-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
file? method from Msf::Post::File module returns "false" with a big file #8202
Comments
This is bug in windows meterpreter, as we use Switching to _wstat64 should solve the problem, but it looks like we dump the output into a custom structure, and we'll need to make sure that the |
Testing:
Code for anyone curious:
Also of note:There is an inconsistent reporting between x64 and x86 meterpreters:
x86 meterpreter:
|
FYI, the payloads portion was an easy fix. I have a patched payload running on my dev machine that finds large files as expected, but it breaks framework's file size (because it now reports them in 64 bits, like it should). Working through the TLV parsing in framework now to figure out that fix. |
If you fix the sizes, would recommend fixing the uid/gid fields to be 32-bit too. st_ino is also way too small to be useful, but I also can't find anything in tree that uses it. It might make sense to drop it and pad too. |
I'd kind of recommend creating a new stat64 command and have msf use it if it exists, or use normal stat if it doesn't. That way we don't break payloads in the field, and you don't have to fix all the payloads simultaneously (you can stagger a bit). Just take advantage of the command auto-detection we do in stdapi, all meterpreters should support command enumeration now. |
@busterb that's a much better plan than I had, consider it |
Hi! This issue has been left open with no activity for a while now. We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. |
Steps to reproduce
How'd you do it?
Tested on a Windows 10 Pro 64 bits.
Expected behavior
It should return true
Current behavior
Returns false
Metasploit version
metasploit v4.13.21-dev-cba5e26
OS
Running Metasploit from a Debian 8 (Linux 3.16.0-4-amd64) x86-64
The text was updated successfully, but these errors were encountered: