In pymeterpreter use a MeterpreterFile obj for Py v3

Author: zeroSteiner

data/meterpreter/ext_server_stdapi.py

@@ -508,7 +508,7 @@ def get_stat_buffer(path):
 		blocks = si.st_blocks
 	st_buf = struct.pack('<IHHH', si.st_dev, min(0xffff, si.st_ino), si.st_mode, si.st_nlink)
 	st_buf += struct.pack('<HHHI', si.st_uid, si.st_gid, 0, rdev)
-	st_buf += struct.pack('<IIII', si.st_size, si.st_atime, si.st_mtime, si.st_ctime)
+	st_buf += struct.pack('<IIII', si.st_size, long(si.st_atime), long(si.st_mtime), long(si.st_ctime))
 	st_buf += struct.pack('<II', blksize, blocks)
 	return st_buf
 
@@ -603,7 +603,7 @@ def channel_open_stdapi_fs_file(request, response):
 	else:
 		fmode = 'rb'
 	file_h = open(fpath, fmode)
-	channel_id = meterpreter.add_channel(file_h)
+	channel_id = meterpreter.add_channel(MeterpreterFile(file_h))
 	response += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id)
 	return ERROR_SUCCESS, response
 
@@ -737,11 +737,12 @@ def stdapi_sys_process_getpid(request, response):
 
 def stdapi_sys_process_get_processes_via_proc(request, response):
 	for pid in os.listdir('/proc'):
-		pgroup = ''
+		pgroup = bytes()
 		if not os.path.isdir(os.path.join('/proc', pid)) or not pid.isdigit():
 			continue
-		cmd = open(os.path.join('/proc', pid, 'cmdline'), 'rb').read(512).replace('\x00', ' ')
-		status_data = open(os.path.join('/proc', pid, 'status'), 'rb').read()
+		cmdline_file = open(os.path.join('/proc', pid, 'cmdline'), 'rb')
+		cmd = str(cmdline_file.read(512).replace(NULL_BYTE, bytes(' ', 'UTF-8')))
+		status_data = str(open(os.path.join('/proc', pid, 'status'), 'rb').read())
 		status_data = map(lambda x: x.split('\t',1), status_data.split('\n'))
 		status = {}
 		for k, v in filter(lambda x: len(x) == 2, status_data):
@@ -893,7 +894,8 @@ def stdapi_fs_delete_dir(request, response):
 @meterpreter.register_function
 def stdapi_fs_delete_file(request, response):
 	file_path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
-	os.unlink(file_path)
+	if os.path.exists(file_path):
+		os.unlink(file_path)
 	return ERROR_SUCCESS, response
 
 @meterpreter.register_function
@@ -955,7 +957,8 @@ def stdapi_fs_md5(request, response):
 @meterpreter.register_function
 def stdapi_fs_mkdir(request, response):
 	dir_path = packet_get_tlv(request, TLV_TYPE_DIRECTORY_PATH)['value']
-	os.mkdir(dir_path)
+	if not os.path.isdir(dir_path):
+		os.mkdir(dir_path)
 	return ERROR_SUCCESS, response
 
 @meterpreter.register_function
@@ -1423,7 +1426,7 @@ def stdapi_registry_query_value(request, response):
 	if result == ERROR_SUCCESS:
 		response += tlv_pack(TLV_TYPE_VALUE_TYPE, value_type.value)
 		if value_type.value == REG_SZ:
-			response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data) + '\x00')
+			response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data) + NULL_BYTE)
 		elif value_type.value == REG_DWORD:
 			value = value_data[:4]
 			value.reverse()

data/meterpreter/meterpreter.py

@@ -146,7 +146,7 @@ def packet_enum_tlvs(pkt, tlv_type = None):
 		if (tlv_type == None) or ((tlv[1] & ~TLV_META_TYPE_COMPRESSED) == tlv_type):
 			val = pkt[offset+8:(offset+8+(tlv[0] - 8))]
 			if (tlv[1] & TLV_META_TYPE_STRING) == TLV_META_TYPE_STRING:
-				val = val.split(NULL_BYTE, 1)[0]
+				val = str(val.split(NULL_BYTE, 1)[0])
 			elif (tlv[1] & TLV_META_TYPE_UINT) == TLV_META_TYPE_UINT:
 				val = struct.unpack('>I', val)[0]
 			elif (tlv[1] & TLV_META_TYPE_BOOL) == TLV_META_TYPE_BOOL:
@@ -190,6 +190,15 @@ def tlv_pack(*args):
 			data = struct.pack('>II', 8 + len(value), tlv['type']) + value
 	return data
 
+#@export
+class MeterpreterFile(object):
+	def __init__(self, file_obj):
+		self.file_obj = file_obj
+
+	def __getattr__(self, name):
+		return getattr(self.file_obj, name)
+export(MeterpreterFile)
+
 #@export
 class MeterpreterSocket(object):
 	def __init__(self, sock):
@@ -271,6 +280,7 @@ def register_function_windll(self, func):
 		return func
 
 	def add_channel(self, channel):
+		assert(isinstance(channel, (subprocess.Popen, MeterpreterFile, MeterpreterSocket)))
 		idx = 0
 		while idx in self.channels:
 			idx += 1
@@ -392,10 +402,10 @@ def _core_channel_close(self, request, response):
 		if channel_id not in self.channels:
 			return ERROR_FAILURE, response
 		channel = self.channels[channel_id]
-		if isinstance(channel, file):
-			channel.close()
-		elif isinstance(channel, subprocess.Popen):
+		if isinstance(channel, subprocess.Popen):
 			channel.kill()
+		elif isinstance(channel, MeterpreterFile):
+			channel.close()
 		elif isinstance(channel, MeterpreterSocket):
 			channel.close()
 		else:
@@ -411,7 +421,7 @@ def _core_channel_eof(self, request, response):
 			return ERROR_FAILURE, response
 		channel = self.channels[channel_id]
 		result = False
-		if isinstance(channel, file):
+		if isinstance(channel, MeterpreterFile):
 			result = channel.tell() >= os.fstat(channel.fileno()).st_size
 		response += tlv_pack(TLV_TYPE_BOOL, result)
 		return ERROR_SUCCESS, response
@@ -438,13 +448,13 @@ def _core_channel_read(self, request, response):
 			return ERROR_FAILURE, response
 		channel = self.channels[channel_id]
 		data = ''
-		if isinstance(channel, file):
-			data = channel.read(length)
-		elif isinstance(channel, STDProcess):
+		if isinstance(channel, STDProcess):
 			if channel.poll() != None:
 				self.handle_dead_resource_channel(channel_id)
 			if channel.stdout_reader.is_read_ready():
 				data = channel.stdout_reader.read(length)
+		elif isinstance(channel, MeterpreterFile):
+			data = channel.read(length)
 		elif isinstance(channel, MeterpreterSocket):
 			data = channel.recv(length)
 		else:
@@ -460,13 +470,13 @@ def _core_channel_write(self, request, response):
 			return ERROR_FAILURE, response
 		channel = self.channels[channel_id]
 		l = len(channel_data)
-		if isinstance(channel, file):
-			channel.write(channel_data)
-		elif isinstance(channel, subprocess.Popen):
+		if isinstance(channel, subprocess.Popen):
 			if channel.poll() != None:
 				self.handle_dead_resource_channel(channel_id)
 				return ERROR_FAILURE, response
 			channel.stdin.write(channel_data)
+		elif isinstance(channel, MeterpreterFile):
+			channel.write(channel_data)
 		elif isinstance(channel, MeterpreterSocket):
 			try:
 				l = channel.send(channel_data)
@@ -487,7 +497,7 @@ def create_response(self, request):
 		reqid_tlv = packet_get_tlv(request, TLV_TYPE_REQUEST_ID)
 		resp += tlv_pack(reqid_tlv)
 
-		handler_name = str(method_tlv['value'])
+		handler_name = method_tlv['value']
 		if handler_name in self.extension_functions:
 			handler = self.extension_functions[handler_name]
 			try: