metasploit-payloads 2.0.95 → 2.0.96

Sign up to get free protection for your applications and to get access to all the features.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  47. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  48. data/data/meterpreter/ext_server_stdapi.py +32 -8
  49. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  50. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  53. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  61. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  62. data/data/meterpreter/metsrv.x64.dll +0 -0
  63. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  64. data/data/meterpreter/metsrv.x86.dll +0 -0
  65. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  66. data/data/meterpreter/screenshot.x64.dll +0 -0
  67. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  68. data/data/meterpreter/screenshot.x86.dll +0 -0
  69. data/lib/metasploit-payloads/version.rb +1 -1
  70. data.tar.gz.sig +0 -0
  71. metadata +1 -1
  72. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 65f37b434ce16d7157fc2a2793df514f4d1e4ec074a3af13a7f8b0b208b610ad
4
- data.tar.gz: a65385fdf01c8b6ad65ad071f5126c0a83f8d3c68239ea9cf5608645debd2b6b
3
+ metadata.gz: 14a31678ea188df6a041cd2d9aa4b5e7675e692deac5441309e8f7d28f19971b
4
+ data.tar.gz: 743083ddf93da1a9447ad45c1d195f7761526bb73595aaa63631d993496011dd
5
5
  SHA512:
6
- metadata.gz: dada9732c1970c08e8ecc114177a13c52726873064146276669234cadd12c7fe8bd185f5717f102c5aca6a5ba26a09e7c421244afc92f6b76a9e266e402ddab6
7
- data.tar.gz: 805508ec98f5fbed9a4d12ce1baaaf9a6fe5ef03a67321de9a9771f50fc5d02eb94e98db2725ad13e55406b02b8735b1b1adb55f1069e9c94b2da23e2739ed84
6
+ metadata.gz: 58dd28d9fb05c6d5d0742b6316209514f287c9da6c54322eaff3e9d62369ee1a1384d8592ed1b8aa0d14facc62b0014e895dc55e03c534e828bb987ec391ce52
7
+ data.tar.gz: 6a9f652a9807c1d4288e9c3c87161d858fe4bb63fe8f4216c4b82d6f3b06bd9d5acbc6f8f0978fae5bf87b7198e8e89716dca4a86df6ae7eb2b154c6238a156a
checksums.yaml.gz.sig CHANGED
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -2463,14 +2463,26 @@ def stdapi_registry_load_key(request, response):
2463
2463
  def _wreg_close_key(hkey):
2464
2464
  ctypes.windll.advapi32.RegCloseKey(hkey)
2465
2465
 
2466
- def _wreg_open_key(request):
2466
+ def _wreg_open_key(request, permission=None):
2467
2467
  root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
2468
+ root_key_names = {
2469
+ winreg.HKEY_CLASSES_ROOT & 0xffffffff: 'HKCR',
2470
+ winreg.HKEY_CURRENT_USER & 0xffffffff: 'HKCU',
2471
+ winreg.HKEY_LOCAL_MACHINE & 0xffffffff: 'HKLM',
2472
+ winreg.HKEY_USERS & 0xffffffff: 'HKU',
2473
+ winreg.HKEY_PERFORMANCE_DATA & 0xffffffff: 'HKPD',
2474
+ winreg.HKEY_CURRENT_CONFIG & 0xffffffff: 'HKCC'
2475
+ }
2476
+ root_key_name = root_key_names.get(root_key, 'HK??')
2468
2477
  base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
2478
+ debug_print('[*] opening registry key: ' + root_key_name + '\\' + unicode(base_key))
2469
2479
  base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
2470
- permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
2480
+ if permission is None:
2481
+ permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
2471
2482
  handle_id = ctypes.c_void_p()
2472
- if ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id)) != ERROR_SUCCESS:
2473
- return error_result_windows(), 0
2483
+ result = ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id))
2484
+ if result != ERROR_SUCCESS:
2485
+ return error_result_windows(result), 0
2474
2486
  return ERROR_SUCCESS, handle_id.value
2475
2487
 
2476
2488
  def _wreg_query_value(request, response, hkey):
@@ -2497,7 +2509,7 @@ def _wreg_query_value(request, response, hkey):
2497
2509
  else:
2498
2510
  response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
2499
2511
  return ERROR_SUCCESS, response
2500
- return error_result_windows(), response
2512
+ return error_result_windows(result), response
2501
2513
 
2502
2514
  def _wreg_set_value(request, response, hkey):
2503
2515
  value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
@@ -2505,7 +2517,19 @@ def _wreg_set_value(request, response, hkey):
2505
2517
  value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
2506
2518
  value_data = packet_get_tlv(request, TLV_TYPE_VALUE_DATA)['value']
2507
2519
  result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
2508
- return result, response
2520
+ if result == ERROR_SUCCESS:
2521
+ return ERROR_SUCCESS, response
2522
+ return error_result_windows(result), response
2523
+
2524
+ @register_function_if(has_windll)
2525
+ def stdapi_registry_check_key_exists(request, response):
2526
+ err, hkey = _wreg_open_key(request, permission=winreg.KEY_QUERY_VALUE)
2527
+ if err == ERROR_SUCCESS:
2528
+ _wreg_close_key(hkey)
2529
+ response += tlv_pack(TLV_TYPE_BOOL, True)
2530
+ else:
2531
+ response += tlv_pack(TLV_TYPE_BOOL, False)
2532
+ return ERROR_SUCCESS, response
2509
2533
 
2510
2534
  @register_function_if(has_windll)
2511
2535
  def stdapi_registry_open_key(request, response):
@@ -2545,7 +2569,7 @@ def stdapi_registry_query_value(request, response):
2545
2569
  def stdapi_registry_query_value_direct(request, response):
2546
2570
  err, hkey = _wreg_open_key(request)
2547
2571
  if err != ERROR_SUCCESS:
2548
- return err, response
2572
+ return error_result_windows(err), response
2549
2573
  ret = _wreg_query_value(request, response, hkey)
2550
2574
  _wreg_close_key(hkey)
2551
2575
  return ret
@@ -2559,7 +2583,7 @@ def stdapi_registry_set_value(request, response):
2559
2583
  def stdapi_registry_set_value_direct(request, response):
2560
2584
  err, hkey = _wreg_open_key(request)
2561
2585
  if err != ERROR_SUCCESS:
2562
- return err, response
2586
+ return error_result_windows(err), response
2563
2587
  ret = _wreg_set_value(request, response, hkey)
2564
2588
  _wreg_close_key(hkey)
2565
2589
  return ret
Binary file
Binary file
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.95'
3
+ VERSION = '2.0.96'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.95
4
+ version: 2.0.96
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
metadata.gz.sig CHANGED
Binary file