1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00

php doesn't reuse array indexes with [], so do some acrobatics to figure out a real channel id. fixes #4418

git-svn-id: file:///home/svn/framework3/trunk@12605 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
James Lee 2011-05-13 01:22:53 +00:00
parent 2e645a8afb
commit 6859ac11fe

View File

@ -31,7 +31,7 @@ if (!isset($GLOBALS['readers'])) {
}
function my_print($str) {
#error_log($str);
error_log($str);
}
my_print("Evaling main meterpreter stage");
@ -41,14 +41,18 @@ my_print("Evaling main meterpreter stage");
function dump_array($arr, $name=null) {
if (is_null($name)) {
my_print(sprintf("Array (%s)", count($arr)));
} else {
my_print(sprintf("$name (%s)", count($arr)));
$name = "Array";
}
my_print(sprintf("$name (%s)", count($arr)));
foreach ($arr as $key => $val) {
if (is_array($val)) {
# recurse
dump_array($val, "{$name}[{$key}]");
} else {
my_print(sprintf(" $key ($val)"));
}
}
}
function dump_readers() {
global $readers;
dump_array($readers, 'Readers');
@ -57,6 +61,10 @@ function dump_resource_map() {
global $resource_type_map;
dump_array($resource_type_map, 'Resource map');
}
function dump_channels($extra="") {
global $channels;
dump_array($channels, 'Channels '.$extra);
}
# Doesn't exist before php 4.3
@ -265,7 +273,7 @@ function core_channel_close($req, &$pkt) {
}
return ERROR_SUCCESS;
}
dump_array($channels, "Channel list after close");
dump_channels("after close");
return ERROR_FAILURE;
}
@ -377,18 +385,36 @@ function register_channel($in, $out=null, $err=null) {
global $channels;
if ($out == null) { $out = $in; }
if ($err == null) { $err = $out; }
$id = count($channels);
$channels[] = array(0 => $in, 1 => $out, 2 => $err, 'type' => get_rtype($in));
# Grab the last index and use it as the new ID.
$id = end(array_keys($channels));
my_print("Created new channel $in, with id $id");
return $id;
}
#
# Channels look like this:
#
# Array
# (
# [0] => Array
# (
# [0] => Resource id #12
# [1] => Resource id #13
# [2] => Resource id #14
# [type] => 'stream'
# )
# )
#
function get_channel_id_from_resource($resource) {
global $channels;
for ($i = 0; $i < count($channels); $i++) {
#dump_array($channels[$i], "channels[$i]");
if (in_array($resource, $channels[$i])) {
#my_print("Found channel id $i");
if (empty($channels)) {
return false;
}
foreach ($channels as $i => $chan_ary) {
if (in_array($resource, $chan_ary)) {
my_print("Found channel id $i");
return $i;
}
}
@ -397,7 +423,8 @@ function get_channel_id_from_resource($resource) {
function get_channel_by_id($chan_id) {
global $channels;
#my_print("Looking up channel id $chan_id");
my_print("Looking up channel id $chan_id");
dump_channels("in get_channel_by_id");
if (array_key_exists($chan_id, $channels)) {
return $channels[$chan_id];
} else {
@ -947,4 +974,5 @@ while (false !== ($cnt = select($r, $w=null, $e=null, 1))) {
$r = $GLOBALS['readers'];
} # end main loop
my_print("Finished");
my_print("--------------------");
close($msgsock);