diff --git a/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java b/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java index 96d61f98..2d5ba15f 100644 --- a/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java +++ b/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java @@ -160,6 +160,7 @@ public interface TLVType { public static final int TLV_TYPE_PROCESS_GROUP = TLVPacket.TLV_META_TYPE_GROUP | 2303; public static final int TLV_TYPE_PROCESS_FLAGS = TLVPacket.TLV_META_TYPE_UINT | 2304; public static final int TLV_TYPE_PROCESS_ARGUMENTS = TLVPacket.TLV_META_TYPE_STRING | 2305; + public static final int TLV_TYPE_PROCESS_ARGUMENT = TLVPacket.TLV_META_TYPE_STRING | 2310; public static final int TLV_TYPE_IMAGE_FILE = TLVPacket.TLV_META_TYPE_STRING | 2400; public static final int TLV_TYPE_IMAGE_FILE_PATH = TLVPacket.TLV_META_TYPE_STRING | 2401; diff --git a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java index 60e4e6a7..6a62f915 100644 --- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java +++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java @@ -7,31 +7,42 @@ import com.metasploit.meterpreter.TLVType; import com.metasploit.meterpreter.command.Command; import java.io.IOException; +import java.util.ArrayList; +import java.util.List; public class stdapi_sys_process_execute implements Command { private static final int PROCESS_EXECUTE_FLAG_CHANNELIZED = (1 << 1); + private static final int PROCESS_EXECUTE_FLAG_ARG_ARRAY = (1 << 8); private static int pid = 0; public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception { - StringBuilder cmdbuf = new StringBuilder(); String cmd = request.getStringValue(TLVType.TLV_TYPE_PROCESS_PATH); - String argsString = request.getStringValue(TLVType.TLV_TYPE_PROCESS_ARGUMENTS, ""); - int flags = request.getIntValue(TLVType.TLV_TYPE_PROCESS_FLAGS); - - cmdbuf.append(cmd); - if (argsString.length() > 0) { - cmdbuf.append(" "); - cmdbuf.append(argsString); - } - - if (cmd.length() == 0) { return ERROR_FAILURE; } - Process proc = execute(cmdbuf.toString()); + int flags = request.getIntValue(TLVType.TLV_TYPE_PROCESS_FLAGS); + Process proc; + if ((flags & PROCESS_EXECUTE_FLAG_ARG_ARRAY) != 0) { + List rawArgs = request.getValues(TLVType.TLV_TYPE_PROCESS_ARGUMENT); + ArrayList args = new ArrayList(); + for (int i = 0; i < rawArgs.size(); ++i) { + args.add((String) rawArgs.get(i)); + } + proc = execute(cmd, args); + } else { + String argsString = request.getStringValue(TLVType.TLV_TYPE_PROCESS_ARGUMENTS, ""); + StringBuilder cmdbuf = new StringBuilder(); + cmdbuf.append(cmd); + if (argsString.length() > 0) { + cmdbuf.append(" "); + cmdbuf.append(argsString); + } + proc = execute(cmdbuf.toString()); + } + if ((flags & PROCESS_EXECUTE_FLAG_CHANNELIZED) != 0) { ProcessChannel channel = new ProcessChannel(meterpreter, proc); @@ -49,6 +60,14 @@ public class stdapi_sys_process_execute implements Command { return ERROR_SUCCESS; } + protected Process execute(String cmd, ArrayList args) throws IOException { + ArrayList cmdAndArgs = new ArrayList(); + cmdAndArgs.add(cmd); + cmdAndArgs.addAll(args); + ProcessBuilder builder = new ProcessBuilder(cmdAndArgs); + return builder.start(); + } + protected Process execute(String cmdstr) throws IOException { Process proc = Runtime.getRuntime().exec(cmdstr); return proc;