1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-26 23:38:35 +01:00

Land #322, fix meterpreter > ls on 4gb files

This commit is contained in:
Brent Cook 2019-02-06 17:51:58 -06:00
commit a1a38466a0
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
6 changed files with 54 additions and 47 deletions

View File

@ -7,6 +7,8 @@
#define FS_SEPARATOR "\\" #define FS_SEPARATOR "\\"
#define FS_MAX_PATH 32768 #define FS_MAX_PATH 32768
#pragma pack(push, 1)
/* /*
* Stat structures on Windows and various Unixes are all slightly different. * Stat structures on Windows and various Unixes are all slightly different.
* Use this as a means of standardization so the client has some hope of * Use this as a means of standardization so the client has some hope of
@ -14,23 +16,20 @@
*/ */
struct meterp_stat { struct meterp_stat {
uint32_t st_dev; uint32_t st_dev;
uint16_t st_ino; uint32_t st_mode;
uint16_t st_mode; uint32_t st_nlink;
uint16_t st_nlink; uint32_t st_uid;
uint16_t st_uid; uint32_t st_gid;
uint16_t st_gid;
uint16_t pad;
uint32_t st_rdev; uint32_t st_rdev;
uint32_t st_size; uint64_t st_ino;
/* uint64_t st_size;
* These are always 64-bits on Windows and usually 32-bits on Linux. Force
* them to be the same size everywhere.
*/
uint64_t st_atime; uint64_t st_atime;
uint64_t st_mtime; uint64_t st_mtime;
uint64_t st_ctime; uint64_t st_ctime;
}; };
#pragma pack(pop)
typedef void (*fs_ls_cb_t)(void *arg, char *name, char *short_name, char *path); typedef void (*fs_ls_cb_t)(void *arg, char *name, char *short_name, char *path);
int fs_chdir(const char *directory); int fs_chdir(const char *directory);

View File

@ -35,7 +35,7 @@
#define TLV_TYPE_MOUNT_SPACE_FREE MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 1212 ) #define TLV_TYPE_MOUNT_SPACE_FREE MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 1212 )
#define TLV_TYPE_MOUNT_UNCPATH MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1213 ) #define TLV_TYPE_MOUNT_UNCPATH MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1213 )
#define TLV_TYPE_STAT_BUF MAKE_CUSTOM_TLV( TLV_META_TYPE_COMPLEX, TLV_TYPE_EXTENSION_STDAPI, 1220 ) #define TLV_TYPE_STAT_BUF MAKE_CUSTOM_TLV( TLV_META_TYPE_COMPLEX, TLV_TYPE_EXTENSION_STDAPI, 1221 )
#define TLV_TYPE_SEARCH_RECURSE MAKE_CUSTOM_TLV( TLV_META_TYPE_BOOL, TLV_TYPE_EXTENSION_STDAPI, 1230 ) #define TLV_TYPE_SEARCH_RECURSE MAKE_CUSTOM_TLV( TLV_META_TYPE_BOOL, TLV_TYPE_EXTENSION_STDAPI, 1230 )
#define TLV_TYPE_SEARCH_GLOB MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1231 ) #define TLV_TYPE_SEARCH_GLOB MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 1231 )

View File

@ -81,7 +81,7 @@ public interface TLVType {
public static final int TLV_TYPE_FILE_PATH = TLVPacket.TLV_META_TYPE_STRING | 1202; public static final int TLV_TYPE_FILE_PATH = TLVPacket.TLV_META_TYPE_STRING | 1202;
public static final int TLV_TYPE_FILE_MODE = TLVPacket.TLV_META_TYPE_STRING | 1203; public static final int TLV_TYPE_FILE_MODE = TLVPacket.TLV_META_TYPE_STRING | 1203;
public static final int TLV_TYPE_FILE_HASH = TLVPacket.TLV_META_TYPE_RAW | 1206; public static final int TLV_TYPE_FILE_HASH = TLVPacket.TLV_META_TYPE_RAW | 1206;
public static final int TLV_TYPE_STAT_BUF = TLVPacket.TLV_META_TYPE_COMPLEX | 1220; public static final int TLV_TYPE_STAT_BUF = TLVPacket.TLV_META_TYPE_COMPLEX | 1221;
// Net // Net
public static final int TLV_TYPE_HOST_NAME = TLVPacket.TLV_META_TYPE_STRING | 1400; public static final int TLV_TYPE_HOST_NAME = TLVPacket.TLV_META_TYPE_STRING | 1400;

View File

@ -4,6 +4,8 @@ import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream; import java.io.DataOutputStream;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import com.metasploit.meterpreter.Meterpreter; import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket; import com.metasploit.meterpreter.TLVPacket;
@ -49,18 +51,17 @@ public class stdapi_fs_stat implements Command {
ByteArrayOutputStream statbuf = new ByteArrayOutputStream(); ByteArrayOutputStream statbuf = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(statbuf); DataOutputStream dos = new DataOutputStream(statbuf);
dos.writeInt(le(0)); // dev dos.writeInt(le(0)); // dev
dos.writeShort(short_le(0)); // ino dos.writeInt(le(mode)); // mode
dos.writeShort(short_le(mode)); // mode dos.writeInt(le(1)); // nlink
dos.writeShort(short_le(1)); // nlink dos.writeInt(le(65535)); // uid
dos.writeShort(short_le(65535)); // uid dos.writeInt(le(65535)); // gid
dos.writeShort(short_le(65535)); // gid
dos.writeShort(short_le(0)); // padding
dos.writeInt(le(0)); // rdev dos.writeInt(le(0)); // rdev
dos.writeInt(le((int) length)); // size dos.writeLong(long_le(0)); // ino
int mtime = (int) (lastModified / 1000); dos.writeLong(long_le(length)); // size
dos.writeInt(le(mtime)); // atime long mtime = (long) (lastModified / 1000);
dos.writeInt(le(mtime)); // mtime dos.writeLong(long_le(mtime)); // atime
dos.writeInt(le(mtime)); // ctime dos.writeLong(long_le(mtime)); // mtime
dos.writeLong(long_le(mtime)); // ctime
dos.writeInt(le(1024)); // blksize dos.writeInt(le(1024)); // blksize
dos.writeInt(le((int) ((length + 1023) / 1024))); // blocks dos.writeInt(le((int) ((length + 1023) / 1024))); // blocks
return statbuf.toByteArray(); return statbuf.toByteArray();
@ -86,4 +87,15 @@ public class stdapi_fs_stat implements Command {
private static int short_le(int value) { private static int short_le(int value) {
return ((value & 0xff) << 8) | ((value & 0xff00) >> 8); return ((value & 0xff) << 8) | ((value & 0xff00) >> 8);
} }
/**
* Convert a long to little endian.
*/
private static long long_le(long value) {
ByteBuffer buf = ByteBuffer.allocate(8);
buf.order(ByteOrder.BIG_ENDIAN);
buf.putLong(value);
buf.order(ByteOrder.LITTLE_ENDIAN);
return buf.getLong(0);
}
} }

View File

@ -450,13 +450,13 @@ function stdapi_fs_ls($req, &$pkt) {
$st = stat($path . DIRECTORY_SEPARATOR . $file); $st = stat($path . DIRECTORY_SEPARATOR . $file);
$st_buf = ""; $st_buf = "";
$st_buf .= pack("V", $st['dev']); $st_buf .= pack("V", $st['dev']);
$st_buf .= pack("v", $st['ino']); $st_buf .= pack("V", $st['ino']);
$st_buf .= pack("v", $st['mode']); $st_buf .= pack("V", $st['mode']);
$st_buf .= pack("v", $st['nlink']); $st_buf .= pack("V", $st['nlink']);
$st_buf .= pack("v", $st['uid']); $st_buf .= pack("V", $st['uid']);
$st_buf .= pack("v", $st['gid']); $st_buf .= pack("V", $st['gid']);
$st_buf .= pack("v", 0);
$st_buf .= pack("V", $st['rdev']); $st_buf .= pack("V", $st['rdev']);
$st_buf .= pack("V", 0);
$st_buf .= pack("V", $st['size']); $st_buf .= pack("V", $st['size']);
$st_buf .= pack("V", $st['atime']); $st_buf .= pack("V", $st['atime']);
$st_buf .= pack("V", $st['mtime']); $st_buf .= pack("V", $st['mtime']);
@ -493,19 +493,16 @@ function stdapi_fs_stat($req, &$pkt) {
if ($st) { if ($st) {
$st_buf = ""; $st_buf = "";
$st_buf .= pack("V", $st['dev']); $st_buf .= pack("V", $st['dev']);
$st_buf .= pack("v", $st['ino']); $st_buf .= pack("V", $st['mode']);
$st_buf .= pack("v", $st['mode']); $st_buf .= pack("V", $st['nlink']);
$st_buf .= pack("v", $st['nlink']); $st_buf .= pack("V", $st['uid']);
$st_buf .= pack("v", $st['uid']); $st_buf .= pack("V", $st['gid']);
$st_buf .= pack("v", $st['gid']);
$st_buf .= pack("v", 0);
$st_buf .= pack("V", $st['rdev']); $st_buf .= pack("V", $st['rdev']);
$st_buf .= pack("V", $st['size']); $st_buf .= pack("P", $st['ino']);
$st_buf .= pack("V", $st['atime']); $st_buf .= pack("P", $st['size']);
$st_buf .= pack("V", $st['mtime']); $st_buf .= pack("P", $st['atime']);
$st_buf .= pack("V", $st['ctime']); $st_buf .= pack("P", $st['mtime']);
$st_buf .= pack("V", $st['blksize']); $st_buf .= pack("P", $st['ctime']);
$st_buf .= pack("V", $st['blocks']);
packet_add_tlv($pkt, create_tlv(TLV_TYPE_STAT_BUF, $st_buf)); packet_add_tlv($pkt, create_tlv(TLV_TYPE_STAT_BUF, $st_buf));
return ERROR_SUCCESS; return ERROR_SUCCESS;
} else { } else {

View File

@ -364,7 +364,7 @@ TLV_TYPE_MOUNT_SPACE_TOTAL = TLV_META_TYPE_QWORD | 1211
TLV_TYPE_MOUNT_SPACE_FREE = TLV_META_TYPE_QWORD | 1212 TLV_TYPE_MOUNT_SPACE_FREE = TLV_META_TYPE_QWORD | 1212
TLV_TYPE_MOUNT_UNCPATH = TLV_META_TYPE_STRING | 1213 TLV_TYPE_MOUNT_UNCPATH = TLV_META_TYPE_STRING | 1213
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220 TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1221
TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230 TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230
TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231 TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231
@ -671,10 +671,9 @@ def get_stat_buffer(path):
blocks = 0 blocks = 0
if hasattr(si, 'st_blocks'): if hasattr(si, 'st_blocks'):
blocks = si.st_blocks blocks = si.st_blocks
st_buf = struct.pack('<IHHH', si.st_dev, max(min(0xffff, si.st_ino), 0), si.st_mode, si.st_nlink) st_buf = struct.pack('<III', si.st_dev, si.st_mode, si.st_nlink)
st_buf += struct.pack('<HHHI', si.st_uid & 0xffff, si.st_gid & 0xffff, 0, rdev) st_buf += struct.pack('<IIIQ', si.st_uid, si.st_gid, rdev, si.st_ino)
st_buf += struct.pack('<IIII', si.st_size, long(si.st_atime), long(si.st_mtime), long(si.st_ctime)) st_buf += struct.pack('<QQQQ', si.st_size, si.st_atime, si.st_mtime, si.st_ctime)
st_buf += struct.pack('<II', blksize, blocks)
return st_buf return st_buf
def get_token_user(handle): def get_token_user(handle):