
1615
1629
|
debug_print('[-] method ' + handler_name + ' resulted in error: #' + str(result))
|
|
1616
1630
|
else:
|
|
1617
|
-
|
|
1631
|
+
if handler_name is None:
|
|
1632
|
+
debug_print('[-] command id ' + str(commd_id_tlv['value']) + ' was requested but does not exist')
|
|
1633
|
+
else:
|
|
1634
|
+
debug_print('[-] method ' + handler_name + ' was requested but does not exist')
|
|
1618
1635
|
result = error_result(NotImplementedError)
|
|
1619
1636
|
|
|
1620
1637
|
reqid_tlv = packet_get_tlv(request, TLV_TYPE_REQUEST_ID)
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: metasploit-payloads
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.55
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OJ Reeves
|
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
|
98
98
|
-----END CERTIFICATE-----
|
|
99
|
-
date: 2021-
|
|
99
|
+
date: 2021-09-14 00:00:00.000000000 Z
|
|
100
100
|
dependencies:
|
|
101
101
|
- !ruby/object:Gem::Dependency
|
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
|
Binary file
|