Merge branch 'land-4274-ssl' into temp

bug/bundler_fix
Tod Beardsley 2014-12-12 12:06:54 -06:00
commit 177cade6a5
6 changed files with 92 additions and 23 deletions

View File

@ -18,7 +18,8 @@ module Exploit::Remote::TcpServer
register_options(
[
OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
# SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
# OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),

View File

@ -138,7 +138,7 @@ module ReverseHttp
'MsfExploit' => self,
},
comm,
(ssl?) ? datastore["SSLCert"] : nil
(ssl?) ? datastore["HandlerSSLCert"] : nil
)
self.service.server_name = datastore['MeterpreterServerName']

View File

@ -38,7 +38,12 @@ module ReverseHttps
register_options(
[
OptPort.new('LPORT', [ true, "The local listener port", 8443 ])
OptPort.new('LPORT', [ true, "The local listener port", 8443 ]),
], Msf::Handler::ReverseHttps)
register_advanced_options(
[
OptPath.new('HandlerSSLCert', [false, "Path to a SSL certificate in unified PEM format"])
], Msf::Handler::ReverseHttps)
end

View File

@ -197,7 +197,7 @@ module ReverseTcp
m.reset
key = m.digest(datastore["AESPassword"] || "")
Rex::ThreadFactory.spawn('AESEncryption', false) {
Rex::ThreadFactory.spawn('Session-AESEncrypt', false) {
c1 = OpenSSL::Cipher.new('aes-128-cfb8')
c1.encrypt
c1.key=key
@ -210,7 +210,7 @@ module ReverseTcp
end
sock.close()
}
Rex::ThreadFactory.spawn('AESEncryption', false) {
Rex::ThreadFactory.spawn('Session-AESDecrypt', false) {
c2 = OpenSSL::Cipher.new('aes-128-cfb8')
c2.decrypt
c2.key=key

View File

@ -47,7 +47,10 @@ module ReverseTcpDoubleSSL
register_advanced_options(
[
OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]),
OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']),
OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]),
OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse TCP even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]),
OptPath.new('HandlerSSLCert', [false, "Path to a SSL certificate in unified PEM format"])
], Msf::Handler::ReverseTcpDoubleSSL)
self.conn_threads = []
@ -62,17 +65,54 @@ module ReverseTcpDoubleSSL
if datastore['Proxies'] and not datastore['ReverseAllowProxy']
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
end
self.listener_sock = Rex::Socket::TcpServer.create(
# 'LocalHost' => datastore['LHOST'],
'LocalPort' => datastore['LPORT'].to_i,
'Comm' => comm,
'SSL' => true,
'Context' =>
{
'Msf' => framework,
'MsfPayload' => self,
'MsfExploit' => assoc_exploit
})
ex = false
comm = datastore['ReverseListenerComm']
if comm.to_s == "local"
comm = ::Rex::Socket::Comm::Local
else
comm = nil
end
local_port = bind_port
addrs = bind_address
addrs.each { |ip|
begin
comm.extend(Rex::Socket::SslTcp)
self.listener_sock = Rex::Socket::SslTcpServer.create(
'LocalHost' => ip,
'LocalPort' => local_port,
'Comm' => comm,
'SSLCert' => datastore['HandlerSSLCert'],
'Context' =>
{
'Msf' => framework,
'MsfPayload' => self,
'MsfExploit' => assoc_exploit
})
ex = false
comm_used = comm || Rex::Socket::SwitchBoard.best_comm( ip )
comm_used = Rex::Socket::Comm::Local if comm_used == nil
if( comm_used.respond_to?( :type ) and comm_used.respond_to?( :sid ) )
via = "via the #{comm_used.type} on session #{comm_used.sid}"
else
via = ""
end
print_status("Started reverse double SSL handler on #{ip}:#{local_port} #{via}")
break
rescue
ex = $!
print_error("Handler failed to bind to #{ip}:#{local_port}")
end
}
raise ex if (ex)
end
#
@ -204,6 +244,31 @@ module ReverseTcpDoubleSSL
protected
def bind_port
port = datastore['ReverseListenerBindPort'].to_i
port > 0 ? port : datastore['LPORT'].to_i
end
def bind_address
# Switch to IPv6 ANY address if the LHOST is also IPv6
addr = Rex::Socket.resolv_nbo(datastore['LHOST'])
# First attempt to bind LHOST. If that fails, the user probably has
# something else listening on that interface. Try again with ANY_ADDR.
any = (addr.length == 4) ? "0.0.0.0" : "::0"
addrs = [ Rex::Socket.addr_ntoa(addr), any ]
if not datastore['ReverseListenerBindAddress'].to_s.empty?
# Only try to bind to this specific interface
addrs = [ datastore['ReverseListenerBindAddress'] ]
# Pick the right "any" address if either wildcard is used
addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0")
end
addrs
end
attr_accessor :listener_sock # :nodoc:
attr_accessor :listener_thread # :nodoc:
attr_accessor :conn_threads # :nodoc:

View File

@ -44,9 +44,7 @@ module ReverseTcpSsl
super
register_advanced_options(
[
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']),
OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ])
OptPath.new('HandlerSSLCert', [false, "Path to a SSL certificate in unified PEM format"])
], Msf::Handler::ReverseTcpSsl)
end
@ -57,8 +55,8 @@ module ReverseTcpSsl
# if it fails to start the listener.
#
def setup_handler
if datastore['Proxies']
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies'
if datastore['Proxies'] and not datastore['ReverseAllowProxy']
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
end
ex = false
@ -81,7 +79,7 @@ module ReverseTcpSsl
'LocalHost' => ip,
'LocalPort' => local_port,
'Comm' => comm,
'SSLCert' => datastore['SSLCert'],
'SSLCert' => datastore['HandlerSSLCert'],
'Context' =>
{
'Msf' => framework,