Fix LocalAlloc call, start on the handling of other bindings (user)

c/meterpreter/source/extensions/powershell/powershell_bindings.cpp

@@ -30,7 +30,8 @@ VOID MeterpreterInvoke(unsigned int isLocal, unsigned char* input, unsigned int
 	if (packet.partner != NULL)
 	{
 		dprintf("[PSH BINDING] Response packet generated");
-		*output = (unsigned char*)LocalAlloc(LHND, packet.partner->payloadLength);
+		// This memory is deliberately left allocated, because the .NET side will clean it up
+		*output = (unsigned char*)LocalAlloc(LPTR, packet.partner->payloadLength);
 		*outputLength = packet.partner->payloadLength;
 		memcpy(*output, packet.partner->payload, packet.partner->payloadLength);
 		packet_destroy(packet.partner);

c/meterpreter/source/extensions/powershell/powershell_runner.h

@@ -6,7 +6,7 @@
 #ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
 #define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
 
-#define PSHRUNNER_DLL_LEN 20992
+#define PSHRUNNER_DLL_LEN 22016
 
 extern unsigned char PowerShellRunnerDll[PSHRUNNER_DLL_LEN];
 

powershell/MSF.Powershell/MSF.Powershell.csproj

@@ -41,6 +41,7 @@
     <Compile Include="Meterpreter\Elevate.cs" />
     <Compile Include="Meterpreter\Enumerations.cs" />
     <Compile Include="Meterpreter\Core.cs" />
+    <Compile Include="Meterpreter\User.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Runner.cs" />
     <Compile Include="Meterpreter\Tlv.cs" />

powershell/MSF.Powershell/Meterpreter/Core.cs

@@ -53,6 +53,7 @@ namespace MSF.Powershell.Meterpreter
                 {
                     if (output != IntPtr.Zero)
                     {
+                        System.Diagnostics.Debug.Write(string.Format("[PSH BINDINGS] Freeing up memory allocated from the C++ Binding: {0:X}", output));
                         Marshal.FreeCoTaskMem(output);
                     }
                 }

powershell/MSF.Powershell/Meterpreter/Tlv.cs

@@ -44,11 +44,11 @@ namespace MSF.Powershell.Meterpreter
             }
         }
 
-        public static Dictionary<TlvType, List<object>> FromResponse(byte[] response, int length = 0)
+        public static Dictionary<TlvType, List<object>> FromResponse(byte[] response, int start = 0, int length = 0)
         {
             var dict = new Dictionary<TlvType, List<object>>();
 
-            var offset = 0;
+            var offset = start;
 
             if (length == 0)
             {
@@ -96,6 +96,13 @@ namespace MSF.Powershell.Meterpreter
                             dict[tlvType].Add(value);
                             break;
                         }
+                    case MetaType.Group:
+                        {
+                            var value = FromResponse(response, offset + 8, size);
+                            System.Diagnostics.Debug.Write(string.Format("Type {0} value is a dictionary of {1} elements", tlvType, value.Count));
+                            dict[tlvType].Add(value);
+                            break;
+                        }
                 }
 
                 offset += size;

powershell/MSF.Powershell/Meterpreter/User.cs

@@ -0,0 +1,28 @@
+namespace MSF.Powershell.Meterpreter
+{
+    public static class User
+    {
+        private const string SystemSID = "S-1-5-18";
+
+        public static string GetUid()
+        {
+            System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call GetUid");
+
+            Tlv tlv = new Tlv();
+
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_getuid"));
+
+            if (result != null)
+            {
+                var responseTlv = Tlv.FromResponse(result);
+                if (responseTlv[TlvType.Result].Count > 0 &&
+                    (int)responseTlv[TlvType.Result][0] == 0)
+                {
+                    return (string)responseTlv[TlvType.UserName][0];
+                }
+            }
+
+            return null;
+        }
+    }
+}