metasploit-payloads 2.0.112 → 2.0.113

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dff880efffb98315c75fd5b99d9b8d18d38b00b89b895402efec6d3a75391a34
-  data.tar.gz: 7c46f591405adf2dc595752bfcfeb43883eecdf371ffaf33a27b2e1ef3765b02
+  metadata.gz: 2dc5e006186337d50009cb0436f562ab25cc109867c07a6cde0734e29aa1a0ab
+  data.tar.gz: 024611f12e3b854a9a033d7d76d284773ebb434cf491118254231fe999301a10
 SHA512:
-  metadata.gz: 827953f6a7fd7aa3013d1aab5b44731ed50ea31b68821744cd48889344055c79ca9ab837a26e161acc4e63b5b78422b549933b1a8990083b860dcc8e2825e6dc
-  data.tar.gz: 8db85ed51660aace2c95c2083ec9d62c827e1505dc900e97eae93e2f6fbbf1bf1a27271b7ce768d06151a96870153fd35bc2b1db1e3edd9a99dd3f6153994dc9
+  metadata.gz: 95ff44c78979d456f703e7ceffbb93354e04526ec0ba1e20d1e9ef5e4cac0cebec34cbf1b5e69ae02a9fd3a2bd39557e8f7f69c1f9fbcca09a3c6d7cbc49dbb7
+  data.tar.gz: d95484a3f3c8cf1e916d0c2033854567c54499fd3d97bcbcd79ca0968e227725218067b9f39feefdbf3c169bfef39baaec208ab9d94d2149d9d271e447dd631c

data/data/meterpreter/ext_server_stdapi.py

@@ -743,6 +743,7 @@ PROCESS_TERMINATE                 = 0x0001
 PROCESS_VM_READ                   = 0x0010
 PROCESS_QUERY_INFORMATION         = 0x0400
 PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
+PROCESS_ALL_ACCESS                = 0x1fffff
 VER_NT_WORKSTATION                = 0x0001
 VER_NT_DOMAIN_CONTROLLER          = 0x0002
 VER_NT_SERVER                     = 0x0003
@@ -1334,13 +1335,10 @@ def stdapi_sys_config_sysinfo(request, response):
 
 @register_function
 def stdapi_sys_process_close(request, response):
-    proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)
+    proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']
     if not proc_h_id:
         return ERROR_SUCCESS, response
-    proc_h_id = proc_h_id['value']
-    if proc_h_id in meterpreter.processes:
-        del meterpreter.processes[proc_h_id]
-    if not meterpreter.close_channel(proc_h_id):
+    if not meterpreter.close_process(proc_h_id):
         return ERROR_FAILURE, response
     return ERROR_SUCCESS, response
 
@@ -1383,6 +1381,7 @@ def stdapi_sys_process_execute(request, response):
         proc_h.start()
     else:
         proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
     proc_h_id = meterpreter.add_process(proc_h)
     response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
     response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
@@ -1882,7 +1881,7 @@ def stdapi_net_config_get_arp_table(request, response):
             ('dwNumEntries', ctypes.c_uint32),
             ('table', MIB_IPNETROW * ctypes.cast(ipnet_table.value, ctypes.POINTER(ctypes.c_ulong)).contents.value)
         ]
-    
+
     ipnet_table = ctypes.cast(ipnet_table, ctypes.POINTER(MIB_IPNETTABLE))
     for ipnet_row in ipnet_table.contents.table:
         if (ipnet_row.dwType != MIB_IPNET_TYPE_DYNAMIC and ipnet_row.dwType != MIB_IPNET_TYPE_STATIC):

data/data/meterpreter/meterpreter.py

@@ -1260,11 +1260,37 @@ class PythonMeterpreter(object):
         return idx
 
     def add_process(self, process):
-        idx = self.next_process_id
-        self.processes[idx] = process
-        debug_print('[*] added process id: ' + str(idx))
-        self.next_process_id += 1
-        return idx
+        if has_windll:
+            PROCESS_ALL_ACCESS = 0x1fffff
+            OpenProcess = ctypes.windll.kernel32.OpenProcess
+            OpenProcess.argtypes = [ctypes.c_ulong, ctypes.c_long, ctypes.c_ulong]
+            OpenProcess.restype = ctypes.c_void_p
+            handle = OpenProcess(PROCESS_ALL_ACCESS, False, process.pid)
+        else:
+            handle = self.next_process_id
+            self.next_process_id += 1
+        self.processes[handle] = process
+        debug_print('[*] added process id: ' + str(process.pid) + ', handle: ' + str(handle))
+        return handle
+
+    def close_process(self, proc_h_id):
+        proc_h = self.processes.pop(proc_h_id, None)
+        if not proc_h:
+            return False
+        for channel_id, channel in self.channels.items():
+            if not isinstance(channel, MeterpreterProcess):
+                continue
+            if not channel.proc_h is proc_h:
+                continue
+            self.close_channel(channel_id)
+            break
+        if has_windll:
+            CloseHandle = ctypes.windll.kernel32.CloseHandle
+            CloseHandle.argtypes = [ctypes.c_void_p]
+            CloseHandle.restype = ctypes.c_long
+            CloseHandle(proc_h_id)
+        debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
+        return True
 
     def close_channel(self, channel_id):
         if channel_id not in self.channels:

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.112'
+  VERSION = '2.0.113'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.112
+  version: 2.0.113
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2023-02-17 00:00:00.000000000 Z
+date: 2023-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake