Land #5426, use RAW for TLV hash binary data

data/meterpreter/ext_server_stdapi.php

@@ -19,6 +19,7 @@ define("TLV_TYPE_FILE_NAME",           TLV_META_TYPE_STRING  | 1201);
 define("TLV_TYPE_FILE_PATH",           TLV_META_TYPE_STRING  | 1202);
 define("TLV_TYPE_FILE_MODE",           TLV_META_TYPE_STRING  | 1203);
 define("TLV_TYPE_FILE_SIZE",           TLV_META_TYPE_UINT    | 1204);
+define("TLV_TYPE_FILE_HASH",           TLV_META_TYPE_RAW     | 1206);
 
 define("TLV_TYPE_STAT_BUF",            TLV_META_TYPE_COMPLEX | 1220);
 
@@ -533,8 +534,7 @@ function stdapi_fs_md5($req, &$pkt) {
         $md5 = md5(file_get_contents($path));
     }
     $md5 = pack("H*", $md5);
-    # Ghetto abuse of file name type to indicate the md5 result
+    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_HASH, $md5));
-    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $md5));
     return ERROR_SUCCESS;
 }
 }
@@ -552,8 +552,7 @@ function stdapi_fs_sha1($req, &$pkt) {
         $sha1 = sha1(file_get_contents($path));
     }
     $sha1 = pack("H*", $sha1);
-    # Ghetto abuse of file name type to indicate the sha1 result
+    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_HASH, $sha1));
-    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $sha1));
     return ERROR_SUCCESS;
 }
 }

data/meterpreter/ext_server_stdapi.py

@@ -307,6 +307,7 @@ TLV_TYPE_FILE_NAME             = TLV_META_TYPE_STRING  | 1201
 TLV_TYPE_FILE_PATH             = TLV_META_TYPE_STRING  | 1202
 TLV_TYPE_FILE_MODE             = TLV_META_TYPE_STRING  | 1203
 TLV_TYPE_FILE_SIZE             = TLV_META_TYPE_UINT    | 1204
+TLV_TYPE_FILE_HASH             = TLV_META_TYPE_RAW     | 1206
 
 TLV_TYPE_STAT_BUF              = TLV_META_TYPE_COMPLEX | 1220
 
@@ -1011,7 +1012,7 @@ def stdapi_fs_md5(request, response):
 		m = md5.new()
 	path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
 	m.update(open(path, 'rb').read())
-	response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
+	response += tlv_pack(TLV_TYPE_FILE_HASH, m.digest())
 	return ERROR_SUCCESS, response
 
 @meterpreter.register_function
@@ -1061,7 +1062,7 @@ def stdapi_fs_sha1(request, response):
 		m = sha.new()
 	path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
 	m.update(open(path, 'rb').read())
-	response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
+	response += tlv_pack(TLV_TYPE_FILE_HASH, m.digest())
 	return ERROR_SUCCESS, response
 
 @meterpreter.register_function

lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb

@@ -152,8 +152,10 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
 
     response = client.send_request(request)
 
-    # This is not really a file name, but a raw hash in bytes
+    # older meterpreter binaries will send FILE_NAME containing the hash
-    return response.get_tlv_value(TLV_TYPE_FILE_NAME)
+    hash = response.get_tlv_value(TLV_TYPE_FILE_HASH) ||
+      response.get_tlv_value(TLV_TYPE_FILE_NAME)
+    return hash
   end
 
   #
@@ -166,8 +168,10 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
 
     response = client.send_request(request)
 
-    # This is not really a file name, but a raw hash in bytes
+    # older meterpreter binaries will send FILE_NAME containing the hash
-    return response.get_tlv_value(TLV_TYPE_FILE_NAME)
+    hash = response.get_tlv_value(TLV_TYPE_FILE_HASH) ||
+      response.get_tlv_value(TLV_TYPE_FILE_NAME)
+    return hash
   end
 
   #

lib/rex/post/meterpreter/extensions/stdapi/tlv.rb

@@ -30,6 +30,7 @@ TLV_TYPE_FILE_PATH          = TLV_META_TYPE_STRING  | 1202
 TLV_TYPE_FILE_MODE          = TLV_META_TYPE_STRING  | 1203
 TLV_TYPE_FILE_SIZE          = TLV_META_TYPE_UINT    | 1204
 TLV_TYPE_FILE_SHORT_NAME    = TLV_META_TYPE_STRING  | 1205
+TLV_TYPE_FILE_HASH          = TLV_META_TYPE_RAW     | 1206
 
 TLV_TYPE_STAT_BUF           = TLV_META_TYPE_COMPLEX | 1220