From ee20cc4deefd48ed5e0570da1e66051ed8c2bb26 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Tue, 1 Oct 2024 13:32:37 +0200
Subject: [PATCH] Add support for `arp` in php meterpreter

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
---
 php/meterpreter/ext_server_stdapi.php | 32 +++++++++++++++++++++++++++
 php/meterpreter/meterpreter.php       |  4 ++++
 2 files changed, 36 insertions(+)

diff --git a/php/meterpreter/ext_server_stdapi.php b/php/meterpreter/ext_server_stdapi.php
index f6a5d6c6a..80ba520dc 100755
--- a/php/meterpreter/ext_server_stdapi.php
+++ b/php/meterpreter/ext_server_stdapi.php
@@ -43,6 +43,7 @@
 define("TLV_TYPE_GATEWAY",             TLV_META_TYPE_RAW     | 1422);
 define("TLV_TYPE_NETWORK_ROUTE",       TLV_META_TYPE_GROUP   | 1423);
 
+define("TLV_TYPE_ARP_ENTRY",           TLV_META_TYPE_GROUP   | 1425);
 define("TLV_TYPE_IP",                  TLV_META_TYPE_RAW     | 1430);
 define("TLV_TYPE_MAC_ADDRESS",         TLV_META_TYPE_RAW     | 1431);
 define("TLV_TYPE_MAC_NAME",            TLV_META_TYPE_STRING  | 1432);
@@ -1266,6 +1267,37 @@ function stdapi_registry_set_value($req, &$pkt) {
 }
 }
 
+if (!function_exists('stdapi_net_config_get_arp_table')) {
+if (is_linux()) {
+    register_command('stdapi_net_config_get_arp_table', COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE);
+}
+function stdapi_net_config_get_arp_table($req, &$pkt) {
+    if (!is_linux()) {
+        return ERROR_FAILURE;
+    }
+    $content = file_get_contents('/proc/net/arp');
+    if ($content === false) {
+      return ERROR_FAILURE;
+    }
+    $lines = explode(PHP_EOL, $content);             
+    array_shift($lines); // first line is the header of the array
+    foreach($lines as $line) { 
+      if ($line == '') continue; 
+      $v = preg_split('/\s+/', $line); 
+      $ip = $v[0]; 
+      $mac = $v[3]; 
+      $iface = $v[5]; 
+      my_print("arp line: $ip $mac $iface"); 
+      $arp_tlv  = tlv_pack(create_tlv(TLV_TYPE_IP, inet_pton($ip)));
+      $arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_ADDRESS, pack("H*", str_replace(':', '', $mac))));
+      $arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_NAME, $iface));
+      packet_add_tlv($pkt, create_tlv(TLV_TYPE_ARP_ENTRY, $arp_tlv));
+    }
+
+    return ERROR_SUCCESS;
+}
+}
+
 if (!function_exists('stdapi_net_resolve_host')) {
 register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST);
 function stdapi_net_resolve_host($req, &$pkt) {
diff --git a/php/meterpreter/meterpreter.php b/php/meterpreter/meterpreter.php
index ee6fa3d5d..c2265de71 100755
--- a/php/meterpreter/meterpreter.php
+++ b/php/meterpreter/meterpreter.php
@@ -269,6 +269,10 @@ function is_windows() {
   return (strtoupper(substr(PHP_OS,0,3)) == "WIN");
 }
 
+function is_linux() {
+  return (strtoupper(substr(PHP_OS,0,3)) == "LIN");
+}
+
 ##
 # Worker functions
 ##