metasploit-payloads 2.0.104 → 2.0.105

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6ecc9cab0b79200d38b046332bbe62e4859e300a340a40ce4b67f179e206ecc
-  data.tar.gz: ead5bdae63b7a0420750de525ec873e377e2b9ef77f142b69e924c11a6ee834d
+  metadata.gz: 492cb2174246773050bdb8303448ea5f024ccaec9eb89ec14c4670019045a0a5
+  data.tar.gz: 82b26b9fa4527322c301bf6a69b894f726ff6ca2e91b2cb019a63444a3ebbf5c
 SHA512:
-  metadata.gz: 35dd5a3f541b769b67e66c59b701fbeff29f5626d3a3072255d842cfe419867ad3cb579a0b10231a48e8f2aefdb8e904a78cb6bc3696da241d906d6f1f8b18ba
-  data.tar.gz: '080dfdd332d9f9fe280e472727a5f5cdb98bbdde4e80715f18fe1f69f04145bb874dfb686a126814224531f661ead4d0bb8d3ec63f08deb0fd2175ce4463d731'
+  metadata.gz: 273f6a11ae840e161193c80c9e3048bad2cb2fdd4c264da34213fde52051fadfc59227f04cbe5ffd027b2c8e0bdf23ce5d75ddc2032814f9df859e63294addce
+  data.tar.gz: 6c44af6c8672acbbf5b9d32a66c81365e9ea8f60bd49e1099475f31fc50e3d5fd68be0241e8ca41a9526896c445cdb3ae6fe1633fb4a32a8f38acf4a5f9715a2

data/data/meterpreter/ext_server_stdapi.py

@@ -1440,7 +1440,10 @@ def stdapi_sys_power_exitwindows(request, response):
 @register_function_if(has_windll)
 def stdapi_sys_eventlog_open(request, response):
     source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
-    handle = ctypes.windll.advapi32.OpenEventLogW(None, source_name)
+    OpenEventLogA = ctypes.windll.advapi32.OpenEventLogA
+    OpenEventLogA.argtypes = [ctypes.c_char_p, ctypes.c_char_p]
+    OpenEventLogA.restype = ctypes.c_void_p
+    handle = OpenEventLogA(None, bytes(source_name, 'UTF-8'))
     if not handle:
         return error_result_windows(), response
     response += tlv_pack(TLV_TYPE_EVENT_HANDLE, handle)
@@ -1451,13 +1454,15 @@ def stdapi_sys_eventlog_read(request, response):
     handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
     flags = packet_get_tlv(request, TLV_TYPE_EVENT_READFLAGS)['value']
     offset = packet_get_tlv(request, TLV_TYPE_EVENT_RECORDOFFSET)['value']
-    adv32 = ctypes.windll.advapi32
-    bytes_read = ctypes.c_ulong(0)
-    bytes_needed = ctypes.c_ulong(0)
-    if adv32.ReadEventLogW(handle, flags, offset, ctypes.byref(bytes_read), 0, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
+    bytes_read = ctypes.c_uint32(0)
+    bytes_needed = ctypes.c_uint32(0)
+    ReadEventLogA = ctypes.windll.advapi32.ReadEventLogA
+    ReadEventLogA.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.c_uint32, ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(ctypes.c_uint32), ctypes.POINTER(ctypes.c_uint32)]
+    ReadEventLogA.restype = ctypes.c_bool
+    if ReadEventLogA(handle, flags, offset, ctypes.byref(bytes_read), 0, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
         return error_result_windows(), response
-    buf = ctypes.create_unicode_buffer(bytes_needed.value)
-    if not adv32.ReadEventLogW(handle, flags, offset, buf, bytes_needed, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
+    buf = (ctypes.c_uint8 * bytes_needed.value)()
+    if not ReadEventLogA(handle, flags, offset, buf, bytes_needed, ctypes.byref(bytes_read), ctypes.byref(bytes_needed)):
         return error_result_windows(), response
     record = ctstruct_unpack(EVENTLOGRECORD, buf)
     response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, record.RecordNumber)
@@ -1466,8 +1471,9 @@ def stdapi_sys_eventlog_read(request, response):
     response += tlv_pack(TLV_TYPE_EVENT_ID, record.EventID)
     response += tlv_pack(TLV_TYPE_EVENT_TYPE, record.EventType)
     response += tlv_pack(TLV_TYPE_EVENT_CATEGORY, record.EventCategory)
-    response += tlv_pack(TLV_TYPE_EVENT_DATA, buf.raw[record.DataOffset:record.DataOffset + record.DataLength])
-    event_strings = buf.raw[record.StringOffset:].split('\x00', record.NumStrings)
+    response += tlv_pack(TLV_TYPE_EVENT_DATA, ctarray_to_bytes(buf[record.DataOffset:record.DataOffset + record.DataLength]))
+    event_string_buf = (ctypes.c_uint8 * len(buf[record.StringOffset:]))(*buf[record.StringOffset:])
+    event_strings = ctarray_to_bytes(event_string_buf).split(NULL_BYTE, record.NumStrings)[:record.NumStrings]
     for event_string in event_strings:
         response += tlv_pack(TLV_TYPE_EVENT_STRING, event_string)
     return ERROR_SUCCESS, response
@@ -1475,14 +1481,20 @@ def stdapi_sys_eventlog_read(request, response):
 @register_function_if(has_windll)
 def stdapi_sys_eventlog_clear(request, response):
     handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
-    if not ctypes.windll.advapi32.ClearEventLogW(handle, None):
+    ClearEventLogA = ctypes.windll.advapi32.ClearEventLogA
+    ClearEventLogA.argtypes = [ctypes.c_void_p, ctypes.c_char_p]
+    ClearEventLogA.restype = ctypes.c_bool
+    if not ClearEventLogA(handle, None):
         return error_result_windows(), response
     return ERROR_SUCCESS, response
 
 @register_function_if(has_windll)
 def stdapi_sys_eventlog_numrecords(request, response):
     handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
-    total = ctypes.c_ulong(0)
+    total = ctypes.c_uint32(0)
+    GetNumberOfEventLogRecords = ctypes.windll.advapi32.GetNumberOfEventLogRecords
+    GetNumberOfEventLogRecords.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_uint32)]
+    GetNumberOfEventLogRecords.restype = ctypes.c_bool
     if not ctypes.windll.advapi32.GetNumberOfEventLogRecords(handle, ctypes.byref(total)):
         return error_result_windows(), response
     response += tlv_pack(TLV_TYPE_EVENT_NUMRECORDS, total.value)
@@ -1491,16 +1503,22 @@ def stdapi_sys_eventlog_numrecords(request, response):
 @register_function_if(has_windll)
 def stdapi_sys_eventlog_oldest(request, response):
     handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
-    oldest = ctypes.c_ulong(0)
-    if not ctypes.windll.advapi32.GetOldestEventLogRecordW(handle, ctypes.byref(oldest)):
+    GetOldestEventLogRecord = ctypes.windll.advapi32.GetOldestEventLogRecord
+    GetOldestEventLogRecord.argtypes = [ctypes.c_void_p, ctypes.POINTER(ctypes.c_uint32)]
+    GetOldestEventLogRecord.restype = ctypes.c_bool
+    oldest = ctypes.c_uint32(0)
+    if not GetOldestEventLogRecord(handle, ctypes.byref(oldest)):
         return error_result_windows(), response
-    response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest)
+    response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest.value)
     return ERROR_SUCCESS, response
 
 @register_function_if(has_windll)
 def stdapi_sys_eventlog_close(request, response):
     handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
-    if not ctypes.windll.advapi32.CloseEventLogW(handle):
+    CloseEventLog = ctypes.windll.advapi32.CloseEventLog
+    CloseEventLog.argtypes = [ctypes.c_void_p]
+    CloseEventLog.restype = ctypes.c_bool
+    if not CloseEventLog(handle):
         return error_result_windows(), response
     return ERROR_SUCCESS, response
 

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.104'
+  VERSION = '2.0.105'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.104
+  version: 2.0.105
 platform: ruby
 authors:
 - OJ Reeves