Java/Android and bug fix for Python/PHP

2024-12-21 05:35:54 +01:00 · 2021-08-01 17:14:58 -04:00 · 2021-08-01 17:14:58 -04:00 · 8d5a1c5c8a
commit 8d5a1c5c8a
parent af46841e62
4 changed files with 23 additions and 6 deletions
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java
@ -18,7 +18,7 @@ public class stdapi_fs_ls implements Command {
        if (pathString.contains("*")) {
            String root = path.getParent();
            String match = path.getName();
-            List entries = stdapi_fs_search.findFiles(root, match, false);
+            List entries = stdapi_fs_search.findFiles(root, match, false, 0, 0);
            for (int i = 0; i < entries.size(); i++) {
                String entry = entries.get(i).toString();
                if (entry.equals(".") || entry.equals("..")) {
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java
@ -20,6 +20,11 @@ public class stdapi_fs_search implements Command {
    private static final int TLV_TYPE_SEARCH_ROOT = TLVPacket.TLV_META_TYPE_STRING | 1232;
    private static final int TLV_TYPE_SEARCH_RESULTS = TLVPacket.TLV_META_TYPE_GROUP | 1233;

+    private static final int TLV_TYPE_SEARCH_MTIME = TLVPacket.TLV_META_TYPE_UINT | 1235;
+    private static final int TLV_TYPE_SEARCH_FROM_DATE = TLVPacket.TLV_META_TYPE_UINT | 1236;
+    private static final int TLV_TYPE_SEARCH_TO_DATE = TLVPacket.TLV_META_TYPE_UINT | 1237;
+
+
    /**
     * Simple glob implementation.
     */
@ -56,7 +61,8 @@ public class stdapi_fs_search implements Command {
        }
    }

-    public static List findFiles(String path, String mask, boolean recurse) {
+
+    public static List findFiles(String path, String mask, boolean recurse, long sd, long ed) {
        try {
            File pathfile = Loader.expand(path);
            if (!pathfile.exists() || !pathfile.isDirectory()) {
@ -76,10 +82,16 @@ public class stdapi_fs_search implements Command {
                if (recurse && file.isDirectory()
                        // don't follow links to avoid infinite recursion
                        && file.getCanonicalPath().equals(file.getAbsolutePath())) {
-                    glob.addAll(findFiles(file.getAbsolutePath(), mask, true));
+                    glob.addAll(findFiles(file.getAbsolutePath(), mask, true, sd, ed));
                }
                // Match file mask
                if (matches(file.getName(), mask)) {
+                    if ((sd > 0) && (sd > (file.lastModified()/1000))){
+                        continue;
+                    }
+                    if ((ed > 0) && (ed < (file.lastModified()/1000))){
+                        continue;
+                    }
                    glob.add(path + "/" + file.getName());
                }
            }
@ -94,13 +106,18 @@ public class stdapi_fs_search implements Command {
        String root = request.getStringValue(TLV_TYPE_SEARCH_ROOT, ".");
        String glob = request.getStringValue(TLV_TYPE_SEARCH_GLOB);
        boolean recurse = request.getBooleanValue(TLV_TYPE_SEARCH_RECURSE);
-        List files = findFiles(root, glob, recurse);
+        long sd = (long) request.getIntValue(TLV_TYPE_SEARCH_FROM_DATE);
+        long ed = (long) request.getIntValue(TLV_TYPE_SEARCH_TO_DATE);
+
+        List files = findFiles(root, glob, recurse, sd, ed);
        for (int i = 0; i < files.size(); i++) {
            File f = new File((String) files.get(i));
+            long mtime = f.lastModified()/1000;
            TLVPacket file_tlvs = new TLVPacket();
            file_tlvs.add(TLVType.TLV_TYPE_FILE_PATH, f.getParentFile().getPath());
            file_tlvs.add(TLVType.TLV_TYPE_FILE_NAME, f.getName());
            file_tlvs.add(TLV_TYPE_FILE_SIZE, (int) f.length());
+            file_tlvs.add(TLV_TYPE_SEARCH_MTIME, (int) mtime);
            response.addOverflow(TLV_TYPE_SEARCH_RESULTS, file_tlvs);
        }
        return ERROR_SUCCESS;
--- a/php/meterpreter/ext_server_stdapi.php
+++ b/php/meterpreter/ext_server_stdapi.php
@ -368,7 +368,7 @@ function safe_glob($pattern, $flags=0, $sd=0, $ed=0) {
                if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
                    && ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
                    && ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) )
-                    && ( $sd <= $mtime )
+                    && ( ($sd == 0)             || ($sd <= $mtime))
                    && ( ($ed == 0)             || ($ed >= $mtime)) )
                    $glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
            }
--- a/python/meterpreter/ext_server_stdapi.py
+++ b/python/meterpreter/ext_server_stdapi.py
@ -1527,7 +1527,7 @@ def stdapi_fs_search(request, response):
        for root, dirs, files in os.walk(search_root):
            for f in filter(lambda f: fnmatch.fnmatch(f, glob), files):
                mtime = int(os.stat(os.path.join(root, f)).st_mtime)
-                if sd > mtime:
+                if sd > 0 and sd > mtime:
                    continue
                if ed > 0 and ed < mtime:
                    continue