Land rapid7#7625, add meterpreter 'cp' command and copy primitives

Brent Cook · Brent Cook · commit 66363f164366 · 2016-12-06T07:20:21.000-06:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -14,9 +14,9 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.2.1)
+      metasploit-payloads (= 1.2.3)
       metasploit_data_models
-      metasploit_payloads-mettle (= 0.1.2)
+      metasploit_payloads-mettle (= 0.1.3)
       msgpack
       nessus_rest
       net-ssh
@@ -169,7 +169,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.1)
+    metasploit-payloads (1.2.3)
     metasploit_data_models (2.0.10)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -180,7 +180,7 @@ GEM
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.1.2)
+    metasploit_payloads-mettle (0.1.3)
     method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
@@ -226,6 +226,24 @@ class << self
     alias rename mv
   end
 
+  #
+  # Performs a copy from oldname to newname
+  #
+  def File.cp(oldname, newname)
+    request = Packet.create_request('stdapi_fs_file_copy')
+
+    request.add_tlv(TLV_TYPE_FILE_NAME, client.unicode_filter_decode( oldname ))
+    request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( newname ))
+
+    response = client.send_request(request)
+
+    return response
+  end
+
+  class << self
+    alias copy cp
+  end
+
   #
   # Upload one or more files to the remote remote directory supplied in
   # +destination+.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
@@ -71,6 +71,7 @@ def commands
       'pwd'        => 'Print working directory',
       'rm'         => 'Delete the specified file',
       'mv'         => 'Move source to destination',
+      'cp'         => 'Copy source to destination',
       'rmdir'      => 'Remove directory',
       'search'     => 'Search for files',
       'upload'     => 'Upload a file or directory',
@@ -95,6 +96,7 @@ def commands
       'rmdir'      => ['stdapi_fs_delete_dir'],
       'rm'         => ['stdapi_fs_delete_file'],
       'mv'         => ['stdapi_fs_file_move'],
+      'cp'         => ['stdapi_fs_file_copy'],
       'search'     => ['stdapi_fs_search'],
       'upload'     => [],
       'show_mount' => ['stdapi_fs_mount_show'],
diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec
@@ -65,9 +65,9 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.2.1'
+  spec.add_runtime_dependency 'metasploit-payloads', '1.2.3'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.2'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.3'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.
diff --git a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 27144
+  CachedSize = 27149
 
   include Msf::Payload::Single
   include Msf::Payload::Php::ReverseTcp
diff --git a/modules/payloads/singles/python/meterpreter_bind_tcp.rb b/modules/payloads/singles/python/meterpreter_bind_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 51742
+  CachedSize = 51758
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_http.rb b/modules/payloads/singles/python/meterpreter_reverse_http.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 51706
+  CachedSize = 51718
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_https.rb b/modules/payloads/singles/python/meterpreter_reverse_https.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 51706
+  CachedSize = 51722
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_tcp.rb b/modules/payloads/singles/python/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 51662
+  CachedSize = 51674
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/test/modules/post/test/meterpreter.rb b/test/modules/post/test/meterpreter.rb
@@ -251,31 +251,55 @@ def test_fs
       session.fs.file.rm(remote)
       res
     end
-    if session.commands.include?("stdapi_fs_file_move")
-      it "should move files" do
-        res = true
-        src_name = datastore["BaseFileName"]
-        dst_name = "#{datastore["BaseFileName"]}-moved"
-
-        # Make sure we don't have leftovers from a previous run
-        session.fs.file.rm(src_name) rescue nil
-        session.fs.file.rm(dst_name) rescue nil
-
-        # touch a new file
-        fd = session.fs.file.open(src_name, "wb")
-        fd.close
 
-        session.fs.file.mv(src_name, dst_name)
-        entries = session.fs.dir.entries
-        res &&= entries.include?(dst_name)
-        res &&= !entries.include?(src_name)
+    it "should move files" do
+      res = true
+      src_name = datastore["BaseFileName"]
+      dst_name = "#{datastore["BaseFileName"]}-moved"
+
+      # Make sure we don't have leftovers from a previous run
+      session.fs.file.rm(src_name) rescue nil
+      session.fs.file.rm(dst_name) rescue nil
 
-        # clean up
-        session.fs.file.rm(src_name) rescue nil
-        session.fs.file.rm(dst_name) rescue nil
+      # touch a new file
+      fd = session.fs.file.open(src_name, "wb")
+      fd.close
 
-        res
-      end
+      session.fs.file.mv(src_name, dst_name)
+      entries = session.fs.dir.entries
+      res &&= entries.include?(dst_name)
+      res &&= !entries.include?(src_name)
+
+      # clean up
+      session.fs.file.rm(src_name) rescue nil
+      session.fs.file.rm(dst_name) rescue nil
+
+      res
+    end
+
+    it "should copy files" do
+      res = true
+      src_name = datastore["BaseFileName"]
+      dst_name = "#{datastore["BaseFileName"]}-copied"
+
+      # Make sure we don't have leftovers from a previous run
+      session.fs.file.rm(src_name) rescue nil
+      session.fs.file.rm(dst_name) rescue nil
+
+      # touch a new file
+      fd = session.fs.file.open(src_name, "wb")
+      fd.close
+
+      session.fs.file.cp(src_name, dst_name)
+      entries = session.fs.dir.entries
+      res &&= entries.include?(dst_name)
+      res &&= entries.include?(src_name)
+
+      # clean up
+      session.fs.file.rm(src_name) rescue nil
+      session.fs.file.rm(dst_name) rescue nil
+
+      res
     end
 
     it "should do md5 and sha1 of files" do
