metasploit-payloads 2.0.62 → 2.0.66
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.php +4 -2
- data/data/meterpreter/ext_server_stdapi.py +10 -2
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/meterpreter.py +26 -15
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 674ebea21d34814be442241a307a18c2c362d6b3674ec27ac88658f255c5d696
|
|
4
|
+
data.tar.gz: e4f0620176a20f1e64c5a5820da529e49759e9da1b085ec283fac1e52ad72454
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 47aa9480390d587667b28cd42d8ab5f9cdb076c9f8d57fb2dc38fb57f6cd3ccea68a439c1e254badfa28af616f6b4caeed4c916fd8f0ebd116e8b5323767512f
|
|
7
|
+
data.tar.gz: a028d339bc7e94955ffc30453c3410b25233fbbf6a3ece004780b8eeeb06c9df07ed02ba2be85ff2ff56101d909b32544dd702ebe554dc2f61e73cbf8ef0279f
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
Binary file
|
data/data/android/metstage.jar
CHANGED
|
Binary file
|
data/data/android/shell.jar
CHANGED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -628,8 +628,10 @@ function stdapi_fs_ls($req, &$pkt) {
|
|
|
628
628
|
packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $file));
|
|
629
629
|
packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_PATH, $path . DIRECTORY_SEPARATOR . $file));
|
|
630
630
|
$st_buf = add_stat_buf($path . DIRECTORY_SEPARATOR . $file);
|
|
631
|
-
if (
|
|
632
|
-
|
|
631
|
+
if (!$st_buf) {
|
|
632
|
+
$st_buf = create_tlv(TLV_TYPE_STAT_BUF32, '');
|
|
633
|
+
}
|
|
634
|
+
packet_add_tlv($pkt, $st_buf);
|
|
633
635
|
}
|
|
634
636
|
}
|
|
635
637
|
closedir($dir_handle);
|
|
@@ -1147,6 +1147,8 @@ def stdapi_sys_process_close(request, response):
|
|
|
1147
1147
|
proc_h_id = proc_h_id['value']
|
|
1148
1148
|
if proc_h_id in meterpreter.processes:
|
|
1149
1149
|
del meterpreter.processes[proc_h_id]
|
|
1150
|
+
if not meterpreter.close_channel(proc_h_id):
|
|
1151
|
+
return ERROR_FAILURE, response
|
|
1150
1152
|
return ERROR_SUCCESS, response
|
|
1151
1153
|
|
|
1152
1154
|
@register_function
|
|
@@ -1161,7 +1163,9 @@ def stdapi_sys_process_execute(request, response):
|
|
|
1161
1163
|
if len(cmd) == 0:
|
|
1162
1164
|
return ERROR_FAILURE, response
|
|
1163
1165
|
if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
|
|
1164
|
-
|
|
1166
|
+
if raw_args:
|
|
1167
|
+
cmd = cmd + ' ' + raw_args
|
|
1168
|
+
args = ['/bin/sh', '-c', cmd]
|
|
1165
1169
|
else:
|
|
1166
1170
|
args = [cmd]
|
|
1167
1171
|
args.extend(shlex.split(raw_args))
|
|
@@ -1490,7 +1494,11 @@ def stdapi_fs_ls(request, response):
|
|
|
1490
1494
|
file_path = os.path.join(path, file_name)
|
|
1491
1495
|
response += tlv_pack(TLV_TYPE_FILE_NAME, file_name)
|
|
1492
1496
|
response += tlv_pack(TLV_TYPE_FILE_PATH, file_path)
|
|
1493
|
-
|
|
1497
|
+
try:
|
|
1498
|
+
st_buf = get_stat_buffer(file_path)
|
|
1499
|
+
except OSError:
|
|
1500
|
+
st_buf = bytes()
|
|
1501
|
+
response += tlv_pack(TLV_TYPE_STAT_BUF, st_buf)
|
|
1494
1502
|
return ERROR_SUCCESS, response
|
|
1495
1503
|
|
|
1496
1504
|
@register_function
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -680,10 +680,13 @@ class MeterpreterProcess(MeterpreterChannel):
|
|
|
680
680
|
return self.proc_h.poll() is None
|
|
681
681
|
|
|
682
682
|
def read(self, length):
|
|
683
|
-
data =
|
|
683
|
+
data = bytes()
|
|
684
|
+
stderr_reader = self.proc_h.stderr_reader
|
|
684
685
|
stdout_reader = self.proc_h.stdout_reader
|
|
685
|
-
if
|
|
686
|
-
data
|
|
686
|
+
if stderr_reader.is_read_ready() and length > 0:
|
|
687
|
+
data += stderr_reader.read(length)
|
|
688
|
+
if stdout_reader.is_read_ready() and (length - len(data)) > 0:
|
|
689
|
+
data += stdout_reader.read(length - len(data))
|
|
687
690
|
return data
|
|
688
691
|
|
|
689
692
|
def write(self, data):
|
|
@@ -1242,6 +1245,21 @@ class PythonMeterpreter(object):
|
|
|
1242
1245
|
self.next_process_id += 1
|
|
1243
1246
|
return idx
|
|
1244
1247
|
|
|
1248
|
+
def close_channel(self, channel_id):
|
|
1249
|
+
if channel_id not in self.channels:
|
|
1250
|
+
return False
|
|
1251
|
+
channel = self.channels[channel_id]
|
|
1252
|
+
try:
|
|
1253
|
+
channel.close()
|
|
1254
|
+
except Exception:
|
|
1255
|
+
debug_traceback('[-] failed to close channel id: ' + str(channel_id))
|
|
1256
|
+
return False
|
|
1257
|
+
del self.channels[channel_id]
|
|
1258
|
+
if channel_id in self.interact_channels:
|
|
1259
|
+
self.interact_channels.remove(channel_id)
|
|
1260
|
+
debug_print('[*] closed and removed channel id: ' + str(channel_id))
|
|
1261
|
+
return True
|
|
1262
|
+
|
|
1245
1263
|
def get_packet(self):
|
|
1246
1264
|
pkt = self.transport.get_packet()
|
|
1247
1265
|
if pkt is None and self.transport.should_retire:
|
|
@@ -1314,9 +1332,9 @@ class PythonMeterpreter(object):
|
|
|
1314
1332
|
if channel_id in self.interact_channels:
|
|
1315
1333
|
proc_h = channel.proc_h
|
|
1316
1334
|
if proc_h.stderr_reader.is_read_ready():
|
|
1317
|
-
data
|
|
1318
|
-
|
|
1319
|
-
data
|
|
1335
|
+
data += proc_h.stderr_reader.read()
|
|
1336
|
+
if proc_h.stdout_reader.is_read_ready():
|
|
1337
|
+
data += proc_h.stdout_reader.read()
|
|
1320
1338
|
if not channel.is_alive():
|
|
1321
1339
|
self.handle_dead_resource_channel(channel_id)
|
|
1322
1340
|
channel.close()
|
|
@@ -1570,16 +1588,9 @@ class PythonMeterpreter(object):
|
|
|
1570
1588
|
|
|
1571
1589
|
def _core_channel_close(self, request, response):
|
|
1572
1590
|
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
|
|
1573
|
-
if
|
|
1591
|
+
if not self.close_channel(channel_id):
|
|
1574
1592
|
return ERROR_FAILURE, response
|
|
1575
|
-
|
|
1576
|
-
status, response = channel.core_close(request, response)
|
|
1577
|
-
if status == ERROR_SUCCESS:
|
|
1578
|
-
del self.channels[channel_id]
|
|
1579
|
-
if channel_id in self.interact_channels:
|
|
1580
|
-
self.interact_channels.remove(channel_id)
|
|
1581
|
-
debug_print('[*] closed and removed channel id: ' + str(channel_id))
|
|
1582
|
-
return status, response
|
|
1593
|
+
return ERROR_SUCCESS, response
|
|
1583
1594
|
|
|
1584
1595
|
def _core_channel_eof(self, request, response):
|
|
1585
1596
|
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)['value']
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: metasploit-payloads
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.66
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OJ Reeves
|
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
|
98
98
|
-----END CERTIFICATE-----
|
|
99
|
-
date: 2021-12-
|
|
99
|
+
date: 2021-12-09 00:00:00.000000000 Z
|
|
100
100
|
dependencies:
|
|
101
101
|
- !ruby/object:Gem::Dependency
|
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED
|
Binary file
|