github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-18 15:14:10 +01:00
Code Releases Activity

Handle discrepance of process launching on Windows between different versions of Java

Browse Source
This commit is contained in:
Ashley Donaldson 2024-10-16 17:29:41 +11:00
parent dc3021e1c0
commit f1fcfd6176
1 changed files with 70 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
View File

@ -67,70 +67,83 @@ public class stdapi_sys_process_execute implements Command {
// On Windows, Java quote-escapes _some_ arguments (like those with spaces), but doesn't deal correctly with some // On Windows, Java quote-escapes _some_ arguments (like those with spaces), but doesn't deal correctly with some
// edge cases; e.g. empty strings, strings that already have quotes. // edge cases; e.g. empty strings, strings that already have quotes.
protected String escapeArg(String arg) { protected String escapeArgWindows(String arg) {
if (arg == null) { if (arg == null) {
return null; return null;
} }
String osName = System.getProperty("os.name"); if (arg.equals("")) {
if (osName != null && osName.toLowerCase().contains("windows")) { return "\"\"";
if (arg.equals("")) { } else {
return "\"\""; StringBuilder sb = new StringBuilder();
} else { int numBackslashes = 0;
StringBuilder sb = new StringBuilder(); boolean needsQuoting = false;
int numBackslashes = 0; for (int i = 0; i < arg.length(); i++) {
boolean needsQuoting = false; char c = arg.charAt(i);
for (int i = 0; i < arg.length(); i++) { switch (c) {
char c = arg.charAt(i); case '"': {
switch (c) { for (int nb = 0; nb < numBackslashes; nb++) {
case '"': { sb.append('\\');
for (int nb = 0; nb < numBackslashes; nb++) { }
sb.append('\\'); numBackslashes = 0;
} sb.append('\\');
numBackslashes = 0; break;
sb.append('\\'); }
break; case '\\': {
} numBackslashes++;
case '\\': { break;
numBackslashes++; }
break; case ' ':
} case '\t':
case ' ': case (char)11:
case '\t': {
case (char)11: needsQuoting = true;
{ numBackslashes = 0;
needsQuoting = true; break;
numBackslashes = 0; }
break; default: {
} numBackslashes = 0;
default: { break;
numBackslashes = 0; }
break; }
} sb.append(c);
} }
sb.append(c); if (needsQuoting) {
} for (int nb = 0; nb < numBackslashes; nb++) {
if (needsQuoting) { sb.append('\\');
for (int nb = 0; nb < numBackslashes; nb++) { }
sb.append('\\'); return "\"" + sb.toString() + "\"";
} }
return "\"" + sb.toString() + "\""; return sb.toString();
}
return sb.toString();
}
} else {
return arg;
} }
} }
protected Process execute(String cmd, ArrayList<String> args) throws IOException { protected Process executeWindows(String cmd, ArrayList<String> args) throws IOException {
ArrayList<String> cmdAndArgs = new ArrayList<String>(); StringBuilder cmdString = new StringBuilder();
cmdAndArgs.add(cmd); cmdString.append(cmd);
for (String arg : args) { if (args.size() > 0) {
cmdAndArgs.add(escapeArg(arg)); for (String arg : args) {
cmdString.append(" ");
cmdString.append(escapeArgWindows(arg));
}
}
return execute(cmdString.toString());
}
protected Process execute(String cmd, ArrayList<String> args) throws IOException {
String osName = System.getProperty("os.name");
if (osName != null && osName.toLowerCase().contains("windows")) {
return executeWindows(cmd, args);
} else {
ArrayList<String> cmdAndArgs = new ArrayList<String>();
cmdAndArgs.add(cmd);
for (String arg : args) {
cmdAndArgs.add(arg);
}
ProcessBuilder builder = new ProcessBuilder(cmdAndArgs);
builder.directory(Loader.getCWD());
return builder.start();
} }
ProcessBuilder builder = new ProcessBuilder(cmdAndArgs);
builder.directory(Loader.getCWD());
return builder.start();
} }
protected Process execute(String cmdstr) throws IOException { protected Process execute(String cmdstr) throws IOException {