metasploit-payloads 2.0.95 → 2.0.96

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65f37b434ce16d7157fc2a2793df514f4d1e4ec074a3af13a7f8b0b208b610ad
-  data.tar.gz: a65385fdf01c8b6ad65ad071f5126c0a83f8d3c68239ea9cf5608645debd2b6b
+  metadata.gz: 14a31678ea188df6a041cd2d9aa4b5e7675e692deac5441309e8f7d28f19971b
+  data.tar.gz: 743083ddf93da1a9447ad45c1d195f7761526bb73595aaa63631d993496011dd
 SHA512:
-  metadata.gz: dada9732c1970c08e8ecc114177a13c52726873064146276669234cadd12c7fe8bd185f5717f102c5aca6a5ba26a09e7c421244afc92f6b76a9e266e402ddab6
-  data.tar.gz: 805508ec98f5fbed9a4d12ce1baaaf9a6fe5ef03a67321de9a9771f50fc5d02eb94e98db2725ad13e55406b02b8735b1b1adb55f1069e9c94b2da23e2739ed84
+  metadata.gz: 58dd28d9fb05c6d5d0742b6316209514f287c9da6c54322eaff3e9d62369ee1a1384d8592ed1b8aa0d14facc62b0014e895dc55e03c534e828bb987ec391ce52
+  data.tar.gz: 6a9f652a9807c1d4288e9c3c87161d858fe4bb63fe8f4216c4b82d6f3b06bd9d5acbc6f8f0978fae5bf87b7198e8e89716dca4a86df6ae7eb2b154c6238a156a

data/data/meterpreter/ext_server_stdapi.py

@@ -2463,14 +2463,26 @@ def stdapi_registry_load_key(request, response):
 def _wreg_close_key(hkey):
     ctypes.windll.advapi32.RegCloseKey(hkey)
 
-def _wreg_open_key(request):
+def _wreg_open_key(request, permission=None):
     root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
+    root_key_names = {
+        winreg.HKEY_CLASSES_ROOT & 0xffffffff: 'HKCR',
+        winreg.HKEY_CURRENT_USER & 0xffffffff: 'HKCU',
+        winreg.HKEY_LOCAL_MACHINE & 0xffffffff: 'HKLM',
+        winreg.HKEY_USERS & 0xffffffff: 'HKU',
+        winreg.HKEY_PERFORMANCE_DATA & 0xffffffff: 'HKPD',
+        winreg.HKEY_CURRENT_CONFIG & 0xffffffff: 'HKCC'
+    }
+    root_key_name = root_key_names.get(root_key, 'HK??')
     base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
+    debug_print('[*] opening registry key: ' + root_key_name + '\\' + unicode(base_key))
     base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
-    permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
+    if permission is None:
+        permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
     handle_id = ctypes.c_void_p()
-    if ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id)) != ERROR_SUCCESS:
-        return error_result_windows(), 0
+    result = ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id))
+    if result != ERROR_SUCCESS:
+        return error_result_windows(result), 0
     return ERROR_SUCCESS, handle_id.value
 
 def _wreg_query_value(request, response, hkey):
@@ -2497,7 +2509,7 @@ def _wreg_query_value(request, response, hkey):
         else:
             response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
         return ERROR_SUCCESS, response
-    return error_result_windows(), response
+    return error_result_windows(result), response
 
 def _wreg_set_value(request, response, hkey):
     value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
@@ -2505,7 +2517,19 @@ def _wreg_set_value(request, response, hkey):
     value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
     value_data = packet_get_tlv(request, TLV_TYPE_VALUE_DATA)['value']
     result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
-    return result, response
+    if result == ERROR_SUCCESS:
+        return ERROR_SUCCESS, response
+    return error_result_windows(result), response
+
+@register_function_if(has_windll)
+def stdapi_registry_check_key_exists(request, response):
+    err, hkey = _wreg_open_key(request, permission=winreg.KEY_QUERY_VALUE)
+    if err == ERROR_SUCCESS:
+        _wreg_close_key(hkey)
+        response += tlv_pack(TLV_TYPE_BOOL, True)
+    else:
+        response += tlv_pack(TLV_TYPE_BOOL, False)
+    return ERROR_SUCCESS, response
 
 @register_function_if(has_windll)
 def stdapi_registry_open_key(request, response):
@@ -2545,7 +2569,7 @@ def stdapi_registry_query_value(request, response):
 def stdapi_registry_query_value_direct(request, response):
     err, hkey = _wreg_open_key(request)
     if err != ERROR_SUCCESS:
-        return err, response
+        return error_result_windows(err), response
     ret = _wreg_query_value(request, response, hkey)
     _wreg_close_key(hkey)
     return ret
@@ -2559,7 +2583,7 @@ def stdapi_registry_set_value(request, response):
 def stdapi_registry_set_value_direct(request, response):
     err, hkey = _wreg_open_key(request)
     if err != ERROR_SUCCESS:
-        return err, response
+        return error_result_windows(err), response
     ret = _wreg_set_value(request, response, hkey)
     _wreg_close_key(hkey)
     return ret

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.95'
+  VERSION = '2.0.96'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.95
+  version: 2.0.96
 platform: ruby
 authors:
 - OJ Reeves