metasploit-payloads 2.0.56 → 2.0.57

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2cfea8412e9fdb3611bf7b796eacac9ebbccc4e38ad767c21d9855b0c4cfa6c9
-  data.tar.gz: 6b05e8a8b0043d1b8baa1da53914aaac81f3f0a53a0206b2469401c5b9522f32
+  metadata.gz: 828c2137d88b9ecf8a48064976e436f178a4e69bfc3a01b2aac2e880f605e78e
+  data.tar.gz: b5ee9b456a820e72fa918aafb258347b812469de22f47e0bc01d4ea039100d07
 SHA512:
-  metadata.gz: d6c7541e9de5fc8173c099ba83c14ff6e189f8e18028569129421b61992351413fbe210ac57149ac8ad1195f332e13f788a0e1726097c27ba3264a66e9bbb7ab
-  data.tar.gz: af365d33032004e39ce3e3dd92e51ef166bb1a5b632d0a5687434dd68551f63123913fb868967c850db2976d236ffd76a22d197d481a8582c193022a51fcfb17
+  metadata.gz: 19d25d6d1db9e626ea6746c59a4d7344a72435e0c36b46357b2e8dfb27361383b3264b38f24038aaeb9fba6607fbbbcbeef017f81437b3dae9c11dcb2c927506
+  data.tar.gz: a7810ce9c9f07f4438450fb9f2a611a7c4aed844d14035a263784f241074ed773ff4661cf550386839eb939c9ec9adf143d8202161ba969a7f341c2f712ae2e3

data/data/meterpreter/ext_server_stdapi.php

@@ -27,7 +27,9 @@ define("TLV_TYPE_SEARCH_RECURSE",      TLV_META_TYPE_BOOL    | 1230);
 define("TLV_TYPE_SEARCH_GLOB",         TLV_META_TYPE_STRING  | 1231);
 define("TLV_TYPE_SEARCH_ROOT",         TLV_META_TYPE_STRING  | 1232);
 define("TLV_TYPE_SEARCH_RESULTS",      TLV_META_TYPE_GROUP   | 1233);
-
+define("TLV_TYPE_SEARCH_MTIME",        TLV_META_TYPE_UINT    | 1235);
+define("TLV_TYPE_SEARCH_M_START_DATE", TLV_META_TYPE_UINT    | 1236);
+define("TLV_TYPE_SEARCH_M_END_DATE",   TLV_META_TYPE_UINT    | 1237);
 define("TLV_TYPE_FILE_MODE_T",         TLV_META_TYPE_UINT    | 1234);
 
 ##
@@ -340,7 +342,7 @@ define('GLOB_RECURSE',2048);
  *   GLOB_NODOTS, GLOB_RECURSE
  */
 if (!function_exists('safe_glob')) {
-function safe_glob($pattern, $flags=0) {
+function safe_glob($pattern, $flags=0, $start_date=null, $end_date=null) {
     $split=explode('/',str_replace('\\','/',$pattern));
     $mask=array_pop($split);
     $path=implode('/',$split);
@@ -356,14 +358,21 @@ function safe_glob($pattern, $flags=0) {
                     && (!is_link($path."/".$file))
                 )
             ) {
-                $glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
-                    ($flags&GLOB_PATH?'':$file.'/')));
+                $newglob = safe_glob($path.'/'.$file.'/'.$mask, $flags, $start_date, $end_date);
+                if ($newglob !== false) {
+                    $glob = array_merge($glob, array_prepend($newglob,
+                        ($flags&GLOB_PATH?'':$file.'/')));
+                }
             }
             // Match file mask
             if (fnmatch($mask,$file)) {
+                $tmp_f_stat = stat($path.'/'.$file);
+                $mtime = $tmp_f_stat['mtime'];
                 if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
                     && ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
-                    && ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
+                    && ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) )
+                    && ( ($start_date === null) || ($start_date <= $mtime))
+                    && ( ($end_date === null) || ($end_date >= $mtime)) )
                     $glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
             }
         }
@@ -682,27 +691,38 @@ function stdapi_fs_search($req, &$pkt) {
     $glob = canonicalize_path($glob_tlv['value']);
     $recurse_tlv = packet_get_tlv($req, TLV_TYPE_SEARCH_RECURSE);
     $recurse = $recurse_tlv['value'];
+    $start_date_tlv = packet_get_tlv($req, TLV_TYPE_SEARCH_M_START_DATE);
+    $start_date = null;
+    if ($start_date_tlv) {
+        $start_date = $start_date_tlv['value'];
+    }
+    $end_date_tlv = packet_get_tlv($req, TLV_TYPE_SEARCH_M_END_DATE);
+    $end_date = null;
+    if ($end_date_tlv) {
+        $end_date = $end_date_tlv['value'];
+    }
 
     if (!$root) {
         $root = '.';
     }
 
     my_print("glob: $glob, root: $root, recurse: $recurse");
-    $flags = GLOB_PATH;
+    $flags = GLOB_PATH | GLOB_NODOTS;
     if ($recurse) {
         $flags |= GLOB_RECURSE;
     }
-    $files = safe_glob($root ."/". $glob, $flags);
+    $files = safe_glob($root ."/". $glob, $flags, $start_date, $end_date);
     if ($files and is_array($files)) {
         dump_array($files);
         foreach ($files as $file) {
             $file_tlvs = "";
             $s = stat($file);
-            $p = dirname($file);
-            $f = basename($file);
+            $p = canonicalize_path(dirname($file));
+            $f = canonicalize_path(basename($file));
             $file_tlvs .= tlv_pack(create_tlv(TLV_TYPE_FILE_PATH, $p));
             $file_tlvs .= tlv_pack(create_tlv(TLV_TYPE_FILE_NAME, $f));
             $file_tlvs .= tlv_pack(create_tlv(TLV_TYPE_FILE_SIZE, $s['size']));
+            $file_tlvs .= tlv_pack(create_tlv(TLV_TYPE_SEARCH_MTIME, $s['mtime']));
             packet_add_tlv($pkt, create_tlv(TLV_TYPE_SEARCH_RESULTS, $file_tlvs));
         }
     }

data/data/meterpreter/ext_server_stdapi.py

@@ -474,6 +474,9 @@ TLV_TYPE_SEARCH_ROOT           = TLV_META_TYPE_STRING  | 1232
 TLV_TYPE_SEARCH_RESULTS        = TLV_META_TYPE_GROUP   | 1233
 
 TLV_TYPE_FILE_MODE_T           = TLV_META_TYPE_UINT    | 1234
+TLV_TYPE_SEARCH_MTIME          = TLV_META_TYPE_UINT    | 1235
+TLV_TYPE_SEARCH_M_START_DATE   = TLV_META_TYPE_UINT    | 1236
+TLV_TYPE_SEARCH_M_END_DATE     = TLV_META_TYPE_UINT    | 1237
 
 ##
 # Net
@@ -1518,20 +1521,36 @@ def stdapi_fs_search(request, response):
     search_root = unicode(search_root)
     glob = packet_get_tlv(request, TLV_TYPE_SEARCH_GLOB)['value']
     recurse = packet_get_tlv(request, TLV_TYPE_SEARCH_RECURSE)['value']
+    start_date = packet_get_tlv(request,TLV_TYPE_SEARCH_M_START_DATE)
+    end_date = packet_get_tlv(request,TLV_TYPE_SEARCH_M_END_DATE)
     if recurse:
         for root, dirs, files in os.walk(search_root):
             for f in filter(lambda f: fnmatch.fnmatch(f, glob), files):
+                file_stat = os.stat(os.path.join(root, f))
+                mtime = int(file_stat.st_mtime)
+                if start_date and start_date['value'] > mtime:
+                    continue
+                if end_date and end_date['value'] < mtime:
+                    continue
                 file_tlv  = bytes()
                 file_tlv += tlv_pack(TLV_TYPE_FILE_PATH, root)
                 file_tlv += tlv_pack(TLV_TYPE_FILE_NAME, f)
-                file_tlv += tlv_pack(TLV_TYPE_FILE_SIZE, os.stat(os.path.join(root, f)).st_size)
+                file_tlv += tlv_pack(TLV_TYPE_FILE_SIZE, file_stat.st_size)
+                file_tlv += tlv_pack(TLV_TYPE_SEARCH_MTIME, mtime)
                 response += tlv_pack(TLV_TYPE_SEARCH_RESULTS, file_tlv)
     else:
         for f in filter(lambda f: fnmatch.fnmatch(f, glob), os.listdir(search_root)):
+            file_stat = os.stat(os.path.join(search_root, f))
+            mtime = int(file_stat.st_mtime)
+            if start_date and start_date['value'] > mtime:
+                continue
+            if end_date and end_date['value'] < mtime:
+                continue
             file_tlv  = bytes()
             file_tlv += tlv_pack(TLV_TYPE_FILE_PATH, search_root)
             file_tlv += tlv_pack(TLV_TYPE_FILE_NAME, f)
-            file_tlv += tlv_pack(TLV_TYPE_FILE_SIZE, os.stat(os.path.join(search_root, f)).st_size)
+            file_tlv += tlv_pack(TLV_TYPE_FILE_SIZE, file_stat.st_size)
+            file_tlv += tlv_pack(TLV_TYPE_SEARCH_MTIME, mtime)
             response += tlv_pack(TLV_TYPE_SEARCH_RESULTS, file_tlv)
     return ERROR_SUCCESS, response
 

data/lib/metasploit-payloads/version.rb

@@ -1,6 +1,6 @@
 # -*- coding:binary -*-
 module MetasploitPayloads
-  VERSION = '2.0.56'
+  VERSION = '2.0.57'
 
   def self.version
     VERSION

data.tar.gz.sig

@@ -1,2 +1,3 @@
-I�r���Go���kk+��y������aZ2����s_-_�jGBI,��������~����S^���^lij��
�S@_�CY�X���Ɋn-�Wև��Dk��l���D[�#��&&y���X|�E�lL��^�տ�l���;��M�)�$$Ǹ%�0�
-T�u�Ro�M��*q��v ��j���6�rKb��y�F0wS��4���=PT�Nc(Ru�bR� hl�":u
+�*�A�x̭��XS�y�'wp��5��3�2�X�:C��(��$ִR'�Z����t�x[d��N�6��3���m6�����Y�����'~XRiҨ�8�OH����6����{��/����?�v���np��;��̝�8��;������adP�Ә)Q�
+�����QW�dt��/d��y��X��+�
q��_}1]��v��@��b�5�;�_>��� �ʈ�?
+���U�ޢ�f�tgX���U���oJ�$�����;4

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit-payloads
 version: !ruby/object:Gem::Version
-  version: 2.0.56
+  version: 2.0.57
 platform: ruby
 authors:
 - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-09-23 00:00:00.000000000 Z
+date: 2021-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake