mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-01-14 17:37:27 +01:00
Updated init script method
This commit is contained in:
OJ
parent
c692e76332
commit
29c8639025
131
c/meterpreter/source/extensions/python/python_commands.c
Normal file → Executable file
131
c/meterpreter/source/extensions/python/python_commands.c
Normal file → Executable file
@ -9,11 +9,6 @@
|
||||
#include "python_meterpreter_binding.h"
|
||||
#include "Resource Files/python_core.rh"
|
||||
|
||||
///! @brief List of valid python code types for loading
|
||||
#define PY_CODE_TYPE_STRING 0
|
||||
#define PY_CODE_TYPE_PY 1
|
||||
#define PY_CODE_TYPE_PYC 2
|
||||
|
||||
///! @brief Struct that contains pointer to init function and name.
|
||||
typedef struct _InitFunc
|
||||
{
|
||||
@ -413,6 +408,69 @@ DWORD request_python_reset(Remote* remote, Packet* packet)
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
VOID python_execute(CHAR* modName, LPBYTE pythonCode, DWORD codeLength, UINT codeType, CHAR* resultVar, Packet* responsePacket)
|
||||
{
|
||||
PyObject* mainModule = PyImport_AddModule("__main__");
|
||||
PyObject* mainDict = PyModule_GetDict(mainModule);
|
||||
|
||||
if (pythonCode != NULL)
|
||||
{
|
||||
if (codeType == PY_CODE_TYPE_STRING)
|
||||
{
|
||||
dprintf("[PYTHON] attempting to run string: %s", pythonCode);
|
||||
|
||||
PyRun_SimpleString(pythonCode);
|
||||
}
|
||||
else
|
||||
{
|
||||
dprintf("[PYTHON] module name: %s", modName);
|
||||
if (modName)
|
||||
{
|
||||
PyObject* pyModName = PyString_FromString(modName);
|
||||
PyModule_AddObject(mainModule, "met_mod_name", pyModName);
|
||||
}
|
||||
|
||||
if (codeType == PY_CODE_TYPE_PY)
|
||||
{
|
||||
dprintf("[PYTHON] importing .py file");
|
||||
|
||||
PyObject* pyModBody = PyString_FromString(pythonCode);
|
||||
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
|
||||
}
|
||||
else
|
||||
{
|
||||
dprintf("[PYTHON] importing .pyc file");
|
||||
// must be a pyc file
|
||||
PyObject* pyModBody = PyString_FromStringAndSize(pythonCode, codeLength);
|
||||
dprintf("[PYTHON] myModBody %p: %s", pyModBody, pyModBody->ob_type->tp_name);
|
||||
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
|
||||
}
|
||||
|
||||
dprintf("[PYTHON] executing import, GO GO GO !");
|
||||
PyRun_SimpleString("met_import_code()");
|
||||
}
|
||||
|
||||
if (resultVar && responsePacket)
|
||||
{
|
||||
PyObject* result = PyDict_GetItemString(mainDict, resultVar);
|
||||
if (result != NULL)
|
||||
{
|
||||
if (PyString_Check(result))
|
||||
{
|
||||
// result is already a string
|
||||
packet_add_tlv_string(responsePacket, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(result));
|
||||
}
|
||||
else
|
||||
{
|
||||
PyObject* resultStr = PyObject_Str(result);
|
||||
packet_add_tlv_string(responsePacket, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(resultStr));
|
||||
Py_DECREF(resultStr);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*!
|
||||
* @brief Execute a block of python given in a string and return the result/output.
|
||||
* @param remote Pointer to the \c Remote making the request.
|
||||
@ -430,65 +488,12 @@ DWORD request_python_execute(Remote* remote, Packet* packet)
|
||||
|
||||
if (pythonCode != NULL)
|
||||
{
|
||||
UINT codeType = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_TYPE);
|
||||
UINT codeType = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_TYPE);
|
||||
CHAR* modName = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_NAME);
|
||||
UINT pythonCodeLength = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_LEN);
|
||||
CHAR* resultVar = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_RESULT_VAR);
|
||||
python_execute(modName, pythonCode, pythonCodeLength, codeType, resultVar, response);
|
||||
|
||||
if (codeType == PY_CODE_TYPE_STRING)
|
||||
{
|
||||
dprintf("[PYTHON] attempting to run string: %s", pythonCode);
|
||||
|
||||
PyRun_SimpleString(pythonCode);
|
||||
}
|
||||
else
|
||||
{
|
||||
CHAR* modName = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_NAME);
|
||||
dprintf("[PYTHON] module name: %s", modName);
|
||||
if (modName)
|
||||
{
|
||||
PyObject* pyModName = PyString_FromString(modName);
|
||||
PyModule_AddObject(mainModule, "met_mod_name", pyModName);
|
||||
}
|
||||
|
||||
if (codeType == PY_CODE_TYPE_PY)
|
||||
{
|
||||
dprintf("[PYTHON] importing .py file");
|
||||
|
||||
PyObject* pyModBody = PyString_FromString(pythonCode);
|
||||
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
|
||||
}
|
||||
else
|
||||
{
|
||||
dprintf("[PYTHON] importing .pyc file");
|
||||
// must be a pyc file
|
||||
UINT pythonCodeLength = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_LEN);
|
||||
PyObject* pyModBody = PyString_FromStringAndSize(pythonCode, pythonCodeLength);
|
||||
dprintf("[PYTHON] myModBody %p: %s", pyModBody, pyModBody->ob_type->tp_name);
|
||||
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
|
||||
}
|
||||
|
||||
dprintf("[PYTHON] executing import, GO GO GO !");
|
||||
PyRun_SimpleString("met_import_code()");
|
||||
}
|
||||
|
||||
CHAR* resultVar = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_RESULT_VAR);
|
||||
if (resultVar)
|
||||
{
|
||||
PyObject* result = PyDict_GetItemString(mainDict, resultVar);
|
||||
if (result != NULL)
|
||||
{
|
||||
if (PyString_Check(result))
|
||||
{
|
||||
// result is already a string
|
||||
packet_add_tlv_string(response, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(result));
|
||||
}
|
||||
else
|
||||
{
|
||||
PyObject* resultStr = PyObject_Str(result);
|
||||
packet_add_tlv_string(response, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(resultStr));
|
||||
Py_DECREF(resultStr);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dump_to_packet(stderrBuffer, response, TLV_TYPE_EXTENSION_PYTHON_STDERR);
|
||||
clear_std_handler(stderrBuffer);
|
||||
dump_to_packet(stdoutBuffer, response, TLV_TYPE_EXTENSION_PYTHON_STDOUT);
|
||||
|
||||
6
c/meterpreter/source/extensions/python/python_commands.h
Normal file → Executable file
6
c/meterpreter/source/extensions/python/python_commands.h
Normal file → Executable file
@ -6,9 +6,15 @@
|
||||
#define _METERPRETER_SOURCE_EXTENSION_PYTHON_PYTHON_COMMANDS
|
||||
|
||||
#include "../../common/common.h"
|
||||
|
||||
///! @brief List of valid python code types for loading
|
||||
#define PY_CODE_TYPE_STRING 0
|
||||
#define PY_CODE_TYPE_PY 1
|
||||
#define PY_CODE_TYPE_PYC 2
|
||||
|
||||
VOID python_prepare_session();
|
||||
VOID python_destroy_session();
|
||||
VOID python_execute(CHAR* modName, LPBYTE pythonCode, DWORD codeLength, UINT codeType, CHAR* resultVar, Packet* responsePacket);
|
||||
|
||||
DWORD request_python_reset(Remote* remote, Packet* packet);
|
||||
DWORD request_python_execute(Remote* remote, Packet* packet);
|
||||
|
||||
3
c/meterpreter/source/extensions/python/python_main.c
Normal file → Executable file
3
c/meterpreter/source/extensions/python/python_main.c
Normal file → Executable file
@ -119,6 +119,7 @@ DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
|
||||
*/
|
||||
DWORD __declspec(dllexport) StagelessInit(const LPBYTE buffer, DWORD bufferSize)
|
||||
{
|
||||
PyRun_SimpleString((LPCSTR)buffer);
|
||||
dprintf("[PYTHON] Executing stagless script:\n%s", (LPCSTR)buffer);
|
||||
python_execute(NULL, (LPSTR)buffer, bufferSize, PY_CODE_TYPE_PY, NULL, NULL);
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user