Land #334, fix java/android cmd_exec and shell_command_token

2025-02-22 03:19:04 +01:00 · 2019-05-31 09:39:10 -05:00 · 2019-05-31 09:39:10 -05:00 · 74f15fc1a4
commit 74f15fc1a4
parent f74382591b 4a5e7cb220
5 changed files with 46 additions and 7 deletions
--- a/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Channel.java
+++ b/java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Channel.java
@ -66,13 +66,13 @@ public class Channel {
     * @param maxLength The maximum number of bytes to read.
     * @return The bytes read, or <code>null</code> if the end of the stream has been reached.
     */
-    public synchronized byte[] read(int maxLength) throws IOException, InterruptedException {
+    public synchronized byte[] read(int maxLength) {
        if (closed)
            return null;
        if (active)
            throw new IllegalStateException("Cannot read; currently interacting with this channel");
-        while (!waiting || (toRead != null && toRead.length == 0))
-            wait();
+        if (!waiting || (toRead != null && toRead.length == 0))
+            return new byte[0];
        if (toRead == null)
            return null;
        byte[] result = new byte[Math.min(toRead.length, maxLength)];
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/ProcessChannel.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/ProcessChannel.java
@ -3,9 +3,6 @@ package com.metasploit.meterpreter;
 import java.io.IOException;
 import java.io.InputStream;

-import com.metasploit.meterpreter.Channel;
-import com.metasploit.meterpreter.Meterpreter;
-
 /**
 * A channel for a started {@link Process}.
 *
@ -26,7 +23,7 @@ public class ProcessChannel extends Channel {
        super(meterpreter, process.getInputStream(), process.getOutputStream());
        this.process = process;
        this.err = process.getErrorStream();
-        new InteractThread(err).start();
+        new StderrThread(err).start();
    }

    public void close() throws IOException {
@ -34,4 +31,29 @@ public class ProcessChannel extends Channel {
        err.close();
        super.close();
    }
+
+    class StderrThread extends Thread {
+        private final InputStream stream;
+
+        public StderrThread(InputStream stream) {
+            this.stream = stream;
+        }
+
+        public void run() {
+            try {
+                byte[] buffer = new byte[1024*1024];
+                int len;
+                while ((len = stream.read(buffer)) != -1) {
+                    if (len == 0)
+                        continue;
+                    byte[] data = new byte[len];
+                    System.arraycopy(buffer, 0, data, 0, len);
+                    handleInteract(data);
+                }
+            } catch (Throwable t) {
+                t.printStackTrace(meterpreter.getErrorStream());
+            }
+        }
+    }
+
 }
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/Loader.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/Loader.java
@ -49,6 +49,7 @@ public class Loader implements ExtensionLoader {
        mgr.registerCommand("stdapi_sys_config_sysinfo", stdapi_sys_config_sysinfo.class);
        mgr.registerCommand("stdapi_sys_config_localtime", stdapi_sys_config_localtime.class);
        mgr.registerCommand("stdapi_sys_process_execute", stdapi_sys_process_execute.class, V1_2, V1_3);
+        mgr.registerCommand("stdapi_sys_process_close", stdapi_sys_process_close.class);
        mgr.registerCommand("stdapi_sys_process_get_processes", stdapi_sys_process_get_processes.class, V1_2);
        mgr.registerCommand("stdapi_ui_desktop_screenshot", stdapi_ui_desktop_screenshot.class, V1_4);
        mgr.registerCommand("webcam_audio_record", webcam_audio_record.class, V1_4);
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_close.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_close.java
@ -0,0 +1,15 @@
+package com.metasploit.meterpreter.stdapi;
+
+import com.metasploit.meterpreter.*;
+import com.metasploit.meterpreter.command.Command;
+
+public class stdapi_sys_process_close implements Command {
+    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        long handle = request.getLongValue(TLVType.TLV_TYPE_HANDLE);
+        Channel channel = meterpreter.getChannel((int)handle, false);
+        if (channel instanceof ProcessChannel) {
+            channel.close();
+        }
+        return ERROR_SUCCESS;
+    }
+}
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
@ -22,6 +22,7 @@ public class stdapi_sys_process_execute implements Command {

        cmdbuf.append(cmd);
        if (argsString.length() > 0) {
+            cmdbuf.append(" ");
            cmdbuf.append(argsString);
        }