metasploit-payloads 2.0.95 → 2.0.96
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +32 -8
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +1 -1
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14a31678ea188df6a041cd2d9aa4b5e7675e692deac5441309e8f7d28f19971b
|
4
|
+
data.tar.gz: 743083ddf93da1a9447ad45c1d195f7761526bb73595aaa63631d993496011dd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 58dd28d9fb05c6d5d0742b6316209514f287c9da6c54322eaff3e9d62369ee1a1384d8592ed1b8aa0d14facc62b0014e895dc55e03c534e828bb987ec391ce52
|
7
|
+
data.tar.gz: 6a9f652a9807c1d4288e9c3c87161d858fe4bb63fe8f4216c4b82d6f3b06bd9d5acbc6f8f0978fae5bf87b7198e8e89716dca4a86df6ae7eb2b154c6238a156a
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -2463,14 +2463,26 @@ def stdapi_registry_load_key(request, response):
|
|
2463
2463
|
def _wreg_close_key(hkey):
|
2464
2464
|
ctypes.windll.advapi32.RegCloseKey(hkey)
|
2465
2465
|
|
2466
|
-
def _wreg_open_key(request):
|
2466
|
+
def _wreg_open_key(request, permission=None):
|
2467
2467
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
2468
|
+
root_key_names = {
|
2469
|
+
winreg.HKEY_CLASSES_ROOT & 0xffffffff: 'HKCR',
|
2470
|
+
winreg.HKEY_CURRENT_USER & 0xffffffff: 'HKCU',
|
2471
|
+
winreg.HKEY_LOCAL_MACHINE & 0xffffffff: 'HKLM',
|
2472
|
+
winreg.HKEY_USERS & 0xffffffff: 'HKU',
|
2473
|
+
winreg.HKEY_PERFORMANCE_DATA & 0xffffffff: 'HKPD',
|
2474
|
+
winreg.HKEY_CURRENT_CONFIG & 0xffffffff: 'HKCC'
|
2475
|
+
}
|
2476
|
+
root_key_name = root_key_names.get(root_key, 'HK??')
|
2468
2477
|
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
2478
|
+
debug_print('[*] opening registry key: ' + root_key_name + '\\' + unicode(base_key))
|
2469
2479
|
base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
|
2470
|
-
permission
|
2480
|
+
if permission is None:
|
2481
|
+
permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
|
2471
2482
|
handle_id = ctypes.c_void_p()
|
2472
|
-
|
2473
|
-
|
2483
|
+
result = ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id))
|
2484
|
+
if result != ERROR_SUCCESS:
|
2485
|
+
return error_result_windows(result), 0
|
2474
2486
|
return ERROR_SUCCESS, handle_id.value
|
2475
2487
|
|
2476
2488
|
def _wreg_query_value(request, response, hkey):
|
@@ -2497,7 +2509,7 @@ def _wreg_query_value(request, response, hkey):
|
|
2497
2509
|
else:
|
2498
2510
|
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
|
2499
2511
|
return ERROR_SUCCESS, response
|
2500
|
-
return error_result_windows(), response
|
2512
|
+
return error_result_windows(result), response
|
2501
2513
|
|
2502
2514
|
def _wreg_set_value(request, response, hkey):
|
2503
2515
|
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
@@ -2505,7 +2517,19 @@ def _wreg_set_value(request, response, hkey):
|
|
2505
2517
|
value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
|
2506
2518
|
value_data = packet_get_tlv(request, TLV_TYPE_VALUE_DATA)['value']
|
2507
2519
|
result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
|
2508
|
-
|
2520
|
+
if result == ERROR_SUCCESS:
|
2521
|
+
return ERROR_SUCCESS, response
|
2522
|
+
return error_result_windows(result), response
|
2523
|
+
|
2524
|
+
@register_function_if(has_windll)
|
2525
|
+
def stdapi_registry_check_key_exists(request, response):
|
2526
|
+
err, hkey = _wreg_open_key(request, permission=winreg.KEY_QUERY_VALUE)
|
2527
|
+
if err == ERROR_SUCCESS:
|
2528
|
+
_wreg_close_key(hkey)
|
2529
|
+
response += tlv_pack(TLV_TYPE_BOOL, True)
|
2530
|
+
else:
|
2531
|
+
response += tlv_pack(TLV_TYPE_BOOL, False)
|
2532
|
+
return ERROR_SUCCESS, response
|
2509
2533
|
|
2510
2534
|
@register_function_if(has_windll)
|
2511
2535
|
def stdapi_registry_open_key(request, response):
|
@@ -2545,7 +2569,7 @@ def stdapi_registry_query_value(request, response):
|
|
2545
2569
|
def stdapi_registry_query_value_direct(request, response):
|
2546
2570
|
err, hkey = _wreg_open_key(request)
|
2547
2571
|
if err != ERROR_SUCCESS:
|
2548
|
-
return err, response
|
2572
|
+
return error_result_windows(err), response
|
2549
2573
|
ret = _wreg_query_value(request, response, hkey)
|
2550
2574
|
_wreg_close_key(hkey)
|
2551
2575
|
return ret
|
@@ -2559,7 +2583,7 @@ def stdapi_registry_set_value(request, response):
|
|
2559
2583
|
def stdapi_registry_set_value_direct(request, response):
|
2560
2584
|
err, hkey = _wreg_open_key(request)
|
2561
2585
|
if err != ERROR_SUCCESS:
|
2562
|
-
return err, response
|
2586
|
+
return error_result_windows(err), response
|
2563
2587
|
ret = _wreg_set_value(request, response, hkey)
|
2564
2588
|
_wreg_close_key(hkey)
|
2565
2589
|
return ret
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
metadata.gz.sig
CHANGED
Binary file
|