github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-24 18:16:24 +01:00
Code Releases Activity

Land , fix wildcard handling in Java meterpreter

Browse Source
This commit is contained in:
Brent Cook 2020-04-08 04:10:13 -05:00
commit a27f7c0388
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 24 additions and 2 deletions
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi
stdapi_fs_ls.javastdapi_fs_search.java

24
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java

@ -1,6 +1,7 @@
package com.metasploit.meterpreter.stdapi; package com.metasploit.meterpreter.stdapi;
import java.io.File; import java.io.File;
import java.util.List;
import com.metasploit.meterpreter.Meterpreter; import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket; import com.metasploit.meterpreter.TLVPacket;
@ -8,9 +9,30 @@ import com.metasploit.meterpreter.TLVType;
import com.metasploit.meterpreter.command.Command; import com.metasploit.meterpreter.command.Command;
public class stdapi_fs_ls implements Command { public class stdapi_fs_ls implements Command {
public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception { public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
stdapi_fs_stat statCommand = (stdapi_fs_stat) meterpreter.getCommandManager().getCommand("stdapi_fs_stat"); stdapi_fs_stat statCommand = (stdapi_fs_stat) meterpreter.getCommandManager().getCommand("stdapi_fs_stat");
File path = Loader.expand(request.getStringValue(TLVType.TLV_TYPE_DIRECTORY_PATH)); String pathString = request.getStringValue(TLVType.TLV_TYPE_DIRECTORY_PATH);
File path = Loader.expand(pathString);
if (pathString.contains("*")) {
String root = path.getParent();
String match = path.getName();
List entries = stdapi_fs_search.findFiles(root, match, false);
for (int i = 0; i < entries.size(); i++) {
String entry = entries.get(i).toString();
if (entry.equals(".") || entry.equals(".."))
continue;
File f = new File(entry);
String pathEntry = entry;
if (pathEntry.startsWith(root)) {
pathEntry = pathEntry.substring(root.length() + 1);
}
response.addOverflow(TLVType.TLV_TYPE_FILE_NAME, f.getName());
response.addOverflow(TLVType.TLV_TYPE_FILE_PATH, pathEntry);
response.addOverflow(TLVType.TLV_TYPE_STAT_BUF, statCommand.stat(f));
}
return ERROR_SUCCESS;
}
String[] entries = path.list(); String[] entries = path.list();
for (int i = 0; i < entries.length; i++) { for (int i = 0; i < entries.length; i++) {
if (entries[i].equals(".") || entries[i].equals("..")) if (entries[i].equals(".") || entries[i].equals(".."))

2
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java

@ -52,7 +52,7 @@ public class stdapi_fs_search implements Command {
} }
} }
private List findFiles(String path, String mask, boolean recurse) { public static List findFiles(String path, String mask, boolean recurse) {
try { try {
File pathfile = Loader.expand(path); File pathfile = Loader.expand(path);
if (!pathfile.exists() || !pathfile.isDirectory()) { if (!pathfile.exists() || !pathfile.isDirectory()) {