metasploit-payloads 2.0.94 → 2.0.96

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '009aeecc3984a711a18e149b4ebe1bf9651af71f02a5931a5335a479c7e84c9c'
-  data.tar.gz: d5dded65ebae3de4cc418e85d9abc9fd765bf55c0f71c0fe4814176ba9d61731
+  metadata.gz: 14a31678ea188df6a041cd2d9aa4b5e7675e692deac5441309e8f7d28f19971b
+  data.tar.gz: 743083ddf93da1a9447ad45c1d195f7761526bb73595aaa63631d993496011dd
 SHA512:
-  metadata.gz: 8adad19c1662e0e14391f6467b76b901bc6cf7fdba8263a84ca83bfb284e4dd6589351384a82152ff62d87337aee57f98f678c74042e066bf3a67c530a2f9f99
-  data.tar.gz: e8cf06b23df4327e3f42780c629e92070512c096a1a74ecf03e0f4eda406260522942297caf80baba7c5f002c4c6c7c923fc062fbe6bccce094dc116cf0d699c
+  metadata.gz: 58dd28d9fb05c6d5d0742b6316209514f287c9da6c54322eaff3e9d62369ee1a1384d8592ed1b8aa0d14facc62b0014e895dc55e03c534e828bb987ec391ce52
+  data.tar.gz: 6a9f652a9807c1d4288e9c3c87161d858fe4bb63fe8f4216c4b82d6f3b06bd9d5acbc6f8f0978fae5bf87b7198e8e89716dca4a86df6ae7eb2b154c6238a156a

data/data/meterpreter/ext_server_stdapi.py

@@ -2463,14 +2463,26 @@ def stdapi_registry_load_key(request, response):
 def _wreg_close_key(hkey):
     ctypes.windll.advapi32.RegCloseKey(hkey)
 
-def _wreg_open_key(request):
+def _wreg_open_key(request, permission=None):
     root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
+    root_key_names = {
+        winreg.HKEY_CLASSES_ROOT & 0xffffffff: 'HKCR',
+        winreg.HKEY_CURRENT_USER & 0xffffffff: 'HKCU',
+        winreg.HKEY_LOCAL_MACHINE & 0xffffffff: 'HKLM',
+        winreg.HKEY_USERS & 0xffffffff: 'HKU',
+        winreg.HKEY_PERFORMANCE_DATA & 0xffffffff: 'HKPD',
+        winreg.HKEY_CURRENT_CONFIG & 0xffffffff: 'HKCC'
+    }
+    root_key_name = root_key_names.get(root_key, 'HK??')
     base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
+    debug_print('[*] opening registry key: ' + root_key_name + '\\' + unicode(base_key))
     base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
-    permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
+    if permission is None:
+        permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
     handle_id = ctypes.c_void_p()
-    if ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id)) != ERROR_SUCCESS:
-        return error_result_windows(), 0
+    result = ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id))
+    if result != ERROR_SUCCESS:
+        return error_result_windows(result), 0
     return ERROR_SUCCESS, handle_id.value
 
 def _wreg_query_value(request, response, hkey):
@@ -2497,7 +2509,7 @@ def _wreg_query_value(request, response, hkey):
         else:
             response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
         return ERROR_SUCCESS, response
-    return error_result_windows(), response
+    return error_result_windows(result), response
 
 def _wreg_set_value(request, response, hkey):
     value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
@@ -2505,7 +2517,19 @@ def _wreg_set_value(request, response, hkey):
     value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
     value_data = packet_get_tlv(request, TLV_TYPE_VALUE_DATA)['value']
     result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
-    return result, response
+    if result == ERROR_SUCCESS:
+        return ERROR_SUCCESS, response
+    return error_result_windows(result), response
+
+@register_function_if(has_windll)
+def stdapi_registry_check_key_exists(request, response):
+    err, hkey = _wreg_open_key(request, permission=winreg.KEY_QUERY_VALUE)
+    if err == ERROR_SUCCESS:
+        _wreg_close_key(hkey)
+        response += tlv_pack(TLV_TYPE_BOOL, True)
+    else:
+        response += tlv_pack(TLV_TYPE_BOOL, False)
+    return ERROR_SUCCESS, response
 
 @register_function_if(has_windll)
 def stdapi_registry_open_key(request, response):
@@ -2545,7 +2569,7 @@ def stdapi_registry_query_value(request, response):
 def stdapi_registry_query_value_direct(request, response):
     err, hkey = _wreg_open_key(request)
     if err != ERROR_SUCCESS:
-        return err, response
+        return error_result_windows(err), response
     ret = _wreg_query_value(request, response, hkey)
     _wreg_close_key(hkey)
     return ret
@@ -2559,7 +2583,7 @@ def stdapi_registry_set_value(request, response):
 def stdapi_registry_set_value_direct(request, response):
     err, hkey = _wreg_open_key(request)
     if err != ERROR_SUCCESS:
-        return err, response
+        return error_result_windows(err), response
     ret = _wreg_set_value(request, response, hkey)
     _wreg_close_key(hkey)
     return ret

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.94'
+  VERSION = '2.0.96'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.94
+  version: 2.0.96
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2022-06-23 00:00:00.000000000 Z
+date: 2022-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake