Land #11193, increase capacity for meterpreter 'stat' command
Brent Cook
commit
3bc4456a39
|
|
@ -21,9 +21,9 @@ PATH
|
|||
metasploit-concern
|
||||
metasploit-credential
|
||||
metasploit-model
|
||||
metasploit-payloads (= 1.3.58)
|
||||
metasploit-payloads (= 1.3.61)
|
||||
metasploit_data_models
|
||||
metasploit_payloads-mettle (= 0.5.4)
|
||||
metasploit_payloads-mettle (= 0.5.6)
|
||||
mqtt
|
||||
msgpack
|
||||
nessus_rest
|
||||
|
|
@ -177,7 +177,7 @@ GEM
|
|||
activemodel (~> 4.2.6)
|
||||
activesupport (~> 4.2.6)
|
||||
railties (~> 4.2.6)
|
||||
metasploit-payloads (1.3.58)
|
||||
metasploit-payloads (1.3.61)
|
||||
metasploit_data_models (3.0.5)
|
||||
activerecord (~> 4.2.6)
|
||||
activesupport (~> 4.2.6)
|
||||
|
|
@ -188,7 +188,7 @@ GEM
|
|||
postgres_ext
|
||||
railties (~> 4.2.6)
|
||||
recog (~> 2.0)
|
||||
metasploit_payloads-mettle (0.5.4)
|
||||
metasploit_payloads-mettle (0.5.6)
|
||||
method_source (0.9.2)
|
||||
mini_portile2 (2.4.0)
|
||||
minitest (5.11.3)
|
||||
|
|
|
|||
|
|
@ -73,11 +73,19 @@ class FileStat
|
|||
end
|
||||
|
||||
def update(buf)
|
||||
skeys = %W{st_dev st_mode st_nlink st_uid st_gid st_rdev st_ino st_size st_ctime st_atime st_mtime}
|
||||
svals = buf.unpack("VVVVVVQQQQQ")
|
||||
skeys.each_index do |i|
|
||||
self.stathash[ skeys[i] ] = svals[i]
|
||||
end
|
||||
end
|
||||
|
||||
# XXX: This needs to understand more than just 'stat' structures
|
||||
# Windows can also return _stat32, _stat32i64, _stat64i32, and _stat64 structures
|
||||
|
||||
skeys = %W{st_dev st_ino st_mode st_wtf st_nlink st_uid st_gid st_rdev st_size st_ctime st_atime st_mtime}
|
||||
#
|
||||
# This handles the old 32bit st_size buf from old stageless meterpreters for backwards compatibility
|
||||
# Maybe we can remove this in the future
|
||||
#
|
||||
def update32(buf)
|
||||
skeys = %W{st_dev st_ino st_mode st_pad st_nlink st_uid st_gid st_rdev st_size st_ctime st_atime st_mtime}
|
||||
svals = buf.unpack("VvvvvvvVVVVV")
|
||||
skeys.each_index do |i|
|
||||
self.stathash[ skeys[i] ] = svals[i]
|
||||
|
|
|
|||
|
|
@ -73,7 +73,9 @@ class Dir < Rex::Post::Dir
|
|||
#
|
||||
def Dir.entries_with_info(name = getwd)
|
||||
request = Packet.create_request('stdapi_fs_ls')
|
||||
files = []
|
||||
files = []
|
||||
sbuf = nil
|
||||
new_stat_buf = true
|
||||
|
||||
request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode(name))
|
||||
|
||||
|
|
@ -82,7 +84,13 @@ class Dir < Rex::Post::Dir
|
|||
fname = response.get_tlvs(TLV_TYPE_FILE_NAME)
|
||||
fsname = response.get_tlvs(TLV_TYPE_FILE_SHORT_NAME)
|
||||
fpath = response.get_tlvs(TLV_TYPE_FILE_PATH)
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF)
|
||||
|
||||
if response.has_tlv?(TLV_TYPE_STAT_BUF)
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF)
|
||||
else
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF32)
|
||||
new_stat_buf = false
|
||||
end
|
||||
|
||||
if (!fname or !sbuf)
|
||||
return []
|
||||
|
|
@ -93,7 +101,11 @@ class Dir < Rex::Post::Dir
|
|||
|
||||
if (sbuf[idx])
|
||||
st = ::Rex::Post::FileStat.new
|
||||
st.update(sbuf[idx].value)
|
||||
if new_stat_buf
|
||||
st.update(sbuf[idx].value)
|
||||
else
|
||||
st.update32(sbuf[idx].value)
|
||||
end
|
||||
end
|
||||
|
||||
files <<
|
||||
|
|
@ -115,13 +127,21 @@ class Dir < Rex::Post::Dir
|
|||
def Dir.match(name, dir = false)
|
||||
path = name + '*'
|
||||
files = []
|
||||
sbuf = nil
|
||||
new_stat_buf = true
|
||||
|
||||
request = Packet.create_request('stdapi_fs_ls')
|
||||
request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode(path))
|
||||
response = client.send_request(request)
|
||||
|
||||
fpath = response.get_tlvs(TLV_TYPE_FILE_PATH)
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF)
|
||||
|
||||
if response.has_tlv?(TLV_TYPE_STAT_BUF)
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF)
|
||||
else
|
||||
sbuf = response.get_tlvs(TLV_TYPE_STAT_BUF32)
|
||||
new_stat_buf = false
|
||||
end
|
||||
|
||||
unless fpath && sbuf
|
||||
return []
|
||||
|
|
@ -130,7 +150,11 @@ class Dir < Rex::Post::Dir
|
|||
fpath.each_with_index do |file_name, idx|
|
||||
if dir && sbuf[idx]
|
||||
st = ::Rex::Post::FileStat.new
|
||||
st.update(sbuf[idx].value)
|
||||
if new_stat_buf
|
||||
st.update(sbuf[idx].value)
|
||||
else
|
||||
st.update32(sbuf[idx].value)
|
||||
end
|
||||
next if st.ftype != 'directory' # if file_name isn't directory
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,20 @@ class FileStat < Rex::Post::FileStat
|
|||
end
|
||||
|
||||
@@struct_stat = [
|
||||
'st_dev', 4, # 0
|
||||
'st_mode', 4, # 4
|
||||
'st_nlink', 4, # 8
|
||||
'st_uid', 4, # 12
|
||||
'st_gid', 4, # 16
|
||||
'st_rdev', 4, # 20
|
||||
'st_ino', 8, # 24
|
||||
'st_size', 8, # 32
|
||||
'st_atime', 8, # 40
|
||||
'st_mtime', 8, # 48
|
||||
'st_ctime', 8, # 56
|
||||
]
|
||||
|
||||
@@struct_stat32 = [
|
||||
'st_dev', 4, # 0
|
||||
'st_ino', 2, # 4
|
||||
'st_mode', 2, # 6
|
||||
|
|
@ -59,6 +73,36 @@ class FileStat < Rex::Post::FileStat
|
|||
offset = 0
|
||||
index = 0
|
||||
|
||||
while (index < elem.length)
|
||||
size = elem[index + 1]
|
||||
format = 'V'
|
||||
case size
|
||||
when 2
|
||||
format = 'v'
|
||||
when 8
|
||||
format = 'Q'
|
||||
end
|
||||
|
||||
value = stat_buf[offset, size].unpack(format)[0]
|
||||
offset += size
|
||||
|
||||
hash[elem[index]] = value
|
||||
|
||||
index += 2
|
||||
end
|
||||
|
||||
return (self.stathash = hash)
|
||||
end
|
||||
|
||||
#
|
||||
# Swaps in a new old style stat hash.
|
||||
#
|
||||
def update32(stat_buf)
|
||||
elem = @@struct_stat32
|
||||
hash = {}
|
||||
offset = 0
|
||||
index = 0
|
||||
|
||||
while (index < elem.length)
|
||||
size = elem[index + 1]
|
||||
|
||||
|
|
@ -91,11 +135,16 @@ protected
|
|||
request.add_tlv(TLV_TYPE_FILE_PATH, self.class.client.unicode_filter_decode( file ))
|
||||
|
||||
response = self.class.client.send_request(request)
|
||||
stat_buf = response.get_tlv(TLV_TYPE_STAT_BUF).value
|
||||
stat_buf = response.get_tlv(TLV_TYPE_STAT_BUF)
|
||||
|
||||
unless stat_buf
|
||||
stat_buf = response.get_tlv(TLV_TYPE_STAT_BUF32)
|
||||
return update32(stat_buf.value)
|
||||
end
|
||||
|
||||
# Next, we go through the returned stat_buf and fix up the values
|
||||
# and insert them into a hash
|
||||
return update(stat_buf)
|
||||
return update(stat_buf.value)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -40,7 +40,8 @@ TLV_TYPE_MOUNT_SPACE_TOTAL = TLV_META_TYPE_QWORD | 1211
|
|||
TLV_TYPE_MOUNT_SPACE_FREE = TLV_META_TYPE_QWORD | 1212
|
||||
TLV_TYPE_MOUNT_UNCPATH = TLV_META_TYPE_STRING | 1213
|
||||
|
||||
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220
|
||||
TLV_TYPE_STAT_BUF32 = TLV_META_TYPE_COMPLEX | 1220
|
||||
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1221
|
||||
|
||||
TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230
|
||||
TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231
|
||||
|
|
|
|||
|
|
@ -70,9 +70,9 @@ Gem::Specification.new do |spec|
|
|||
# are needed when there's no database
|
||||
spec.add_runtime_dependency 'metasploit-model'
|
||||
# Needed for Meterpreter
|
||||
spec.add_runtime_dependency 'metasploit-payloads', '1.3.58'
|
||||
spec.add_runtime_dependency 'metasploit-payloads', '1.3.61'
|
||||
# Needed for the next-generation POSIX Meterpreter
|
||||
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.4'
|
||||
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.6'
|
||||
# Needed by msfgui and other rpc components
|
||||
spec.add_runtime_dependency 'msgpack'
|
||||
# get list of network interfaces, like eth* from OS.
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_aarch64_apple_ios'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 795888
|
||||
CachedSize = 795860
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_aarch64_apple_ios'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 795888
|
||||
CachedSize = 795860
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_aarch64_apple_ios'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 795888
|
||||
CachedSize = 795860
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1028012
|
||||
CachedSize = 1028092
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1028012
|
||||
CachedSize = 1028092
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1028012
|
||||
CachedSize = 1028092
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1027616
|
||||
CachedSize = 1027728
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1027616
|
||||
CachedSize = 1027728
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_armle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1027616
|
||||
CachedSize = 1027728
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1465684
|
||||
CachedSize = 1465840
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1465684
|
||||
CachedSize = 1465840
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsbe_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1465684
|
||||
CachedSize = 1465840
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1467784
|
||||
CachedSize = 1467896
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1467784
|
||||
CachedSize = 1467896
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_mipsle_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1467784
|
||||
CachedSize = 1467896
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppc_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1211824
|
||||
CachedSize = 1211848
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppc_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1211824
|
||||
CachedSize = 1211848
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppc_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1211824
|
||||
CachedSize = 1211848
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppce500v2_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1164504
|
||||
CachedSize = 1164528
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppce500v2_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1164504
|
||||
CachedSize = 1164528
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ require 'msf/base/sessions/meterpreter_ppce500v2_linux'
|
|||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = 1164504
|
||||
CachedSize = 1164528
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
|
|
|||
Loading…
Reference in New Issue