github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-20 14:39:22 +01:00
Code Releases Activity

Handle discrepance of process launching on Windows between different versions of Java

Browse Source
This commit is contained in:
Ashley Donaldson 2024-10-16 17:29:41 +11:00
parent dc3021e1c0
commit f1fcfd6176
1 changed files with 70 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute.java
View File

@ -67,70 +67,83 @@ public class stdapi_sys_process_execute implements Command {
// On Windows, Java quote-escapes _some_ arguments (like those with spaces), but doesn't deal correctly with some
// edge cases; e.g. empty strings, strings that already have quotes.
protected String escapeArg(String arg) {
protected String escapeArgWindows(String arg) {
if (arg == null) {
return null;
}
String osName = System.getProperty("os.name");
if (osName != null && osName.toLowerCase().contains("windows")) {
if (arg.equals("")) {
return "\"\"";
} else {
StringBuilder sb = new StringBuilder();
int numBackslashes = 0;
boolean needsQuoting = false;
for (int i = 0; i < arg.length(); i++) {
char c = arg.charAt(i);
switch (c) {
case '"': {
for (int nb = 0; nb < numBackslashes; nb++) {
sb.append('\\');
}
numBackslashes = 0;
sb.append('\\');
break;
}
case '\\': {
numBackslashes++;
break;
}
case ' ':
case '\t':
case (char)11:
{
needsQuoting = true;
numBackslashes = 0;
break;
}
default: {
numBackslashes = 0;
break;
}
}
sb.append(c);
}
if (needsQuoting) {
for (int nb = 0; nb < numBackslashes; nb++) {
sb.append('\\');
}
return "\"" + sb.toString() + "\"";
}
return sb.toString();
}
} else {
return arg;
if (arg.equals("")) {
return "\"\"";
} else {
StringBuilder sb = new StringBuilder();
int numBackslashes = 0;
boolean needsQuoting = false;
for (int i = 0; i < arg.length(); i++) {
char c = arg.charAt(i);
switch (c) {
case '"': {
for (int nb = 0; nb < numBackslashes; nb++) {
sb.append('\\');
}
numBackslashes = 0;
sb.append('\\');
break;
}
case '\\': {
numBackslashes++;
break;
}
case ' ':
case '\t':
case (char)11:
{
needsQuoting = true;
numBackslashes = 0;
break;
}
default: {
numBackslashes = 0;
break;
}
}
sb.append(c);
}
if (needsQuoting) {
for (int nb = 0; nb < numBackslashes; nb++) {
sb.append('\\');
}
return "\"" + sb.toString() + "\"";
}
return sb.toString();
}
}
protected Process execute(String cmd, ArrayList<String> args) throws IOException {
ArrayList<String> cmdAndArgs = new ArrayList<String>();
cmdAndArgs.add(cmd);
for (String arg : args) {
cmdAndArgs.add(escapeArg(arg));
protected Process executeWindows(String cmd, ArrayList<String> args) throws IOException {
StringBuilder cmdString = new StringBuilder();
cmdString.append(cmd);
if (args.size() > 0) {
for (String arg : args) {
cmdString.append(" ");
cmdString.append(escapeArgWindows(arg));
}
}
return execute(cmdString.toString());
}
protected Process execute(String cmd, ArrayList<String> args) throws IOException {
String osName = System.getProperty("os.name");
if (osName != null && osName.toLowerCase().contains("windows")) {
return executeWindows(cmd, args);
} else {
ArrayList<String> cmdAndArgs = new ArrayList<String>();
cmdAndArgs.add(cmd);
for (String arg : args) {
cmdAndArgs.add(arg);
}
ProcessBuilder builder = new ProcessBuilder(cmdAndArgs);
builder.directory(Loader.getCWD());
return builder.start();
}
ProcessBuilder builder = new ProcessBuilder(cmdAndArgs);
builder.directory(Loader.getCWD());
return builder.start();
}
protected Process execute(String cmdstr) throws IOException {