metasploit-payloads 2.0.97 → 2.0.98
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/data/android/meterpreter.jar +0 -0
- data/data/android/metstage.jar +0 -0
- data/data/android/shell.jar +0 -0
- data/data/meterpreter/elevator.x64.debug.dll +0 -0
- data/data/meterpreter/elevator.x64.dll +0 -0
- data/data/meterpreter/elevator.x86.debug.dll +0 -0
- data/data/meterpreter/elevator.x86.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x64.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_bofloader.x86.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x64.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_espia.x86.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_extapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x64.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_incognito.x86.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x64.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_kiwi.x86.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x64.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_lanattacks.x86.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x64.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_peinjector.x86.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x64.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_powershell.x86.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x64.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_priv.x86.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x64.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_python.x86.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x64.dll +0 -0
- data/data/meterpreter/ext_server_sniffer.x86.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.py +89 -0
- data/data/meterpreter/ext_server_stdapi.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x64.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_stdapi.x86.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x64.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_unhook.x86.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x64.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.debug.dll +0 -0
- data/data/meterpreter/ext_server_winpmem.x86.dll +0 -0
- data/data/meterpreter/metsrv.x64.debug.dll +0 -0
- data/data/meterpreter/metsrv.x64.dll +0 -0
- data/data/meterpreter/metsrv.x86.debug.dll +0 -0
- data/data/meterpreter/metsrv.x86.dll +0 -0
- data/data/meterpreter/screenshot.x64.debug.dll +0 -0
- data/data/meterpreter/screenshot.x64.dll +0 -0
- data/data/meterpreter/screenshot.x86.debug.dll +0 -0
- data/data/meterpreter/screenshot.x86.dll +0 -0
- data/lib/metasploit-payloads/version.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +1 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e258521427e2bc71990e2e646fbf617fc70569fc6a1ca41d886eea9a6a5dd9c2
|
4
|
+
data.tar.gz: 77d18985a73b5f3e87f77cfb6f15d346b1316e03ea05bde053e23c828aa432f4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cee1509b9a8f0780c1d5d02d87f6412a463275d6a72743767c4229115448a86a63e25cddb529cd6e2ee4ea2aa44ecfd7f3b331de74b3b085c35961b45e8fb436
|
7
|
+
data.tar.gz: bc60aa01a5781c8a22d78be70fa02665456552fe4fb44c867655ed3e88834f790c3b55c4176d4c1e036bec0a0425b701842f1ab3c3753516f04e0e56aa0970c4
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
Binary file
|
data/data/android/metstage.jar
CHANGED
Binary file
|
data/data/android/shell.jar
CHANGED
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -21,6 +21,9 @@ except ImportError:
|
|
21
21
|
has_ctypes = False
|
22
22
|
has_windll = False
|
23
23
|
|
24
|
+
if has_windll:
|
25
|
+
from ctypes import wintypes
|
26
|
+
|
24
27
|
try:
|
25
28
|
import pty
|
26
29
|
has_pty = True
|
@@ -357,6 +360,36 @@ if has_ctypes:
|
|
357
360
|
("lpszProxy", ctypes.c_wchar_p),
|
358
361
|
("lpszProxyBypass", ctypes.c_wchar_p)]
|
359
362
|
|
363
|
+
class LUID(ctypes.Structure):
|
364
|
+
_fields_ = [
|
365
|
+
('LowPart', wintypes.DWORD),
|
366
|
+
('HighPart', wintypes.LONG)
|
367
|
+
]
|
368
|
+
|
369
|
+
def __eq__(self, __o):
|
370
|
+
return (self.LowPart == __o.LowPart and self.HighPart == __o.HighPart)
|
371
|
+
|
372
|
+
def __ne__(self, __o):
|
373
|
+
return (self.LowPart != __o.LowPart or self.HighPart != __o.HighPart)
|
374
|
+
|
375
|
+
class LUID_AND_ATTRIBUTES(ctypes.Structure):
|
376
|
+
_fields_ = [
|
377
|
+
('Luid', LUID),
|
378
|
+
('Attributes', wintypes.DWORD)
|
379
|
+
]
|
380
|
+
|
381
|
+
class TOKEN_PRIVILEGES(ctypes.Structure):
|
382
|
+
_fields_ = [
|
383
|
+
('PrivilegeCount', wintypes.DWORD),
|
384
|
+
('Privileges', LUID_AND_ATTRIBUTES * 0),
|
385
|
+
]
|
386
|
+
def get_array(self):
|
387
|
+
array_type = LUID_AND_ATTRIBUTES * self.PrivilegeCount
|
388
|
+
return ctypes.cast(self.Privileges, ctypes.POINTER(array_type)).contents
|
389
|
+
|
390
|
+
PTOKEN_PRIVILEGES = ctypes.POINTER(TOKEN_PRIVILEGES)
|
391
|
+
|
392
|
+
|
360
393
|
#
|
361
394
|
# Linux Structures
|
362
395
|
#
|
@@ -999,6 +1032,45 @@ def windll_GetVersion():
|
|
999
1032
|
dwBuild = ((dwVersion & 0xffff0000) >> 16)
|
1000
1033
|
return type('Version', (object,), dict(dwMajorVersion = dwMajorVersion, dwMinorVersion = dwMinorVersion, dwBuild = dwBuild))
|
1001
1034
|
|
1035
|
+
def enable_privilege(name, enable=True):
|
1036
|
+
TOKEN_ALL_ACCESS = 0xf01ff
|
1037
|
+
SE_PRIVILEGE_ENABLED = 0x00000002
|
1038
|
+
|
1039
|
+
GetCurrentProcess = ctypes.windll.kernel32.GetCurrentProcess
|
1040
|
+
GetCurrentProcess.restype = wintypes.HANDLE
|
1041
|
+
|
1042
|
+
OpenProcessToken = ctypes.windll.advapi32.OpenProcessToken
|
1043
|
+
OpenProcessToken.argtypes = [wintypes.HANDLE, wintypes.DWORD, ctypes.POINTER(wintypes.HANDLE)]
|
1044
|
+
OpenProcessToken.restype = wintypes.BOOL
|
1045
|
+
|
1046
|
+
LookupPrivilegeValue = ctypes.windll.advapi32.LookupPrivilegeValueW
|
1047
|
+
LookupPrivilegeValue.argtypes = [wintypes.LPCWSTR, wintypes.LPCWSTR, ctypes.POINTER(LUID)]
|
1048
|
+
LookupPrivilegeValue.restype = wintypes.BOOL
|
1049
|
+
|
1050
|
+
AdjustTokenPrivileges = ctypes.windll.advapi32.AdjustTokenPrivileges
|
1051
|
+
AdjustTokenPrivileges.argtypes = [wintypes.HANDLE, wintypes.BOOL, PTOKEN_PRIVILEGES, wintypes.DWORD, PTOKEN_PRIVILEGES, ctypes.POINTER(wintypes.DWORD)]
|
1052
|
+
AdjustTokenPrivileges.restype = wintypes.BOOL
|
1053
|
+
|
1054
|
+
token = wintypes.HANDLE()
|
1055
|
+
success = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, token)
|
1056
|
+
if not success:
|
1057
|
+
return False
|
1058
|
+
|
1059
|
+
luid = LUID()
|
1060
|
+
name = ctypes.create_unicode_buffer(name)
|
1061
|
+
success = LookupPrivilegeValue(None, name, luid)
|
1062
|
+
if not success:
|
1063
|
+
return False
|
1064
|
+
|
1065
|
+
size = ctypes.sizeof(TOKEN_PRIVILEGES)
|
1066
|
+
size += ctypes.sizeof(LUID_AND_ATTRIBUTES)
|
1067
|
+
buffer = ctypes.create_string_buffer(size)
|
1068
|
+
tokenPrivileges = ctypes.cast(buffer, PTOKEN_PRIVILEGES).contents
|
1069
|
+
tokenPrivileges.PrivilegeCount = 1
|
1070
|
+
tokenPrivileges.get_array()[0].Luid = luid
|
1071
|
+
tokenPrivileges.get_array()[0].Attributes = SE_PRIVILEGE_ENABLED if enable else 0
|
1072
|
+
return AdjustTokenPrivileges(token, False, tokenPrivileges, 0, None, None)
|
1073
|
+
|
1002
1074
|
@register_function
|
1003
1075
|
def channel_open_stdapi_fs_file(request, response):
|
1004
1076
|
fpath = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
|
@@ -1335,6 +1407,23 @@ def stdapi_sys_process_get_processes(request, response):
|
|
1335
1407
|
return stdapi_sys_process_get_processes_via_ps(request, response)
|
1336
1408
|
return ERROR_FAILURE, response
|
1337
1409
|
|
1410
|
+
@register_function_if(has_windll)
|
1411
|
+
def stdapi_sys_power_exitwindows(request, response):
|
1412
|
+
SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
|
1413
|
+
|
1414
|
+
flags = packet_get_tlv(request, TLV_TYPE_POWER_FLAGS)['value']
|
1415
|
+
reason = packet_get_tlv(request, TLV_TYPE_POWER_REASON)['value']
|
1416
|
+
|
1417
|
+
if not enable_privilege(SE_SHUTDOWN_NAME):
|
1418
|
+
return error_result_windows(), response
|
1419
|
+
|
1420
|
+
ExitWindowsEx = ctypes.windll.user32.ExitWindowsEx
|
1421
|
+
ExitWindowsEx.argtypes = [ctypes.c_uint32, ctypes.c_ulong]
|
1422
|
+
ExitWindowsEx.restype = ctypes.c_int8
|
1423
|
+
if not ExitWindowsEx(flags, reason):
|
1424
|
+
return error_result_windows(), response
|
1425
|
+
return ERROR_SUCCESS, response
|
1426
|
+
|
1338
1427
|
@register_function_if(has_windll)
|
1339
1428
|
def stdapi_sys_eventlog_open(request, response):
|
1340
1429
|
source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit-payloads
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.98
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OJ Reeves
|
@@ -96,7 +96,7 @@ cert_chain:
|
|
96
96
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
97
97
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
98
98
|
-----END CERTIFICATE-----
|
99
|
-
date: 2022-
|
99
|
+
date: 2022-11-03 00:00:00.000000000 Z
|
100
100
|
dependencies:
|
101
101
|
- !ruby/object:Gem::Dependency
|
102
102
|
name: rake
|
metadata.gz.sig
CHANGED