sempervictus
diff --git a/‎Gemfile.lock
Lines changed: 2 additions & 2 deletions b/‎Gemfile.lock
Lines changed: 2 additions & 2 deletions
diff --git a/‎data/meterpreter/meterpreter.php
Lines changed: 47 additions & 8 deletions b/‎data/meterpreter/meterpreter.php
Lines changed: 47 additions & 8 deletions
diff --git a/‎data/meterpreter/meterpreter.py
Lines changed: 16 additions & 5 deletions b/‎data/meterpreter/meterpreter.py
Lines changed: 16 additions & 5 deletions
diff --git a/‎data/php/bind_tcp.php
Lines changed: 0 additions & 56 deletions b/‎data/php/bind_tcp.php
Lines changed: 0 additions & 56 deletions
diff --git a/‎data/php/bind_tcp_ipv6.php
Lines changed: 0 additions & 53 deletions b/‎data/php/bind_tcp_ipv6.php
Lines changed: 0 additions & 53 deletions
diff --git a/‎data/php/reverse_tcp.php
Lines changed: 0 additions & 56 deletions b/‎data/php/reverse_tcp.php
Lines changed: 0 additions & 56 deletions
diff --git a/‎lib/msf/base/serializer/readable_text.rb
Lines changed: 14 additions & 0 deletions b/‎lib/msf/base/serializer/readable_text.rb
Lines changed: 14 additions & 0 deletions
@@ -9,7 +9,7 @@ PATH
       json
       metasploit-concern (~> 1.0)
       metasploit-model (~> 1.0)
-      metasploit-payloads (= 0.0.7)
+      metasploit-payloads (= 1.0.1)
       msgpack
       nokogiri
       packetfu (= 1.1.9)
@@ -123,7 +123,7 @@ GEM
       activemodel (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
       railties (>= 4.0.9, < 4.1.0)
-    metasploit-payloads (0.0.7)
+    metasploit-payloads (1.0.1)
     metasploit_data_models (1.1.0)
       activerecord (>= 4.0.9, < 4.1.0)
       activesupport (>= 4.0.9, < 4.1.0)
 
@@ -1,4 +1,4 @@
-#<?php
+//<?php
 
 # Everything that needs to be global has to be made so explicitly so we can run
 # inside a call to create_user_func($user_input);
@@ -32,7 +32,7 @@
 
 # global list of extension commands
 if (!isset($GLOBALS['commands'])) {
-    $GLOBALS['commands'] = array("core_loadlib");
+    $GLOBALS['commands'] = array("core_loadlib", "core_machine_id", "core_uuid");
 }
 
 function register_command($c) {
@@ -99,18 +99,21 @@ function socket_set_option($sock, $type, $opt, $value) {
 }
 }
 
+#
+# Payload definitions
+#
+define("PAYLOAD_UUID", "");
 
 #
 # Constants
 #
-define("PACKET_TYPE_REQUEST",0);
-define("PACKET_TYPE_RESPONSE",1);
-define("PACKET_TYPE_PLAIN_REQUEST", 10);
+define("PACKET_TYPE_REQUEST",         0);
+define("PACKET_TYPE_RESPONSE",        1);
+define("PACKET_TYPE_PLAIN_REQUEST",  10);
 define("PACKET_TYPE_PLAIN_RESPONSE", 11);
 
-define("ERROR_SUCCESS",0);
-# not defined in original C implementation
-define("ERROR_FAILURE",1);
+define("ERROR_SUCCESS", 0);
+define("ERROR_FAILURE", 1);
 
 define("CHANNEL_CLASS_BUFFERED", 0);
 define("CHANNEL_CLASS_STREAM",   1);
@@ -175,6 +178,9 @@ function socket_set_option($sock, $type, $opt, $value) {
 define("TLV_TYPE_MIGRATE_PID",         TLV_META_TYPE_UINT   | 402);
 define("TLV_TYPE_MIGRATE_LEN",         TLV_META_TYPE_UINT   | 403);
 
+define("TLV_TYPE_MACHINE_ID",          TLV_META_TYPE_STRING | 460);
+define("TLV_TYPE_UUID",                TLV_META_TYPE_RAW    | 461);
+
 define("TLV_TYPE_CIPHER_NAME",         TLV_META_TYPE_STRING | 500);
 define("TLV_TYPE_CIPHER_PARAMETERS",   TLV_META_TYPE_GROUP  | 501);
 
@@ -419,8 +425,41 @@ function core_loadlib($req, &$pkt) {
 }
 
 
+function core_uuid($req, &$pkt) {
+    my_print("doing core_uuid");
+    packet_add_tlv($pkt, create_tlv(TLV_TYPE_UUID, PAYLOAD_UUID));
+    return ERROR_SUCCESS;
+}
 
 
+function get_hdd_label() {
+  foreach (scandir('/dev/disk/by-id/') as $file) {
+    foreach (array("ata-", "mb-") as $prefix) {
+      if (strpos($file, $prefix) === 0) {
+        return substr($file, strlen($prefix));
+      }
+    }
+  }
+  return "";
+}
+
+function core_machine_id($req, &$pkt) {
+  my_print("doing core_machine_id");
+  $machine_id = gethostname();
+  $serial = "";
+
+  if (is_windows()) {
+    # It's dirty, but there's not really a nicer way of doing this on windows. Make sure
+    # it's lowercase as this is what the other meterpreters use.
+    $output = strtolower(shell_exec("vol %SYSTEMDRIVE%"));
+    $serial = preg_replace('/.*serial number is ([a-z0-9]{4}-[a-z0-9]{4}).*/s', '$1', $output);
+  } else {
+    $serial = get_hdd_label();
+  }
+
+  packet_add_tlv($pkt, create_tlv(TLV_TYPE_MACHINE_ID, $serial.":".$machine_id));
+  return ERROR_SUCCESS;
+}
 
 
 ##
 
@@ -67,6 +67,7 @@
 HTTP_EXPIRATION_TIMEOUT = 604800
 HTTP_PROXY = None
 HTTP_USER_AGENT = None
+PAYLOAD_UUID = ""
 
 PACKET_TYPE_REQUEST        = 0
 PACKET_TYPE_RESPONSE       = 1
@@ -144,6 +145,7 @@
 TLV_TYPE_MIGRATE_LEN           = TLV_META_TYPE_UINT    | 403
 
 TLV_TYPE_MACHINE_ID            = TLV_META_TYPE_STRING  | 460
+TLV_TYPE_UUID                  = TLV_META_TYPE_RAW     | 461
 
 TLV_TYPE_CIPHER_NAME           = TLV_META_TYPE_STRING  | 500
 TLV_TYPE_CIPHER_PARAMETERS     = TLV_META_TYPE_GROUP   | 501
@@ -570,7 +572,19 @@ def handle_dead_resource_channel(self, channel_id):
 		pkt  = struct.pack('>I', len(pkt) + 4) + pkt
 		self.send_packet(pkt)
 
+	def _core_uuid(self, request, response):
+		response += tlv_pack(TLV_TYPE_UUID, PAYLOAD_UUID)
+		return ERROR_SUCCESS, response
+
 	def _core_machine_id(self, request, response):
+		def get_hdd_label():
+			for _, _, files in os.walk('/dev/disk/by-id/'):
+				for f in files:
+					for p in ['ata-', 'mb-']:
+						if f[:len(p)] == p:
+							return f[len(p):]
+			return ""
+
 		serial = ''
 		machine_name = platform.uname()[1]
 		if has_windll:
@@ -592,11 +606,8 @@ def _core_machine_id(self, request, response):
 			serial_num = serial_num.value
 			serial = "{0:04x}-{1:04x}".format((serial_num >> 16) & 0xFFFF, serial_num & 0xFFFF)
 		else:
-			for _, _, files in os.walk('/dev/disk/by-id/'):
-				for f in files:
-					if f[:4] == 'ata-':
-						serial = f[4:]
-						break
+			serial = get_hdd_label()
+
 		response += tlv_pack(TLV_TYPE_MACHINE_ID, "%s:%s" % (serial, machine_name))
 		return ERROR_SUCCESS, response
 
 
@@ -589,8 +589,11 @@ def self.dump_sessions_verbose(framework, opts={})
       sess_via     = session.via_exploit.to_s
       sess_type    = session.type.to_s
       sess_uuid    = session.payload_uuid.to_s
+      sess_puid    = session.payload_uuid.respond_to?(:puid_hex) ? session.payload_uuid.puid_hex : nil
+
       sess_checkin = "<none>"
       sess_machine_id = session.machine_id.to_s
+      sess_registration = "No"
 
       if session.respond_to? :platform
         sess_type << (" " + session.platform)
@@ -600,6 +603,13 @@ def self.dump_sessions_verbose(framework, opts={})
         sess_checkin = "#{(Time.now.to_i - session.last_checkin.to_i)}s ago @ #{session.last_checkin.to_s}"
       end
 
+      if session.payload_uuid.respond_to?(:puid_hex) && (uuid_info = framework.uuid_db[sess_puid])
+        sess_registration = "Yes"
+        if uuid_info['name']
+          sess_registration << " - Name=\"#{uuid_info['name']}\""
+        end
+      end
+
       out << "  Session ID: #{sess_id}\n"
       out << "        Type: #{sess_type}\n"
       out << "        Info: #{sess_info}\n"
@@ -608,6 +618,10 @@ def self.dump_sessions_verbose(framework, opts={})
       out << "        UUID: #{sess_uuid}\n"
       out << "   MachineID: #{sess_machine_id}\n"
       out << "     CheckIn: #{sess_checkin}\n"
+      out << "  Registered: #{sess_registration}\n"
+
+
+
       out << "\n"
     end