stdapi_fs_file_copy

c/meterpreter/source/extensions/stdapi/server/fs/file.c

@@ -381,7 +381,7 @@ DWORD request_fs_sha1(Remote *remote, Packet *packet)
 }
 
 /*
- * Copies source file path to destination
+ * Moves source file path to destination
  *
  * req: TLV_TYPE_FILE_PATH - The file path to expand
  */
@@ -403,3 +403,27 @@ DWORD request_fs_file_move(Remote *remote, Packet *packet)
 
 	return packet_transmit_response(result, remote, response);
 }
+
+/*
+ * Copies source file path to destination
+ *
+ * req: TLV_TYPE_FILE_PATH - The file path to expand
+ */
+DWORD request_fs_file_copy(Remote *remote, Packet *packet)
+{
+	Packet *response = packet_create_response(packet);
+	DWORD result = ERROR_SUCCESS;
+	char *oldpath;
+	char *newpath;
+
+	oldpath = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_NAME);
+	newpath = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_PATH);
+
+	if (!oldpath) {
+		result = ERROR_INVALID_PARAMETER;
+	} else {
+		result = fs_copy(oldpath, newpath);
+	}
+
+	return packet_transmit_response(result, remote, response);
+}

c/meterpreter/source/extensions/stdapi/server/fs/fs.h

@@ -21,6 +21,7 @@ DWORD request_fs_search( Remote * remote, Packet * packet );
 DWORD request_fs_md5(Remote *remote, Packet *packet);
 DWORD request_fs_sha1(Remote *remote, Packet *packet);
 DWORD request_fs_file_move(Remote *remote, Packet *packet);
+DWORD request_fs_file_copy(Remote *remote, Packet *packet);
 DWORD request_fs_mount_show(Remote *remote, Packet *packet);
 
 /*

c/meterpreter/source/extensions/stdapi/server/fs/fs_local.h

@@ -59,6 +59,8 @@ int fs_mkdir(const char *directory);
 
 int fs_move(const char *oldpath, const char *newpath);
 
+int fs_copy(const char *oldpath, const char *newpath);
+
 /*
  * Fills the platform-independent meterp_stat buf with data from the
  * platform-dependent stat()

c/meterpreter/source/extensions/stdapi/server/fs/fs_posix.c

@@ -102,6 +102,35 @@ int fs_move(const char *oldpath, const char *newpath)
 	return ERROR_SUCCESS;
 }
 
+int fs_copy(const char *oldpath, const char *newpath)
+{
+	FILE* f1 = fopen(oldpath, "rb");
+	if (f1 == NULL) {
+		return ERROR_INVALID_PARAMETER;
+	}
+
+	FILE* f2 = fopen(newpath, "wb");
+	if (f2 == NULL) {
+		fclose(f1);
+		return ERROR_INVALID_PARAMETER;
+	}
+
+	char buffer[4096];
+	size_t n;
+	while ((n = fread(buffer, sizeof(char), sizeof(buffer), f1)) > 0)
+	{
+		if (fwrite(buffer, sizeof(char), n, f2) != n) {
+			fclose(f1);
+			fclose(f2);
+			return -1;
+		}
+	}
+
+	fclose(f1);
+	fclose(f2);
+	return ERROR_SUCCESS;
+}
+
 int fs_stat(char *filename, struct meterp_stat *buf)
 {
 	struct stat sbuf;

c/meterpreter/source/extensions/stdapi/server/fs/fs_win.c

@@ -214,6 +214,27 @@ out:
 	return rc;
 }
 
+int fs_copy(const char *oldpath, const char *newpath)
+{
+	int rc = ERROR_SUCCESS;
+	wchar_t *old_w = utf8_to_wchar(oldpath);
+	wchar_t *new_w = utf8_to_wchar(newpath);
+
+	if ((old_w == NULL) || (new_w == NULL)) {
+		rc = GetLastError();
+		goto out;
+	}
+
+	if (CopyFileW(old_w, new_w, 0) == 0) {
+		rc = GetLastError();
+	}
+
+out:
+	free(old_w);
+	free(new_w);
+	return rc;
+}
+
 int fs_mkdir(const char *directory)
 {
 	int rc = ERROR_SUCCESS;

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -42,6 +42,7 @@ Command customCommands[] =
 	COMMAND_REQ("stdapi_fs_stat", request_fs_stat),
 	COMMAND_REQ("stdapi_fs_file_expand_path", request_fs_file_expand_path),
 	COMMAND_REQ("stdapi_fs_file_move", request_fs_file_move),
+	COMMAND_REQ("stdapi_fs_file_copy", request_fs_file_copy),
 	COMMAND_REQ("stdapi_fs_md5", request_fs_md5),
 	COMMAND_REQ("stdapi_fs_sha1", request_fs_sha1),
 #ifdef _WIN32

java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java

@@ -110,6 +110,7 @@ public class AndroidMeterpreter extends Meterpreter {
         mgr.registerCommand("stdapi_fs_delete_file", stdapi_fs_delete_file.class);
         mgr.registerCommand("stdapi_fs_file_expand_path", stdapi_fs_file_expand_path_android.class);
         mgr.registerCommand("stdapi_fs_file_move", stdapi_fs_file_move.class);
+        mgr.registerCommand("stdapi_fs_file_copy", stdapi_fs_file_copy.class);
         mgr.registerCommand("stdapi_fs_getwd", stdapi_fs_getwd.class);
         mgr.registerCommand("stdapi_fs_ls", stdapi_fs_ls.class);
         mgr.registerCommand("stdapi_fs_mkdir", stdapi_fs_mkdir.class);

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/Loader.java

@@ -32,6 +32,7 @@ public class Loader implements ExtensionLoader {
         mgr.registerCommand("stdapi_fs_delete_file", stdapi_fs_delete_file.class);
         mgr.registerCommand("stdapi_fs_file_expand_path", stdapi_fs_file_expand_path.class, V1_2, V1_5); // %COMSPEC% only
         mgr.registerCommand("stdapi_fs_file_move", stdapi_fs_file_move.class);
+        mgr.registerCommand("stdapi_fs_file_copy", stdapi_fs_file_copy.class);
         mgr.registerCommand("stdapi_fs_getwd", stdapi_fs_getwd.class);
         mgr.registerCommand("stdapi_fs_ls", stdapi_fs_ls.class);
         mgr.registerCommand("stdapi_fs_mkdir", stdapi_fs_mkdir.class);

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_file_copy.java

@@ -0,0 +1,32 @@
+package com.metasploit.meterpreter.stdapi;
+
+import com.metasploit.meterpreter.Meterpreter;
+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+import com.metasploit.meterpreter.command.Command;
+
+import java.io.*;
+
+public class stdapi_fs_file_copy implements Command {
+
+    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        String oldpath = request.getStringValue(TLVType.TLV_TYPE_FILE_NAME);
+        String path = request.getStringValue(TLVType.TLV_TYPE_FILE_PATH);
+        File file = Loader.expand(oldpath);
+        File dest = Loader.expand(path);
+        if (!file.exists() || !file.isFile()) {
+            throw new IOException("File not found: " + path);
+        }
+
+        InputStream in = new FileInputStream(file);
+        OutputStream out = new FileOutputStream(dest);
+        byte[] buf = new byte[4096];
+        int len;
+        while ((len = in.read(buf)) > 0) {
+            out.write(buf, 0, len);
+        }
+        in.close();
+        out.close();
+        return ERROR_SUCCESS;
+    }
+}

php/meterpreter/ext_server_stdapi.php

@@ -387,6 +387,20 @@ function stdapi_fs_file_move($req, &$pkt) {
 }
 }
 
+# works
+if (!function_exists('stdapi_fs_file_copy')) {
+register_command('stdapi_fs_file_copy');
+function stdapi_fs_file_copy($req, &$pkt) {
+    my_print("doing cp");
+    $old_file_tlv = packet_get_tlv($req, TLV_TYPE_FILE_NAME);
+    $new_file_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
+    $old_file = cononicalize_path($old_file_tlv['value']);
+    $new_file = cononicalize_path($new_file_tlv['value']);
+    $ret = @copy($old_file, $new_file);
+    return $ret ? ERROR_SUCCESS : ERROR_FAILURE;
+}
+}
+
 # works
 if (!function_exists('stdapi_fs_getwd')) {
 register_command('stdapi_fs_getwd');

python/meterpreter/ext_server_stdapi.py

@@ -999,6 +999,13 @@ def stdapi_fs_file_move(request, response):
 	os.rename(unicode(oldname), unicode(newname))
 	return ERROR_SUCCESS, response
 
+@meterpreter.register_function
+def stdapi_fs_file_copy(request, response):
+	oldname = packet_get_tlv(request, TLV_TYPE_FILE_NAME)['value']
+	newname = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
+	shutil.copy(unicode(oldname), unicode(newname))
+	return ERROR_SUCCESS, response
+
 @meterpreter.register_function
 def stdapi_fs_getwd(request, response):
 	if hasattr(os, 'getcwdu'):