Fix issue with getenv failing

The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.

Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.

For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.

This commit changes this so that the name is ignored and the first
value is returned.
bug/bundler_fix
OJ 2014-02-12 13:51:30 +10:00
parent 18816f3d5e
commit beca4b8bc3
1 changed files with 7 additions and 6 deletions

View File

@ -30,7 +30,7 @@ class Config
def getuid def getuid
request = Packet.create_request('stdapi_sys_config_getuid') request = Packet.create_request('stdapi_sys_config_getuid')
response = client.send_request(request) response = client.send_request(request)
return client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) ) client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
end end
# #
@ -53,14 +53,15 @@ class Config
result[var_name] = var_value result[var_name] = var_value
end end
return result result
end end
# #
# Returns the value of a single requested environment variable name # Returns the value of a single requested environment variable name
# #
def getenv(var_name) def getenv(var_name)
getenvs(var_name)[var_name] _, value = getenvs(var_name).first
value
end end
# #
@ -92,7 +93,7 @@ class Config
req = Packet.create_request('stdapi_sys_config_steal_token') req = Packet.create_request('stdapi_sys_config_steal_token')
req.add_tlv(TLV_TYPE_PID, pid.to_i) req.add_tlv(TLV_TYPE_PID, pid.to_i)
res = client.send_request(req) res = client.send_request(req)
return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) ) client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end end
# #
@ -101,7 +102,7 @@ class Config
def drop_token def drop_token
req = Packet.create_request('stdapi_sys_config_drop_token') req = Packet.create_request('stdapi_sys_config_drop_token')
res = client.send_request(req) res = client.send_request(req)
return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) ) client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end end
# #
@ -114,7 +115,7 @@ class Config
res.each(TLV_TYPE_PRIVILEGE) do |p| res.each(TLV_TYPE_PRIVILEGE) do |p|
ret << p.value ret << p.value
end end
return ret ret
end end
protected protected