Fix edge cases in Python and C meterpreters

2025-03-24 18:16:24 +01:00 · 2024-09-25 16:18:21 +10:00 · 2024-09-25 16:18:21 +10:00 · a470c4dc3a
commit a470c4dc3a
parent 5422a15c79
2 changed files with 12 additions and 5 deletions
--- a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
+++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c
@ -107,11 +107,14 @@ DWORD request_sys_process_close(Remote *remote, Packet *packet)

 BOOL needs_quoting(PCHAR str)
 {
-	BOOL bNeedsQuoting = FALSE;
+	// Initial value is to need quoting, in case it's an empty arg
+	BOOL bNeedsQuoting = TRUE;
 	char* pArgIndex = str;
 	// Check whether we'll need to quote the argument
 	while (*pArgIndex != '\0')
 	{
+		// The arg is not empty
+		bNeedsQuoting = FALSE;
 		if (*pArgIndex == '\v' || *pArgIndex == ' ' || *pArgIndex == '\t')
 		{
 			bNeedsQuoting = TRUE;
--- a/python/meterpreter/ext_server_stdapi.py
+++ b/python/meterpreter/ext_server_stdapi.py
@ -1435,11 +1435,15 @@ def stdapi_sys_process_execute(request, response):
            arg_string = ""
        cmd_string = cmd + ' ' + arg_string

-        # In case we're not using a subshell:
-        cmd_array = [cmd]
-        cmd_array.extend(shlex.split(arg_string))
+        if arg_string == '':
+            # Everything was just provided in a single argument. Need to split it out.
+            cmd_array = shlex.split(cmd)
+        else:
+            # In case we're not using a subshell:
+            cmd_array = [cmd]
+            cmd_array.extend(shlex.split(arg_string))

-        if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL):
+        if (flags & PROCESS_EXECUTE_FLAG_SUBSHELL) and os.path.isfile('/bin/sh'):
            cmd_array = ['/bin/sh', '-c', cmd_string]

    if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):