1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00

Squashed commit of the following:

commit 9afece529a33739a088c9c4d10b76dd52f23b99e
Author: Michael Schierl <schierlm@gmx.de>
Date:   Thu Apr 12 17:58:12 2012 +0200

    fix cat ... command by making stdapi_fs_stat return a sensible result

[Closes #330]
This commit is contained in:
Michael Schierl 2012-04-16 12:24:54 -06:00 committed by James Lee
parent 22224d0558
commit 9dd7c213fa
2 changed files with 25 additions and 5 deletions

View File

@ -267,6 +267,15 @@ public class Meterpreter {
return err;
}
/**
* Return the length of the currently buffered error stream content, or <code>-1</code> if no buffering is active.
*/
public int getErrorBufferLength() {
if (errBuffer == null)
return -1;
return errBuffer.size();
}
/**
* Return the currently buffered error stream content, or <code>null</code> if no buffering is active.
*/
@ -315,4 +324,4 @@ public class Meterpreter {
ExtensionLoader loader = (ExtensionLoader) classLoader.loadClass(loaderName).newInstance();
loader.load(commandManager);
}
}
}

View File

@ -14,6 +14,13 @@ public class stdapi_fs_stat implements Command {
public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
String path = request.getStringValue(TLVType.TLV_TYPE_FILE_PATH);
if (path.equals("...")) {
long length = meterpreter.getErrorBufferLength();
if (length != -1) {
response.add(TLVType.TLV_TYPE_STAT_BUF, stat(0444 | 0100000, length, System.currentTimeMillis()));
return ERROR_SUCCESS;
}
}
File file = new File(path);
if (!file.exists())
file = Loader.expand(path);
@ -24,24 +31,28 @@ public class stdapi_fs_stat implements Command {
}
public byte[] stat(File file) throws IOException {
int mode = (file.canRead() ? 0444 : 0) | (file.canWrite() ? 0222 : 0) | (canExecute(file) ? 0110 : 0) | (file.isHidden() ? 1 : 0) | (file.isDirectory() ? 040000 : 0) | (file.isFile() ? 0100000 : 0);
return stat(mode, file.length(), file.lastModified());
}
private byte[] stat(int mode, long length, long lastModified) throws IOException {
ByteArrayOutputStream statbuf = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(statbuf);
dos.writeInt(le(0)); // dev
dos.writeShort(short_le(0)); // ino
int mode = (file.canRead() ? 0444 : 0) | (file.canWrite() ? 0222 : 0) | (canExecute(file) ? 0110 : 0) | (file.isHidden() ? 1 : 0) | (file.isDirectory() ? 040000 : 0) | (file.isFile() ? 0100000 : 0);
dos.writeShort(short_le(mode)); // mode
dos.writeShort(short_le(1)); // nlink
dos.writeShort(short_le(65535)); // uid
dos.writeShort(short_le(65535)); // gid
dos.writeShort(short_le(0)); // padding
dos.writeInt(le(0)); // rdev
dos.writeInt(le((int) file.length())); // size
int mtime = (int) (file.lastModified() / 1000);
dos.writeInt(le((int) length)); // size
int mtime = (int) (lastModified / 1000);
dos.writeInt(le(mtime)); // atime
dos.writeInt(le(mtime)); // mtime
dos.writeInt(le(mtime)); // ctime
dos.writeInt(le(1024)); // blksize
dos.writeInt(le((int) ((file.length() + 1023) / 1024))); // blocks
dos.writeInt(le((int) ((length + 1023) / 1024))); // blocks
return statbuf.toByteArray();
}