search

rapid7 / metasploit-javapayload

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD
87 stars 82 forks source link

Java Meterpreter fails to stat the root directory when given more than one / #18

Closed jlee-r7 closed 9 years ago

jlee-r7 commented 10 years ago 
meterpreter > ls //
[-] stdapi_fs_stat: Operation failed: 1
meterpreter > cat ...
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
   at java.lang.String.charAt(libgcj.so.81)
   at java.io.File._stat(libgcj.so.81)
   at java.io.File.isHidden(libgcj.so.81)
   at com.metasploit.meterpreter.stdapi.stdapi_fs_stat.stat(Unknown Source)
   at com.metasploit.meterpreter.stdapi.stdapi_fs_stat.execute(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.executeCommand(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.startExecuting(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
   at java.lang.reflect.Constructor.newInstance(libgcj.so.81)
   at javapayload.stage.Meterpreter.start(Unknown Source)
   at java.lang.reflect.Method.invoke(libgcj.so.81)
   at metasploit.Payload.bootstrap(Unknown Source)
   at metasploit.Payload.main(Unknown Source)
java.io.IOException: File/directory does not exist: //
   at com.metasploit.meterpreter.stdapi.stdapi_fs_stat.execute(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.executeCommand(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.startExecuting(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
   at com.metasploit.meterpreter.Meterpreter.<init>(Unknown Source)
   at java.lang.reflect.Constructor.newInstance(libgcj.so.81)
   at javapayload.stage.Meterpreter.start(Unknown Source)
   at java.lang.reflect.Method.invoke(libgcj.so.81)
   at metasploit.Payload.bootstrap(Unknown Source)
   at metasploit.Payload.main(Unknown Source)
jlee-r7 commented 10 years ago

This is on a Metasploitable2 Linux VM

OJ commented 10 years ago

Hmmm

meterpreter > sysinfo
Computer    : ropchain
OS          : Linux 3.14.8-100.fc19.x86_64 (amd64)
Meterpreter : java/java
meterpreter > ls //

Listing: //
===========

Mode              Size    Type  Last modified              Name
----              ----    ----  -------------              ----
100445/r--r--r-x  526078  fil   2014-07-01 16:14:08 +1000  .readahead
40554/r-xr-xr--   69632   dir   2014-07-25 03:40:37 +1000  bin
40554/r-xr-xr--   4096    dir   2014-07-01 14:00:31 +1000  boot
40554/r-xr-xr--   3900    dir   2014-07-28 14:02:48 +1000  dev
40554/r-xr-xr--   12288   dir   2014-07-25 03:40:37 +1000  etc
100444/r--r--r--  8       fil   2014-05-17 16:09:17 +1000  flag
40554/r-xr-xr--   4096    dir   2014-06-18 15:39:17 +1000  home
40554/r-xr-xr--   36864   dir   2014-07-25 03:40:31 +1000  lib
40554/r-xr-xr--   131072  dir   2014-07-25 03:40:34 +1000  lib64
40000/---------   16384   dir   2013-06-28 03:34:00 +1000  lost+found
40554/r-xr-xr--   4096    dir   2013-07-08 18:56:45 +1000  media
40554/r-xr-xr--   4096    dir   2014-02-13 20:07:46 +1000  mnt
40554/r-xr-xr--   4096    dir   2014-03-23 11:06:18 +1000  opt
40554/r-xr-xr--   0       dir   2014-07-01 16:10:01 +1000  proc
40000/---------   4096    dir   2014-07-28 10:49:07 +1000  root
40554/r-xr-xr--   1400    dir   2014-07-24 14:01:24 +1000  run
40554/r-xr-xr--   20480   dir   2014-07-25 03:40:37 +1000  sbin
40554/r-xr-xr--   4096    dir   2013-07-08 18:56:45 +1000  srv
40554/r-xr-xr--   0       dir   2014-07-01 16:10:05 +1000  sys
40776/rwxrwxrw-   760     dir   2014-07-30 15:21:34 +1000  tmp
40554/r-xr-xr--   4096    dir   2013-10-22 07:44:51 +1000  usr
40554/r-xr-xr--   4096    dir   2013-11-04 08:37:51 +1000  var
40776/rwxrwxrw-   4096    dir   2014-06-24 17:32:37 +1000  vmware
jlee-r7 commented 10 years ago

@OJ Yeah, I'm betting this is a problem with GCJ. @schierlm has mentioned it being especially obnoxious in the past.

OJ commented 10 years ago

Ah OK cool. I'll try digging into that a bit then.

jlee-r7 commented 10 years ago

To clarify, all of the following work, with / as the working directory:

ls .
ls /.
ls ./
ls /./
ls .////

While these do not:

ls
ls /
ls /////
schierlm commented 10 years ago

I'm personally already happy if GCJ does not segfault when I give it some nontrivial Java program. So in this case, it worked fine :)

OJ commented 10 years ago

Gold :)

timwr commented 9 years ago

Presumably this fixed with #27 but I tested it anyway and

cd /
ls
ls /
ls /////

all work great :)

rutvik2611 commented 8 years ago

i am using this on meterpreter on andriod i can see files by ls // but how do i delet dir and make new one ,how to download file and how can i inject file THANKS IN ADVANCE

williams7693 commented 4 years ago

yo thanks