metasploit-payloads 2.0.97 → 2.0.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +86 -0
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  66. data/data/meterpreter/metsrv.x64.dll +0 -0
  67. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.dll +0 -0
  69. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.dll +0 -0
  71. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.dll +0 -0
  73. data/lib/metasploit-payloads/version.rb +1 -1
  74. data.tar.gz.sig +0 -0
  75. metadata +2 -2
  76. metadata.gz.sig +2 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 49f65721e1a9aa745903acaa4c78087d20494cd1cc064e4101ce866eb62eb7fb
4
- data.tar.gz: be91cc58bcee64d662b1b292fd342f4d7db00a8444edaeaa829011b922c497a3
3
+ metadata.gz: 9cfe995bf9b1af59ff233551ed954d4e53efd2e6a86943f95803512ee3024727
4
+ data.tar.gz: 15ec398c67dbf9bca1ee55b316173fc95943260ffedaa331726dba2836dcb02e
5
5
  SHA512:
6
- metadata.gz: 26baf826a30e01d34f7f7cc65d733ff97a0677fa9a315ddc167a3522dae0b56972a8f5ea3963c0765c8e8b398edcbd404720d29bb35b0ae2c380a39c62ca47c0
7
- data.tar.gz: db20a24fb97fe4b781708c7df06ee2b92f04d0440c7c983b368cafa367fb67c40101a6168d7848f4606f38f119bef7b4de0cca3fcfa65561dcc575f30baa5d6d
6
+ metadata.gz: b7b83890bdd1a025895ebb590464a0a1b8d36e29dde9547646d6bc5baa36d7baca63ada990d07e551443118759ef20fc32a4c93575de9eca3f10a9ad6b757dfb
7
+ data.tar.gz: cd99d8855d51f2d51b42d8b5d5fd2e43540b9442f1a0297251e75fad98ea21fee6312ce525ca7e359d360cbb231224c8c305cfaac748a0feecff13a205ff367d
checksums.yaml.gz.sig CHANGED
Binary file
data/data/android/meterpreter.jar CHANGED
Binary file
data/data/android/metstage.jar CHANGED
Binary file
data/data/android/shell.jar CHANGED
Binary file
data/data/meterpreter/elevator.x64.dll CHANGED
Binary file
data/data/meterpreter/elevator.x86.dll CHANGED
Binary file
data/data/meterpreter/ext_server_stdapi.py CHANGED
@@ -357,6 +357,36 @@ if has_ctypes:
357
357
  ("lpszProxy", ctypes.c_wchar_p),
358
358
  ("lpszProxyBypass", ctypes.c_wchar_p)]
359
359
 
360
+ class LUID(ctypes.Structure):
361
+ _fields_ = [
362
+ ('LowPart', ctypes.c_uint32),
363
+ ('HighPart', ctypes.c_long)
364
+ ]
365
+
366
+ def __eq__(self, __o):
367
+ return (self.LowPart == __o.LowPart and self.HighPart == __o.HighPart)
368
+
369
+ def __ne__(self, __o):
370
+ return (self.LowPart != __o.LowPart or self.HighPart != __o.HighPart)
371
+
372
+ class LUID_AND_ATTRIBUTES(ctypes.Structure):
373
+ _fields_ = [
374
+ ('Luid', LUID),
375
+ ('Attributes', ctypes.c_uint32)
376
+ ]
377
+
378
+ class TOKEN_PRIVILEGES(ctypes.Structure):
379
+ _fields_ = [
380
+ ('PrivilegeCount', ctypes.c_uint32),
381
+ ('Privileges', LUID_AND_ATTRIBUTES * 0),
382
+ ]
383
+ def get_array(self):
384
+ array_type = LUID_AND_ATTRIBUTES * self.PrivilegeCount
385
+ return ctypes.cast(self.Privileges, ctypes.POINTER(array_type)).contents
386
+
387
+ PTOKEN_PRIVILEGES = ctypes.POINTER(TOKEN_PRIVILEGES)
388
+
389
+
360
390
  #
361
391
  # Linux Structures
362
392
  #
@@ -999,6 +1029,45 @@ def windll_GetVersion():
999
1029
  dwBuild = ((dwVersion & 0xffff0000) >> 16)
1000
1030
  return type('Version', (object,), dict(dwMajorVersion = dwMajorVersion, dwMinorVersion = dwMinorVersion, dwBuild = dwBuild))
1001
1031
 
1032
+ def enable_privilege(name, enable=True):
1033
+ TOKEN_ALL_ACCESS = 0xf01ff
1034
+ SE_PRIVILEGE_ENABLED = 0x00000002
1035
+
1036
+ GetCurrentProcess = ctypes.windll.kernel32.GetCurrentProcess
1037
+ GetCurrentProcess.restype = ctypes.c_void_p
1038
+
1039
+ OpenProcessToken = ctypes.windll.advapi32.OpenProcessToken
1040
+ OpenProcessToken.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(ctypes.c_void_p)]
1041
+ OpenProcessToken.restype = ctypes.c_bool
1042
+
1043
+ LookupPrivilegeValue = ctypes.windll.advapi32.LookupPrivilegeValueW
1044
+ LookupPrivilegeValue.argtypes = [ctypes.c_wchar_p, ctypes.c_wchar_p, ctypes.POINTER(LUID)]
1045
+ LookupPrivilegeValue.restype = ctypes.c_bool
1046
+
1047
+ AdjustTokenPrivileges = ctypes.windll.advapi32.AdjustTokenPrivileges
1048
+ AdjustTokenPrivileges.argtypes = [ctypes.c_void_p, ctypes.c_bool, PTOKEN_PRIVILEGES, ctypes.c_uint32, PTOKEN_PRIVILEGES, ctypes.POINTER(ctypes.c_uint32)]
1049
+ AdjustTokenPrivileges.restype = ctypes.c_bool
1050
+
1051
+ token = ctypes.c_void_p()
1052
+ success = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, token)
1053
+ if not success:
1054
+ return False
1055
+
1056
+ luid = LUID()
1057
+ name = ctypes.create_unicode_buffer(name)
1058
+ success = LookupPrivilegeValue(None, name, luid)
1059
+ if not success:
1060
+ return False
1061
+
1062
+ size = ctypes.sizeof(TOKEN_PRIVILEGES)
1063
+ size += ctypes.sizeof(LUID_AND_ATTRIBUTES)
1064
+ buffer = ctypes.create_string_buffer(size)
1065
+ tokenPrivileges = ctypes.cast(buffer, PTOKEN_PRIVILEGES).contents
1066
+ tokenPrivileges.PrivilegeCount = 1
1067
+ tokenPrivileges.get_array()[0].Luid = luid
1068
+ tokenPrivileges.get_array()[0].Attributes = SE_PRIVILEGE_ENABLED if enable else 0
1069
+ return AdjustTokenPrivileges(token, False, tokenPrivileges, 0, None, None)
1070
+
1002
1071
  @register_function
1003
1072
  def channel_open_stdapi_fs_file(request, response):
1004
1073
  fpath = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
@@ -1335,6 +1404,23 @@ def stdapi_sys_process_get_processes(request, response):
1335
1404
  return stdapi_sys_process_get_processes_via_ps(request, response)
1336
1405
  return ERROR_FAILURE, response
1337
1406
 
1407
+ @register_function_if(has_windll)
1408
+ def stdapi_sys_power_exitwindows(request, response):
1409
+ SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
1410
+
1411
+ flags = packet_get_tlv(request, TLV_TYPE_POWER_FLAGS)['value']
1412
+ reason = packet_get_tlv(request, TLV_TYPE_POWER_REASON)['value']
1413
+
1414
+ if not enable_privilege(SE_SHUTDOWN_NAME):
1415
+ return error_result_windows(), response
1416
+
1417
+ ExitWindowsEx = ctypes.windll.user32.ExitWindowsEx
1418
+ ExitWindowsEx.argtypes = [ctypes.c_uint32, ctypes.c_ulong]
1419
+ ExitWindowsEx.restype = ctypes.c_int8
1420
+ if not ExitWindowsEx(flags, reason):
1421
+ return error_result_windows(), response
1422
+ return ERROR_SUCCESS, response
1423
+
1338
1424
  @register_function_if(has_windll)
1339
1425
  def stdapi_sys_eventlog_open(request, response):
1340
1426
  source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
data/data/meterpreter/metsrv.x64.debug.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x64.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x86.debug.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x86.dll CHANGED
Binary file
data/data/meterpreter/screenshot.x64.dll CHANGED
Binary file
data/data/meterpreter/screenshot.x86.dll CHANGED
Binary file
data/lib/metasploit-payloads/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.97'
3
+ VERSION = '2.0.99'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.97
4
+ version: 2.0.99
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2022-09-29 00:00:00.000000000 Z
99
+ date: 2022-11-07 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
@@ -1,3 +1,2 @@
1
- jA����AXoX.�p��Ao�:�9��UG����"+/P��Rg��>��jy۱"1Q
2
- L������o.���5;�G5�u����S
3
- ��6l�7~���3�{��DUHՃ ��d6Yn���R���7��Li�SO�I��̡�p�8��5L��~p,����3�Ff�7��$���n57
1
+ �( �!�3o��k1�I&6iorPGO��XKY��U9|
2
+