github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-08 14:36:22 +01:00
Code Releases Activity

Land #322, fix meterpreter > ls on 4gb files

Browse Source
This commit is contained in:
Brent Cook 2019-02-06 17:51:58 -06:00
commit a1a38466a0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
6 changed files with 54 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
c/meterpreter/source/extensions/stdapi/server/fs/fs_local.h
View File

@ -7,6 +7,8 @@
#define FS_SEPARATOR "\\"
#define FS_MAX_PATH 32768
#pragma pack(push, 1)
/*
* Stat structures on Windows and various Unixes are all slightly different.
* Use this as a means of standardization so the client has some hope of
@ -14,23 +16,20 @@
*/
struct meterp_stat {
uint32_t st_dev;
uint16_t st_ino;
uint16_t st_mode;
uint16_t st_nlink;
uint16_t st_uid;
uint16_t st_gid;
uint16_t pad;
uint32_t st_mode;
uint32_t st_nlink;
uint32_t st_uid;
uint32_t st_gid;
uint32_t st_rdev;
uint32_t st_size;
/*
* These are always 64-bits on Windows and usually 32-bits on Linux. Force
* them to be the same size everywhere.
*/
uint64_t st_ino;
uint64_t st_size;
uint64_t st_atime;
uint64_t st_mtime;
uint64_t st_ctime;
};
#pragma pack(pop)
typedef void (*fs_ls_cb_t)(void *arg, char *name, char *short_name, char *path);
int fs_chdir(const char *directory);

2
c/meterpreter/source/extensions/stdapi/stdapi.h
View File

@ -35,7 +35,7 @@
#define TLV_TYPE_MOUNT_SPACE_FREE MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 1212 )
#define TLV_TYPE_MOUNT_UNCPATH MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1213 )
#define TLV_TYPE_STAT_BUF MAKE_CUSTOM_TLV( TLV_META_TYPE_COMPLEX, TLV_TYPE_EXTENSION_STDAPI, 1220 )
#define TLV_TYPE_STAT_BUF MAKE_CUSTOM_TLV( TLV_META_TYPE_COMPLEX, TLV_TYPE_EXTENSION_STDAPI, 1221 )
#define TLV_TYPE_SEARCH_RECURSE MAKE_CUSTOM_TLV( TLV_META_TYPE_BOOL, TLV_TYPE_EXTENSION_STDAPI, 1230 )
#define TLV_TYPE_SEARCH_GLOB MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1231 )

2
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java
View File

@ -81,7 +81,7 @@ public interface TLVType {
public static final int TLV_TYPE_FILE_PATH = TLVPacket.TLV_META_TYPE_STRING | 1202;
public static final int TLV_TYPE_FILE_MODE = TLVPacket.TLV_META_TYPE_STRING | 1203;
public static final int TLV_TYPE_FILE_HASH = TLVPacket.TLV_META_TYPE_RAW | 1206;
public static final int TLV_TYPE_STAT_BUF = TLVPacket.TLV_META_TYPE_COMPLEX | 1220;
public static final int TLV_TYPE_STAT_BUF = TLVPacket.TLV_META_TYPE_COMPLEX | 1221;
// Net
public static final int TLV_TYPE_HOST_NAME = TLVPacket.TLV_META_TYPE_STRING | 1400;

34
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_stat.java
View File

@ -4,6 +4,8 @@ import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
@ -49,18 +51,17 @@ public class stdapi_fs_stat implements Command {
ByteArrayOutputStream statbuf = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(statbuf);
dos.writeInt(le(0)); // dev
dos.writeShort(short_le(0)); // ino
dos.writeShort(short_le(mode)); // mode
dos.writeShort(short_le(1)); // nlink
dos.writeShort(short_le(65535)); // uid
dos.writeShort(short_le(65535)); // gid
dos.writeShort(short_le(0)); // padding
dos.writeInt(le(mode)); // mode
dos.writeInt(le(1)); // nlink
dos.writeInt(le(65535)); // uid
dos.writeInt(le(65535)); // gid
dos.writeInt(le(0)); // rdev
dos.writeInt(le((int) length)); // size
int mtime = (int) (lastModified / 1000);
dos.writeInt(le(mtime)); // atime
dos.writeInt(le(mtime)); // mtime
dos.writeInt(le(mtime)); // ctime
dos.writeLong(long_le(0)); // ino
dos.writeLong(long_le(length)); // size
long mtime = (long) (lastModified / 1000);
dos.writeLong(long_le(mtime)); // atime
dos.writeLong(long_le(mtime)); // mtime
dos.writeLong(long_le(mtime)); // ctime
dos.writeInt(le(1024)); // blksize
dos.writeInt(le((int) ((length + 1023) / 1024))); // blocks
return statbuf.toByteArray();
@ -86,4 +87,15 @@ public class stdapi_fs_stat implements Command {
private static int short_le(int value) {
return ((value & 0xff) << 8) | ((value & 0xff00) >> 8);
}
/**
* Convert a long to little endian.
*/
private static long long_le(long value) {
ByteBuffer buf = ByteBuffer.allocate(8);
buf.order(ByteOrder.BIG_ENDIAN);
buf.putLong(value);
buf.order(ByteOrder.LITTLE_ENDIAN);
return buf.getLong(0);
}
}

33
php/meterpreter/ext_server_stdapi.php
View File

@ -450,13 +450,13 @@ function stdapi_fs_ls($req, &$pkt) {
$st = stat($path . DIRECTORY_SEPARATOR . $file);
$st_buf = "";
$st_buf .= pack("V", $st['dev']);
$st_buf .= pack("v", $st['ino']);
$st_buf .= pack("v", $st['mode']);
$st_buf .= pack("v", $st['nlink']);
$st_buf .= pack("v", $st['uid']);
$st_buf .= pack("v", $st['gid']);
$st_buf .= pack("v", 0);
$st_buf .= pack("V", $st['ino']);
$st_buf .= pack("V", $st['mode']);
$st_buf .= pack("V", $st['nlink']);
$st_buf .= pack("V", $st['uid']);
$st_buf .= pack("V", $st['gid']);
$st_buf .= pack("V", $st['rdev']);
$st_buf .= pack("V", 0);
$st_buf .= pack("V", $st['size']);
$st_buf .= pack("V", $st['atime']);
$st_buf .= pack("V", $st['mtime']);
@ -493,19 +493,16 @@ function stdapi_fs_stat($req, &$pkt) {
if ($st) {
$st_buf = "";
$st_buf .= pack("V", $st['dev']);
$st_buf .= pack("v", $st['ino']);
$st_buf .= pack("v", $st['mode']);
$st_buf .= pack("v", $st['nlink']);
$st_buf .= pack("v", $st['uid']);
$st_buf .= pack("v", $st['gid']);
$st_buf .= pack("v", 0);
$st_buf .= pack("V", $st['mode']);
$st_buf .= pack("V", $st['nlink']);
$st_buf .= pack("V", $st['uid']);
$st_buf .= pack("V", $st['gid']);
$st_buf .= pack("V", $st['rdev']);
$st_buf .= pack("V", $st['size']);
$st_buf .= pack("V", $st['atime']);
$st_buf .= pack("V", $st['mtime']);
$st_buf .= pack("V", $st['ctime']);
$st_buf .= pack("V", $st['blksize']);
$st_buf .= pack("V", $st['blocks']);
$st_buf .= pack("P", $st['ino']);
$st_buf .= pack("P", $st['size']);
$st_buf .= pack("P", $st['atime']);
$st_buf .= pack("P", $st['mtime']);
$st_buf .= pack("P", $st['ctime']);
packet_add_tlv($pkt, create_tlv(TLV_TYPE_STAT_BUF, $st_buf));
return ERROR_SUCCESS;
} else {

9
python/meterpreter/ext_server_stdapi.py
View File

@ -364,7 +364,7 @@ TLV_TYPE_MOUNT_SPACE_TOTAL = TLV_META_TYPE_QWORD | 1211
TLV_TYPE_MOUNT_SPACE_FREE = TLV_META_TYPE_QWORD | 1212
TLV_TYPE_MOUNT_UNCPATH = TLV_META_TYPE_STRING | 1213
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1221
TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230
TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231
@ -671,10 +671,9 @@ def get_stat_buffer(path):
blocks = 0
if hasattr(si, 'st_blocks'):
blocks = si.st_blocks
st_buf = struct.pack('<IHHH', si.st_dev, max(min(0xffff, si.st_ino), 0), si.st_mode, si.st_nlink)
st_buf += struct.pack('<HHHI', si.st_uid & 0xffff, si.st_gid & 0xffff, 0, rdev)
st_buf += struct.pack('<IIII', si.st_size, long(si.st_atime), long(si.st_mtime), long(si.st_ctime))
st_buf += struct.pack('<II', blksize, blocks)
st_buf = struct.pack('<III', si.st_dev, si.st_mode, si.st_nlink)
st_buf += struct.pack('<IIIQ', si.st_uid, si.st_gid, rdev, si.st_ino)
st_buf += struct.pack('<QQQQ', si.st_size, si.st_atime, si.st_mtime, si.st_ctime)
return st_buf
def get_token_user(handle):