metasploit-public-bot
commented
9 years ago Test FAILED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/155/ Test FAILED.
Closed bcook-r7 closed 9 years ago
metasploit-public-bot
commented
9 years ago Test FAILED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/155/ Test FAILED.
bcook-r7
commented
9 years ago some warnings from size_t -> DWORD conversions, will fix.
metasploit-public-bot
commented
9 years ago Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/156/ Test PASSED.
OJ
commented
9 years ago I was just having a play with this as a "general test". I added a folder called 这是一个测试 and did an ls on the folder, and this is what I got:
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 $U$-0xe8bf99e698afe4b880e4b8aae6b58be8af95
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:42 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..This might be unrelated to this PR, but is this intended?
OJ
commented
9 years ago The legenday @hmoore-r7 is showing me how to turn off the Unicode filter so I can see the goods. Sorry for the noise!
OJ
commented
9 years ago meterpreter > disable_unicode_encoding
[*] Unicode encoding is disabled
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:42 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 这是一个测试Much better!
OJ
commented
9 years ago x86 on Windows 7:
msf exploit(handler) > use post/test/file
msf post(file) > set SESSION 1
SESSION => 1
msf post(file) > run
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
[*] Post module execution completed
msf post(file) > use post/test/meterpreter
msf post(meterpreter) > set SESSION 1
SESSION => 1
msf post(meterpreter) > run
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should do md5 and sha1 of files
[*] Passed: 17; Failed: 0
[*] Post module execution completed
msf post(meterpreter) > x64 on Windows 7:
msf exploit(handler) > use post/test/file
msf post(file) > set SESSION 2
SESSION => 2
msf post(file) > run
[*] Running against session 2
[*] Session type is meterpreter and platform is x64/win64
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
[*] Post module execution completed
msf post(file) > use post/test/meterpreter
msf post(meterpreter) > set SESSION 2
SESSION => 2
msf post(meterpreter) > run
[*] Running against session 2
[*] Session type is meterpreter and platform is x64/win64
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[*] 10.1.10.35 - Meterpreter session 2 closed. Reason: DiedWe got ourselves a crash. Investigating.
OJ
commented
9 years ago Interesting.. it's fine when done in isolation.. but as part of the test suite, not so happy.
msf exploit(handler) > run
[*] Started reverse handler on 10.1.10.40:8000
[*] Starting the payload handler...
[*] Sending stage (972288 bytes) to 10.1.10.35
[*] Meterpreter session 4 opened (10.1.10.40:8000 -> 10.1.10.35:51124) at 2015-03-18 15:19:12 +1000
meterpreter > pwd
Z:\scratch\meterpreter\10.1.10.40
meterpreter > disable_unicode_encoding
[*] Unicode encoding is disabled
meterpreter > pwd
Z:\scratch\meterpreter\10.1.10.40
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>> client.fs.dir.pwd
=> "Z:\\scratch\\meterpreter\\10.1.10.40"
>> exit
meterpreter > background
[*] Backgrounding session 4...
msf exploit(handler) > use post/test/meterpreter
msf post(meterpreter) > set session 4
session => 4
msf post(meterpreter) > run
[*] Running against session 4
[*] Session type is meterpreter and platform is x64/win64
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[*] 10.1.10.35 - Meterpreter session 4 closed. Reason: DiedContinuing investigation.
OJ
commented
9 years ago Looks like ls is the culprit:
msf post(meterpreter) > sessions -i 6
[*] Starting interaction with 6...
meterpreter > ls
[-] Error running command ls: Rex::TimeoutError Operation timed out.
meterpreter >
[*] 10.1.10.35 - Meterpreter session 6 closed. Reason: DiedLooks like we have a winner:
msf post(meterpreter) > sessions -i 7
[*] Starting interaction with 7...
meterpreter > ls
Listing: Z:\scratch\meterpreter\10.1.10.40
==========================================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 4096 dir 2014-11-11 08:06:40 +1000 .
40777/rwxrwxrwx 4096 dir 2014-10-27 22:46:25 +1000 ..
100777/rwxrwxrwx 73802 fil 2014-10-27 22:10:49 +1000 revhttp8443-x86.exe
100777/rwxrwxrwx 6144 fil 2014-10-27 22:03:29 +1000 revhttps8443-x64.exe
100777/rwxrwxrwx 73802 fil 2014-10-27 22:03:02 +1000 revhttps8443-x86.exe
100777/rwxrwxrwx 6144 fil 2014-10-23 10:30:07 +1000 revtcp8000-x64.exe
100777/rwxrwxrwx 73802 fil 2014-11-16 09:11:50 +1000 revtcp8000-x86.exe
100666/rw-rw-rw- 358 fil 2014-11-11 08:06:45 +1000 revtcp8000.py
meterpreter > background
[*] Backgrounding session 7...
msf post(meterpreter) > set session 7
session => 7
msf post(meterpreter) > run
[*] Running against session 7
[*] Session type is meterpreter and platform is x64/win64
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should do md5 and sha1 of files
[*] Passed: 17; Failed: 0
[*] Post module execution completedthanks for the catch @OJ - heaps are silly
OJ
commented
9 years ago Your test harness caught it mate! You did the hard work. I just rant stuff. Once I'm done I'll go back outside and count the railings. Cheers for the help :)
OJ
commented
9 years ago So what's the plan for handling cases where unicode appears (or not) in the shell, for example:
C:\temp>dir
dir
Volume in drive C has no label.
Volume Serial Number is 6C13-2445
Directory of C:\temp
03/18/2015 02:52 PM <DIR> .
03/18/2015 02:52 PM <DIR> ..
01/28/2015 07:43 PM 0 empty
03/18/2015 02:52 PM <DIR> ??????
1 File(s) 0 bytes
3 Dir(s) 30,030,344,192 bytes freeI'm assuming that'll come later on. This stuff goes via channels and not MSF commands so will be a bit trickier.
hdm
commented
9 years ago Shell sessions (and channels) are problematic because they use codepages, not unicode, so we don't have an easy way to translate. At least for file access, Meterpreter makes this less necessary.
OJ
commented
9 years ago Yeah I thought that might be the case. Sometimes I wish shell was a special case, but it really isn't that special given that these things could come from anywhere.
Computers are horrible ;)
metasploit-public-bot
commented
9 years ago Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/157/ Test PASSED.
OJ
commented
9 years ago Thanks for the fixes @bcook-r7.
Here's a full test run:
msf exploit(handler) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 WIN-S45GUQ5KGVK\OJ @ WIN-S45GUQ5KGVK 10.1.10.40:8000 -> 10.1.10.35:51156 (10.1.10.35)
2 meterpreter x64/win64 WIN-S45GUQ5KGVK\OJ @ WIN-S45GUQ5KGVK 10.1.10.40:8000 -> 10.1.10.35:51157 (10.1.10.35)
3 meterpreter x86/linux uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ ropchain 10.1.10.40:8000 -> 10.1.10.40:35586 (10.1.10.40)
msf exploit(handler) > loadpath test/modules
Loaded 33 modules:
8 posts
13 exploits
12 auxiliarys
msf exploit(handler) > use post/test/file
msf post(file) > set session 1
session => 1
msf post(file) > run
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
[*] Post module execution completed
msf post(file) > set session 2
session => 2
msf post(file) > run
[*] Running against session 2
[*] Session type is meterpreter and platform is x64/win64
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
[*] Post module execution completed
msf post(file) > set session 3
session => 3
msf post(file) > run
[*] Running against session 3
[*] Session type is meterpreter and platform is x86/linux
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
[*] Post module execution completed
msf post(meterpreter) > set session 1
session => 1
msf post(meterpreter) > run
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should do md5 and sha1 of files
[*] Passed: 17; Failed: 0
[*] Post module execution completed
msf post(meterpreter) > set session 2
session => 2
msf post(meterpreter) > run
[*] Running against session 2
[*] Session type is meterpreter and platform is x64/win64
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should do md5 and sha1 of files
[*] Passed: 17; Failed: 0
[*] Post module execution completed
msf post(meterpreter) > set session 3
session => 3
msf post(meterpreter) > run
[*] Running against session 3
[*] Session type is meterpreter and platform is x86/linux
[+] should return its own process id
[+] should return a list of processes
[+] should return a user id
[+] should return a sysinfo Hash
[+] should return network interfaces
[+] should have an interface that matches session_host
[+] should return network routes
[+] should return the proper directory separator
[+] should return the current working directory
[+] should list files in the current directory
[+] should stat a directory
[+] should create and remove a dir
[+] should change directories
[+] should create and remove files
[+] should upload a file
[+] should move files
[+] should do md5 and sha1 of files
[*] Passed: 17; Failed: 0
[*] Post module execution completed
msf post(meterpreter) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 $U$-0xe8bf99e698afe4b880e4b8aae6b58be8af95
40777/rwxrwxrwx 0 dir 2015-03-18 17:53:30 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..
meterpreter > disable_unicode_encoding
[*] Unicode encoding is disabled
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 17:53:30 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 这是一个测试
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 10.1.10.35 - Meterpreter session 1 closed. Reason: User exit
msf post(meterpreter) > sessions -i 2
[*] Starting interaction with 2...
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 $U$-0xe8bf99e698afe4b880e4b8aae6b58be8af95
40777/rwxrwxrwx 0 dir 2015-03-18 17:53:30 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..
meterpreter > disable_unicode_encoding
[*] Unicode encoding is disabled
meterpreter > ls C:\\temp
Listing: C:\temp
================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2015-03-18 17:53:30 +1000 .
40777/rwxrwxrwx 0 dir 1980-01-01 00:00:00 +1000 ..
40777/rwxrwxrwx 0 dir 2015-03-18 14:52:41 +1000 这是一个测试
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 10.1.10.35 - Meterpreter session 2 closed. Reason: User exit
msf post(meterpreter) > sessions -i 3
[*] Starting interaction with 3...
meterpreter > ls /home/oj/tmp/
Listing: /home/oj/tmp/
======================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40775/rwxrwxr-x 4096 dir 2015-03-18 17:53:58 +1000 $U$-0xe8bf99e698afe4b880e4b8aae6b58be8af95
40775/rwxrwxr-x 4096 dir 2015-03-18 17:53:58 +1000 .
40700/rwx------ 12288 dir 2015-03-18 17:53:59 +1000 ..
meterpreter > disable_unicode_encoding
[*] Unicode encoding is disabled
meterpreter > ls /home/oj/tmp/
Listing: /home/oj/tmp/
======================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40775/rwxrwxr-x 4096 dir 2015-03-18 17:53:58 +1000 .
40700/rwx------ 12288 dir 2015-03-18 17:53:59 +1000 ..
40775/rwxrwxr-x 4096 dir 2015-03-18 17:53:58 +1000 这是一个测试
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 10.1.10.40 - Meterpreter session 3 closed. Reason: User exitLanding!
This fixes #133 and #134 , separating the posix and windows filesystem operations into fs_win.c and fs_posix.c and adding unicode support on the windows side. The TLV and channel setup code is shared between the implementations. TLV assumes utf-8 in and out for filesystem operations, with the OS implementation adjusting as necessary.
We will probably want to move the windows utf-8 conversion functions to someplace common later.
Verification
For now, this can be tested with the standard test modules in framework. This code should be backward compatible with what is already in framework. Something like this should exercise all of the filesystem functionality.