From 0afc5be3bcac36d3c4d2743093a127f044787089 Mon Sep 17 00:00:00 2001 From: OJ Date: Tue, 10 Nov 2015 20:01:23 +1000 Subject: [PATCH] Finalise set up of stageless init --- lib/rex/payloads/meterpreter/config.rb | 6 +----- modules/payloads/singles/windows/meterpreter_bind_tcp.rb | 6 ++++-- .../payloads/singles/windows/meterpreter_reverse_http.rb | 6 ++++-- .../payloads/singles/windows/meterpreter_reverse_https.rb | 6 ++++-- .../singles/windows/meterpreter_reverse_ipv6_tcp.rb | 6 ++++-- .../payloads/singles/windows/x64/meterpreter_bind_tcp.rb | 6 ++++-- .../singles/windows/x64/meterpreter_reverse_http.rb | 6 ++++-- .../singles/windows/x64/meterpreter_reverse_https.rb | 6 ++++-- .../singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb | 6 ++++-- .../payloads/singles/windows/x64/meterpreter_reverse_tcp.rb | 2 +- 10 files changed, 34 insertions(+), 22 deletions(-) diff --git a/lib/rex/payloads/meterpreter/config.rb b/lib/rex/payloads/meterpreter/config.rb index ac7d57dcf1..f28ef71662 100644 --- a/lib/rex/payloads/meterpreter/config.rb +++ b/lib/rex/payloads/meterpreter/config.rb @@ -156,11 +156,7 @@ private end # terminate the extensions with a 0 size - if is_x86? - config << [0].pack('V') - else - config << [0].pack('Q<') - end + config << [0].pack('V') # wire in the extension init data (@opts[:ext_init] || '').split(':').each do |cfg| diff --git a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb index 11f876dfc8..0193e8b390 100644 --- a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb +++ b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -53,7 +54,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_bind_tcp(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/meterpreter_reverse_http.rb index 43d51aeae7..a50a63fa8c 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_http.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_http.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_http(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/meterpreter_reverse_https.rb index c9c3f4feee..a0e72c7266 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_https.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_https.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_https(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb index fc2bb07719..04e7e0ddd8 100644 --- a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb +++ b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']), OptInt.new("SCOPEID", [false, "The IPv6 Scope ID, required for link-layer addresses", 0]) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_ipv6_tcp(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb index d21aaf8296..47c9d1627a 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -53,7 +54,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_bind_tcp(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb index 006dbb841b..351a70afef 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_http(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb index 10ebc2369f..bda35e112c 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_https(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb index 524ec97eab..86f1050bd5 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb @@ -35,7 +35,8 @@ module Metasploit4 )) register_options([ - OptString.new('EXTENSIONS', [false, "Comma-separate list of extensions to load"]), + OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']), OptInt.new("SCOPEID", [false, "The IPv6 Scope ID, required for link-layer addresses", 0]) ], self.class) end @@ -54,7 +55,8 @@ module Metasploit4 expiration: datastore['SessionExpirationTimeout'].to_i, uuid: opts[:uuid], transports: [transport_config_reverse_ipv6_tcp(opts)], - extensions: (datastore['EXTENSIONS'] || '').split(',') + extensions: (datastore['EXTENSIONS'] || '').split(','), + ext_init: (datastore['EXTINIT'] || '') } # create the configuration instance based off the parameters diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb index 187324a0a4..535991b261 100644 --- a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb @@ -36,7 +36,7 @@ module Metasploit4 register_options([ OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']), - OptString.new('EXTINIT', [false, 'Initialision strings for extensions']), + OptString.new('EXTINIT', [false, 'Initialision strings for extensions']) ], self.class) end