From a470c4dc3a8bda4cd9911dfd1cb3651daf98c51c Mon Sep 17 00:00:00 2001 From: Ashley Donaldson Date: Wed, 25 Sep 2024 16:18:21 +1000 Subject: [PATCH] Fix edge cases in Python and C meterpreters --- .../extensions/stdapi/server/sys/process/process.c | 5 ++++- python/meterpreter/ext_server_stdapi.py | 12 ++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c index 0a56faba3..7475ba3fe 100644 --- a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c +++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.c @@ -107,11 +107,14 @@ DWORD request_sys_process_close(Remote *remote, Packet *packet) BOOL needs_quoting(PCHAR str) { - BOOL bNeedsQuoting = FALSE; + // Initial value is to need quoting, in case it's an empty arg + BOOL bNeedsQuoting = TRUE; char* pArgIndex = str; // Check whether we'll need to quote the argument while (*pArgIndex != '\0') { + // The arg is not empty + bNeedsQuoting = FALSE; if (*pArgIndex == '\v' || *pArgIndex == ' ' || *pArgIndex == '\t') { bNeedsQuoting = TRUE; diff --git a/python/meterpreter/ext_server_stdapi.py b/python/meterpreter/ext_server_stdapi.py index a10ab64e1..158baca1e 100644 --- a/python/meterpreter/ext_server_stdapi.py +++ b/python/meterpreter/ext_server_stdapi.py @@ -1435,11 +1435,15 @@ def stdapi_sys_process_execute(request, response): arg_string = "" cmd_string = cmd + ' ' + arg_string - # In case we're not using a subshell: - cmd_array = [cmd] - cmd_array.extend(shlex.split(arg_string)) + if arg_string == '': + # Everything was just provided in a single argument. Need to split it out. + cmd_array = shlex.split(cmd) + else: + # In case we're not using a subshell: + cmd_array = [cmd] + cmd_array.extend(shlex.split(arg_string)) - if os.path.isfile('/bin/sh') and (flags & PROCESS_EXECUTE_FLAG_SUBSHELL): + if (flags & PROCESS_EXECUTE_FLAG_SUBSHELL) and os.path.isfile('/bin/sh'): cmd_array = ['/bin/sh', '-c', cmd_string] if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED):