metasploit-payloads 2.0.61 → 2.0.65

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4188f80b9a7c91f79f4085ca10626ec6b13ab0b3b7e65c4573791e4a66382d27
-  data.tar.gz: 7ad4dd897102be313e08336e50cfd74396c52f8c2e3b925ab7aa3da2b7664929
+  metadata.gz: 333e40cc4f8a571ffaad017a2706cbb0369506af905b45f4811ae012de27ac8f
+  data.tar.gz: ae8ac99011be5a55216d6a19d435d1f583ea16c6667b176416ec485ab97cebbe
 SHA512:
-  metadata.gz: a946d5504af1f234e03442151f52293cbd497788dcfbc26486c2ba2f107701cf122f80e9f075485c1426119b4f6d567de36bdf540d300f6f049bd9d27af67f4a
-  data.tar.gz: 41424d3e1c558e3b8c8036c226074e89185f3c45864db86dac4e98e1aa9d0bc13a0222830221823878f0759e0e7d3899f7aa11860568ae172a4da49e6378517d
+  metadata.gz: 46be295e38c171bc356a58ee0b0571f098d7f1fc6f162e5b24ede9a1e7f352e8979bf600944ae22e1adce8bec0c401ff368c287abcc973a418ac260e8ed3a25b
+  data.tar.gz: 84439b6514febed72052f2a3bb2d3833c06e8a05b23349bb2ab286a94f2c26e9aa62b3deb537b8d653b2b52604ce6c27450fa19cb84ed36d19eee8d91d2d47ec

data/data/meterpreter/ext_server_stdapi.php

@@ -461,7 +461,8 @@ function resolve_host($hostname, $family) {
     } elseif ($family == AF_INET6) {
         $dns_family = DNS_AAAA;
     } else {
-        throw new Exception('invalid family, must be AF_INET or AF_INET6');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return NULL;
     }
 
     $dns = dns_get_record($hostname, $dns_family);
@@ -1224,15 +1225,18 @@ if (!function_exists('stdapi_net_resolve_host')) {
 register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST);
 function stdapi_net_resolve_host($req, &$pkt) {
     my_print("doing stdapi_net_resolve_host");
-    $hostname = packet_get_tlv($req, TLV_TYPE_HOST_NAME)['value'];
-    $family = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE)['value'];
+    $hostname_tlv = packet_get_tlv($req, TLV_TYPE_HOST_NAME);
+    $hostname = $hostname['value'];
+    $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
+    $family = $family['value'];
 
     if ($family == WIN_AF_INET) {
         $family = AF_INET;
     } elseif ($family == WIN_AF_INET6) {
         $family = AF_INET6;
     } else {
-        throw new Exception('invalid family');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return ERROR_FAILURE;
     }
 
     $ret = ERROR_FAILURE;
@@ -1250,14 +1254,16 @@ if (!function_exists('stdapi_net_resolve_hosts')) {
 register_command('stdapi_net_resolve_hosts', COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS);
 function stdapi_net_resolve_hosts($req, &$pkt) {
     my_print("doing stdapi_net_resolve_hosts");
-    $family = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE)['value'];
+    $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
+    $family = $family_tlv['value'];
 
     if ($family == WIN_AF_INET) {
         $family = AF_INET;
     } elseif ($family == WIN_AF_INET6) {
         $family = AF_INET6;
     } else {
-        throw new Exception('invalid family');
+        my_print('invalid family, must be AF_INET or AF_INET6');
+        return ERROR_FAILURE;
     }
 
     $hostname_tlvs = packet_get_all_tlvs($req, TLV_TYPE_HOST_NAME);

data/data/meterpreter/ext_server_stdapi.py

@@ -1147,6 +1147,8 @@ def stdapi_sys_process_close(request, response):
     proc_h_id = proc_h_id['value']
     if proc_h_id in meterpreter.processes:
         del meterpreter.processes[proc_h_id]
+    if not meterpreter.close_channel(proc_h_id):
+        return ERROR_FAILURE, response
     return ERROR_SUCCESS, response
 
 @register_function
@@ -1161,7 +1163,9 @@ def stdapi_sys_process_execute(request, response):
     if len(cmd) == 0:
         return ERROR_FAILURE, response
     if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
-        args = ['/bin/sh', '-c', cmd, raw_args]
+        if raw_args:
+            cmd = cmd + ' ' + raw_args
+        args = ['/bin/sh', '-c', cmd]
     else:
         args = [cmd]
         args.extend(shlex.split(raw_args))

data/data/meterpreter/meterpreter.py

@@ -680,10 +680,13 @@ class MeterpreterProcess(MeterpreterChannel):
         return self.proc_h.poll() is None
 
     def read(self, length):
-        data = ''
+        data = bytes()
+        stderr_reader = self.proc_h.stderr_reader
         stdout_reader = self.proc_h.stdout_reader
-        if stdout_reader.is_read_ready():
-            data = stdout_reader.read(length)
+        if stderr_reader.is_read_ready() and length > 0:
+            data += stderr_reader.read(length)
+        if stdout_reader.is_read_ready() and (length - len(data)) > 0:
+            data += stdout_reader.read(length - len(data))
         return data
 
     def write(self, data):
@@ -1242,6 +1245,21 @@ class PythonMeterpreter(object):
         self.next_process_id += 1
         return idx
 
+    def close_channel(self, channel_id):
+        if channel_id not in self.channels:
+            return False
+        channel = self.channels[channel_id]
+        try:
+            channel.close()
+        except Exception:
+            debug_traceback('[-] failed to close channel id: ' + str(channel_id))
+            return False
+        del self.channels[channel_id]
+        if channel_id in self.interact_channels:
+            self.interact_channels.remove(channel_id)
+        debug_print('[*] closed and removed channel id: ' + str(channel_id))
+        return True
+
     def get_packet(self):
         pkt = self.transport.get_packet()
         if pkt is None and self.transport.should_retire:
@@ -1314,9 +1332,9 @@ class PythonMeterpreter(object):
                     if channel_id in self.interact_channels:
                         proc_h = channel.proc_h
                         if proc_h.stderr_reader.is_read_ready():
-                            data = proc_h.stderr_reader.read()
-                        elif proc_h.stdout_reader.is_read_ready():
-                            data = proc_h.stdout_reader.read()
+                            data += proc_h.stderr_reader.read()
+                        if proc_h.stdout_reader.is_read_ready():
+                            data += proc_h.stdout_reader.read()
                     if not channel.is_alive():
                         self.handle_dead_resource_channel(channel_id)
                         channel.close()
@@ -1570,16 +1588,9 @@ class PythonMeterpreter(object):
 
     def _core_channel_close(self, request, response):
         channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
-        if channel_id not in self.channels:
+        if not self.close_channel(channel_id):
             return ERROR_FAILURE, response
-        channel = self.channels[channel_id]
-        status, response = channel.core_close(request, response)
-        if status == ERROR_SUCCESS:
-            del self.channels[channel_id]
-            if channel_id in self.interact_channels:
-                self.interact_channels.remove(channel_id)
-            debug_print('[*] closed and removed channel id: ' + str(channel_id))
-        return status, response
+        return ERROR_SUCCESS, response
 
     def _core_channel_eof(self, request, response):
         channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.61'
+  VERSION = '2.0.65'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.61
+  version: 2.0.65
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-11-29 00:00:00.000000000 Z
+date: 2021-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake