metasploit-payloads 2.0.118 → 2.0.119

Sign up to get free protection for your applications and to get access to all the features.
Files changed (76) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +86 -13
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  66. data/data/meterpreter/metsrv.x64.dll +0 -0
  67. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.dll +0 -0
  69. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.dll +0 -0
  71. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.dll +0 -0
  73. data/lib/metasploit-payloads/version.rb +1 -1
  74. data.tar.gz.sig +0 -0
  75. metadata +2 -2
  76. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55f62a6ddb8ad54b97366b04f5b95e70859d702e29e461c3cf860c7958b61ec5
4
- data.tar.gz: e72be5a99ca78cd07501b9d9cc3f61bd285da2f818e2c4bc23d8fc9ba524fb90
3
+ metadata.gz: b67e513ed92128da0555d06d5700100438229971a8750aefac72059efec74eb8
4
+ data.tar.gz: 90a3af70071ac13b8b29db40a47868c5221361e14ad21aec997d1cfb52634d03
5
5
  SHA512:
6
- metadata.gz: c91365effac6f9f697441f8356f273f403eb92973e3dd8ecb187d4419299a377e12353cfd6708799ced35fe1839faec70586a9131c61f0e7dbcb01a6d5bfb94d
7
- data.tar.gz: 47a8af6283b7dc2e668278548580642b94c8808b5df062c5a7cc51f3663f012fd767a86af8e9bbe7ae23bc9c107ed8cc1799c640593c38e42235dad5ca076eda
6
+ metadata.gz: c961adbd35fd2999240f21e45383fa2ebd11edae361b65858361989ca32decc61d79b0259dcc0892ec65d714baed184f00d16499a6c4d5454599d268511c90ae
7
+ data.tar.gz: 7d90eebd468b2f28d536d395e62a29a4f1f342a72fa7141f2c4816887331e7cd5cea21906f8c717fb2b056f09fe316091171ba64170c728f87e7086773e7e95c
checksums.yaml.gz.sig CHANGED
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1002,6 +1002,9 @@ def getaddrinfo_from_request(request, socktype, proto):
1002
1002
  local_address_info = None
1003
1003
  return peer_address_info, local_address_info
1004
1004
 
1005
+ def addr_atoi4(address):
1006
+ return struct.unpack('!I', socket.inet_aton(address))[0]
1007
+
1005
1008
  def netlink_request(req_type, req_data):
1006
1009
  # See RFC 3549
1007
1010
  NLM_F_REQUEST = 0x0001
@@ -1923,19 +1926,22 @@ def stdapi_net_config_get_arp_table(request, response):
1923
1926
  if not os.path.exists(arp_cache_file):
1924
1927
  return ERROR_NOT_SUPPORTED, response
1925
1928
 
1926
- with open(arp_cache_file, 'r') as arp_cache:
1927
- lines = arp_cache.readlines()
1928
- for line in lines[1:]:
1929
- fields = line.split()
1930
- ip_address = fields[0]
1931
- mac_address = fields[3]
1932
- mac_address = binascii.unhexlify(mac_address.replace(':', ''))
1933
- interface_name = fields[5]
1934
- arp_tlv = bytes()
1935
- arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
1936
- arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
1937
- arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
1938
- response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1929
+ arp_cache = open('/proc/net/arp', 'r')
1930
+ lines = arp_cache.readlines()
1931
+ for line in lines[1:]:
1932
+ fields = line.split()
1933
+ ip_address = fields[0]
1934
+ mac_address = fields[3]
1935
+ mac_address = bytes().join(binascii.unhexlify(h) for h in mac_address.split(':'))
1936
+ interface_name = fields[5]
1937
+ arp_tlv = bytes()
1938
+ arp_tlv += tlv_pack(TLV_TYPE_IP, socket.inet_aton(ip_address))
1939
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_ADDRESS, mac_address)
1940
+ arp_tlv += tlv_pack(TLV_TYPE_MAC_NAME, interface_name)
1941
+ response += tlv_pack(TLV_TYPE_ARP_ENTRY, arp_tlv)
1942
+ arp_cache.close()
1943
+ else:
1944
+ return ERROR_NOT_SUPPORTED, response
1939
1945
  return ERROR_SUCCESS, response
1940
1946
 
1941
1947
  @register_function
@@ -2146,6 +2152,73 @@ def stdapi_net_config_get_routes(request, response):
2146
2152
  response += tlv_pack(TLV_TYPE_NETWORK_ROUTE, route_tlv)
2147
2153
  return ERROR_SUCCESS, response
2148
2154
 
2155
+ def _win_route_add_remove(is_add, request, response):
2156
+ class IPAddr(ctypes.Structure):
2157
+ _fields_ = [
2158
+ ("S_addr", ctypes.c_ulong)]
2159
+
2160
+ MIB_IPROUTE_TYPE_INDIRECT = 4
2161
+ MIB_IPPROTO_NETMGMT = 3
2162
+
2163
+ GetBestInterface = ctypes.windll.Iphlpapi.GetBestInterface
2164
+ GetBestInterface.argtypes = [IPAddr, ctypes.POINTER(ctypes.c_ulong)]
2165
+ GetBestInterface.restype = ctypes.c_ulong
2166
+
2167
+ CreateIpForwardEntry = ctypes.windll.Iphlpapi.CreateIpForwardEntry
2168
+ CreateIpForwardEntry.argtypes = [PMIB_IPFORWARDROW]
2169
+ CreateIpForwardEntry.restype = ctypes.c_ulong
2170
+
2171
+ DeleteIpForwardEntry = ctypes.windll.Iphlpapi.DeleteIpForwardEntry
2172
+ DeleteIpForwardEntry.argtypes = [PMIB_IPFORWARDROW]
2173
+ DeleteIpForwardEntry.restype = ctypes.c_ulong
2174
+
2175
+ GetIpInterfaceEntry = ctypes.windll.Iphlpapi.GetIpInterfaceEntry
2176
+ GetIpInterfaceEntry.argtypes = [ctypes.POINTER(MIB_IPINTERFACE_ROW)]
2177
+ GetIpInterfaceEntry.restype = ctypes.c_ulong
2178
+
2179
+ subnet = packet_get_tlv(request, TLV_TYPE_SUBNET_STRING)['value']
2180
+ netmask = packet_get_tlv(request, TLV_TYPE_NETMASK_STRING)['value']
2181
+ gateway = packet_get_tlv(request, TLV_TYPE_GATEWAY_STRING)['value']
2182
+
2183
+ route = MIB_IPFORWARDROW()
2184
+ route.dwForwardDest = socket.ntohl(addr_atoi4(subnet))
2185
+ route.dwForwardMask = socket.ntohl(addr_atoi4(netmask))
2186
+ route.dwForwardNextHop = socket.ntohl(addr_atoi4(gateway))
2187
+ route.dwForwardType = MIB_IPROUTE_TYPE_INDIRECT
2188
+ route.dwForwardProto = MIB_IPPROTO_NETMGMT
2189
+ route.dwForwardAge = -1
2190
+ route.dwForwardMetric1 = 0
2191
+
2192
+ best_iface = ctypes.c_ulong()
2193
+ ip_addr = IPAddr(socket.ntohl(addr_atoi4(subnet)))
2194
+ result = GetBestInterface(ip_addr, ctypes.byref(best_iface))
2195
+ if result != ERROR_SUCCESS:
2196
+ return error_result_windows(result), response
2197
+ route.dwForwardIfIndex = best_iface
2198
+
2199
+ iface = MIB_IPINTERFACE_ROW(Family=WIN_AF_INET, InterfaceIndex=route.dwForwardIfIndex)
2200
+ result = GetIpInterfaceEntry(ctypes.byref(iface))
2201
+ if result != ERROR_SUCCESS:
2202
+ return error_result_windows(result), response
2203
+ route.dwForwardMetric1 = iface.Metric
2204
+
2205
+ if is_add:
2206
+ result = CreateIpForwardEntry(ctypes.byref(route))
2207
+ else:
2208
+ result = DeleteIpForwardEntry(ctypes.byref(route))
2209
+ if result != ERROR_SUCCESS:
2210
+ return error_result_windows(result), response
2211
+
2212
+ return ERROR_SUCCESS, response
2213
+
2214
+ @register_function_if(has_windll)
2215
+ def stdapi_net_config_add_route(request, response):
2216
+ return _win_route_add_remove(True, request, response)
2217
+
2218
+ @register_function_if(has_windll)
2219
+ def stdapi_net_config_remove_route(request, response):
2220
+ return _win_route_add_remove(False, request, response)
2221
+
2149
2222
  def stdapi_net_config_get_routes_via_netlink():
2150
2223
  rta_align = lambda l: l+3 & ~3
2151
2224
  responses = netlink_request(RTM_GETROUTE, RTMSG(family=socket.AF_UNSPEC))
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.118'
3
+ VERSION = '2.0.119'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.118
4
+ version: 2.0.119
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2023-03-03 00:00:00.000000000 Z
99
+ date: 2023-03-07 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
Binary file