Java/Android and bug fix for Python/PHP

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java

@@ -18,7 +18,7 @@ public class stdapi_fs_ls implements Command {
         if (pathString.contains("*")) {
             String root = path.getParent();
             String match = path.getName();
-            List entries = stdapi_fs_search.findFiles(root, match, false);
+            List entries = stdapi_fs_search.findFiles(root, match, false, 0, 0);
             for (int i = 0; i < entries.size(); i++) {
                 String entry = entries.get(i).toString();
                 if (entry.equals(".") || entry.equals("..")) {

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java

@@ -20,6 +20,11 @@ public class stdapi_fs_search implements Command {
     private static final int TLV_TYPE_SEARCH_ROOT = TLVPacket.TLV_META_TYPE_STRING | 1232;
     private static final int TLV_TYPE_SEARCH_RESULTS = TLVPacket.TLV_META_TYPE_GROUP | 1233;
 
+    private static final int TLV_TYPE_SEARCH_MTIME = TLVPacket.TLV_META_TYPE_UINT | 1235;
+    private static final int TLV_TYPE_SEARCH_FROM_DATE = TLVPacket.TLV_META_TYPE_UINT | 1236;
+    private static final int TLV_TYPE_SEARCH_TO_DATE = TLVPacket.TLV_META_TYPE_UINT | 1237;
+
+
     /**
      * Simple glob implementation.
      */
@@ -56,7 +61,8 @@ public class stdapi_fs_search implements Command {
         }
     }
 
-    public static List findFiles(String path, String mask, boolean recurse) {
+
+    public static List findFiles(String path, String mask, boolean recurse, long sd, long ed) {
         try {
             File pathfile = Loader.expand(path);
             if (!pathfile.exists() || !pathfile.isDirectory()) {
@@ -76,10 +82,16 @@ public class stdapi_fs_search implements Command {
                 if (recurse && file.isDirectory()
                         // don't follow links to avoid infinite recursion
                         && file.getCanonicalPath().equals(file.getAbsolutePath())) {
-                    glob.addAll(findFiles(file.getAbsolutePath(), mask, true));
+                    glob.addAll(findFiles(file.getAbsolutePath(), mask, true, sd, ed));
                 }
                 // Match file mask
                 if (matches(file.getName(), mask)) {
+                    if ((sd > 0) && (sd > (file.lastModified()/1000))){
+                        continue;
+                    }
+                    if ((ed > 0) && (ed < (file.lastModified()/1000))){
+                        continue;
+                    }
                     glob.add(path + "/" + file.getName());
                 }
             }
@@ -94,13 +106,18 @@ public class stdapi_fs_search implements Command {
         String root = request.getStringValue(TLV_TYPE_SEARCH_ROOT, ".");
         String glob = request.getStringValue(TLV_TYPE_SEARCH_GLOB);
         boolean recurse = request.getBooleanValue(TLV_TYPE_SEARCH_RECURSE);
-        List files = findFiles(root, glob, recurse);
+        long sd = (long) request.getIntValue(TLV_TYPE_SEARCH_FROM_DATE);
+        long ed = (long) request.getIntValue(TLV_TYPE_SEARCH_TO_DATE);
+
+        List files = findFiles(root, glob, recurse, sd, ed);
         for (int i = 0; i < files.size(); i++) {
             File f = new File((String) files.get(i));
+            long mtime = f.lastModified()/1000;
             TLVPacket file_tlvs = new TLVPacket();
             file_tlvs.add(TLVType.TLV_TYPE_FILE_PATH, f.getParentFile().getPath());
             file_tlvs.add(TLVType.TLV_TYPE_FILE_NAME, f.getName());
             file_tlvs.add(TLV_TYPE_FILE_SIZE, (int) f.length());
+            file_tlvs.add(TLV_TYPE_SEARCH_MTIME, (int) mtime);
             response.addOverflow(TLV_TYPE_SEARCH_RESULTS, file_tlvs);
         }
         return ERROR_SUCCESS;

php/meterpreter/ext_server_stdapi.php

@@ -368,7 +368,7 @@ function safe_glob($pattern, $flags=0, $sd=0, $ed=0) {
                 if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
                     && ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
                     && ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) )
-                    && ( $sd <= $mtime )
+                    && ( ($sd == 0)             || ($sd <= $mtime))
                     && ( ($ed == 0)             || ($ed >= $mtime)) )
                     $glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
             }

python/meterpreter/ext_server_stdapi.py

@@ -1527,7 +1527,7 @@ def stdapi_fs_search(request, response):
         for root, dirs, files in os.walk(search_root):
             for f in filter(lambda f: fnmatch.fnmatch(f, glob), files):
                 mtime = int(os.stat(os.path.join(root, f)).st_mtime)
-                if sd > mtime:
+                if sd > 0 and sd > mtime:
                     continue
                 if ed > 0 and ed < mtime:
                     continue