Add unicode support for filesystem search

[bcook-r7]

This adjusts the windows meterpreter search functions to use unicode for wds2/3 and fallback behavior. With it, search can be used like so to match on non-ANSI/ASCII characters:

meterpreter > search -d e:/metasploit-framework/ -f *プ*
Found 2 results...
    e:/metasploit-framework/test-files\sasakure.UK - プレゼンター.mp3 (6707884 bytes)
    e:/metasploit-framework/test-files\sasakure.UK - プロローグ.mp3 (1200225 bytes)
meterpreter > search -d e:/metasploit-framework -f *pippo*.mp3
Found 1 result...
    e:/metasploit-framework/test-files\sasakure.UK - Nakimushi pippo.mp3 (7020117 bytes)

It also adds some fixes like infinite recursion protection when traversing a filesystem that contains bad symlinks. The unicode functions that were used for conversions in some filesystem routines are now moved to common.

Verification

Ensure that search can:

• [x] Match on native code-page filenames, e.g. works like before on Windows XP
• [x] Match on native code-page filenames, e.g. works like before on Windows 8
• [x] Match on non-native code-page filenames, e.g. matches Unicode names on Windows XP
• [x] Match on non-native code-page filenames, e.g. matches Unicode names on Windows 8
• [x] Verify that not specifying a drive/start directory searches all drives

This doesn't change anything in the POSIX meterpreter.

[metasploit-public-bot]

Test FAILED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/175/ Test FAILED.

[OJ]

Small build error @bcook-r7 :

\..\..\source\extensions\stdapi\server\fs\search.c(639): error C2220: warning treated as error - no 'object' file generated [C:\jenkins\jobs\GPR-MeterpreterWin\workspace\workspace\ext_server_stdapi\ext_server_stdapi.vcxproj]
..\..\source\extensions\stdapi\server\fs\search.c(639): warning C4267: 'initializing' : conversion from 'size_t' to 'DWORD', possible loss of data [C:\jenkins\jobs\GPR-MeterpreterWin\workspace\workspace\ext_server_stdapi\ext_server_stdapi.vcxproj]

[OJ]

I'll take a look at this today. Thanks!

[bcook-r7]

Minor thing, I'll fix it.

[metasploit-public-bot]

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/176/ Test PASSED.

[OJ]

Processing now.

[OJ]

Looks fine for the most part.

Windows 8

meterpreter > sysinfo
Computer        : WIN-8RDFKU33NLH
OS              : Windows 8 (Build 9200).
Architecture    : x64 (Current Process is WOW64)
System Language : en_GB
Meterpreter     : x86/win32
meterpreter > ls

Listing: C:\temp
================

Mode              Size  Type  Last modified              Name
----              ----  ----  -------------              ----
40777/rwxrwxrwx   0     dir   2015-04-06 15:26:56 +1000  .
40777/rwxrwxrwx   0     dir   1979-12-31 23:00:00 +1000  ..
100666/rw-rw-rw-  48    fil   2015-04-06 15:26:18 +1000  プ-THISISENGLISH-グ.txt
100666/rw-rw-rw-  48    fil   2015-04-06 15:26:18 +1000  プレゼンタ.txt
meterpreter > search -d C:/temp -f *プ*
Found 2 results...
    C:/temp\プ-THISISENGLISH-グ.txt (48 bytes)
    C:/temp\プレゼンタ.txt (48 bytes)
meterpreter > search -f プ*
Found 4 results...
    c:\\temp\プ-THISISENGLISH-グ.txt (48 bytes)
    c:\\temp\プレゼンタ.txt (48 bytes)
    c:\\Users\OJ Reeves\AppData\Roaming\Microsoft\Windows\Recent\プレゼンタ.lnk (637 bytes)
    z:\\scratch\meterpreter\10.1.10.40\プレゼンタ.txt
meterpreter > search -d 'C:/program files/' -f *.txt
Found 7 results...
    C:/program files/\Common Files\microsoft shared\Microsoft Camera Codec Pack\Notices.txt (1649 bytes)
    C:/program files/\VMware\VMware Tools\open_source_licenses.txt (377992 bytes)
    C:/program files/\Windows NT\TableTextService\TableTextServiceAmharic.txt (13862 bytes)
    C:/program files/\Windows NT\TableTextService\TableTextServiceArray.txt (1272944 bytes)
    C:/program files/\Windows NT\TableTextService\TableTextServiceDaYi.txt (980224 bytes)
    C:/program files/\Windows NT\TableTextService\TableTextServiceTigrinya.txt (13874 bytes)
    C:/program files/\Windows NT\TableTextService\TableTextServiceYi.txt (45170 bytes)
meterpreter > search -f *.txt
Found 144 results...
    c:\\Program Files\Common Files\microsoft shared\Microsoft Camera Codec Pack\Notices.txt (1649 bytes)
... snip ...
    z:\\scratch\blender\0B-same as 00.txt

Windows XP

This actually renders better in MSF than it does in XP itself:

meterpreter > search -d 'C:/program files/' -f *.txt
Found 1432 results...
    C:/program files/\Application Verifier\REDIST.TXT (133 bytes)
... snip ...
    C:/program files/\Wireshark\help\overview.txt (1936 bytes)
meterpreter > search -f プ*
Found 2 results...
    c:\\temp\プレゼンタ.txt
    z:\\scratch\meterpreter\10.1.10.40\プレゼンタ.txt

So the things I've noticed from above:

1. Sometimes we are getting double backslashes appearing in the output (eg. c:\\ in the cases where we aren't specifying -d)
2. Directory names doesn't seem to be returned as part of the search, only file names. Is that expected?

Nice work Brent!

[bcook-r7]

Thanks for the review. I'll add some slash normalization. The name and directory are pushed separately at the protocol level, I think this is just visualization (so expected.)

[OJ]

Roger that mate. I thought that might be the case. I'll merge your slash normalisation first thing in the morning. G'night!

[metasploit-public-bot]

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/179/ Test PASSED.

[OJ]

All looks good @bcook-r7. I've sent you a small PR here https://github.com/bcook-r7/meterpreter/pull/2 which just updates the single-line blocks to include curly braces and to add the group TLV functionality to the search results. Let me know what you think.

Cheers!

[metasploit-public-bot]

Test PASSED. Refer to this link for build results (access rights to CI server needed): https://ci.metasploit.com//job/GPR-MeterpreterWin/180/ Test PASSED.

[OJ]

Tally, bally ho!

Landing.