Implement new cmd_exec for Java

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java

@@ -160,6 +160,7 @@ public interface TLVType {
     public static final int TLV_TYPE_PROCESS_GROUP      = TLVPacket.TLV_META_TYPE_GROUP  | 2303;
     public static final int TLV_TYPE_PROCESS_FLAGS      = TLVPacket.TLV_META_TYPE_UINT   | 2304;
     public static final int TLV_TYPE_PROCESS_ARGUMENTS  = TLVPacket.TLV_META_TYPE_STRING | 2305;
+    public static final int TLV_TYPE_PROCESS_ARGUMENT   = TLVPacket.TLV_META_TYPE_STRING | 2310;
 
     public static final int TLV_TYPE_IMAGE_FILE        = TLVPacket.TLV_META_TYPE_STRING | 2400;
     public static final int TLV_TYPE_IMAGE_FILE_PATH   = TLVPacket.TLV_META_TYPE_STRING | 2401;

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java

@@ -7,31 +7,42 @@ import com.metasploit.meterpreter.TLVType;
 import com.metasploit.meterpreter.command.Command;
 
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
 public class stdapi_sys_process_execute implements Command {
 
     private static final int PROCESS_EXECUTE_FLAG_CHANNELIZED = (1 << 1);
+    private static final int PROCESS_EXECUTE_FLAG_ARG_ARRAY = (1 << 8);
 
     private static int pid = 0;
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        StringBuilder cmdbuf = new StringBuilder();
         String cmd = request.getStringValue(TLVType.TLV_TYPE_PROCESS_PATH);
-        String argsString = request.getStringValue(TLVType.TLV_TYPE_PROCESS_ARGUMENTS, "");
-        int flags = request.getIntValue(TLVType.TLV_TYPE_PROCESS_FLAGS);
-
-        cmdbuf.append(cmd);
-        if (argsString.length() > 0) {
-            cmdbuf.append(" ");
-            cmdbuf.append(argsString);
-        }
-
-
         if (cmd.length() == 0) {
             return ERROR_FAILURE;
         }
 
-        Process proc = execute(cmdbuf.toString());
+        int flags = request.getIntValue(TLVType.TLV_TYPE_PROCESS_FLAGS);
+        Process proc;
+        if ((flags & PROCESS_EXECUTE_FLAG_ARG_ARRAY) != 0) {
+            List rawArgs = request.getValues(TLVType.TLV_TYPE_PROCESS_ARGUMENT);
+            ArrayList<String> args = new ArrayList<String>();
+            for (int i = 0; i < rawArgs.size(); ++i) {
+                args.add((String) rawArgs.get(i));
+            }
+            proc = execute(cmd, args);
+        } else {
+            String argsString = request.getStringValue(TLVType.TLV_TYPE_PROCESS_ARGUMENTS, "");
+            StringBuilder cmdbuf = new StringBuilder();
+            cmdbuf.append(cmd);
+            if (argsString.length() > 0) {
+                cmdbuf.append(" ");
+                cmdbuf.append(argsString);
+            }
+            proc = execute(cmdbuf.toString());
+        }
+
 
         if ((flags & PROCESS_EXECUTE_FLAG_CHANNELIZED) != 0) {
             ProcessChannel channel = new ProcessChannel(meterpreter, proc);
@@ -49,6 +60,14 @@ public class stdapi_sys_process_execute implements Command {
         return ERROR_SUCCESS;
     }
 
+    protected Process execute(String cmd, ArrayList<String> args) throws IOException {
+        ArrayList<String> cmdAndArgs = new ArrayList<String>();
+        cmdAndArgs.add(cmd);
+        cmdAndArgs.addAll(args);
+        ProcessBuilder builder = new ProcessBuilder(cmdAndArgs);
+        return builder.start();
+    }
+
     protected Process execute(String cmdstr) throws IOException {
         Process proc = Runtime.getRuntime().exec(cmdstr);
         return proc;