Code fixes as per suggestions, fix build
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter. * Moving of constants/logic to client_core instead of command_dispatcher. * Fix spec include.bug/bundler_fix
OJ
parent
01bdf54487
commit
47fa97816d
|
|
@ -578,7 +578,7 @@ class PythonMeterpreter(object):
|
|||
k32 = ctypes.windll.kernel32
|
||||
sys_dir = ctypes.create_unicode_buffer(260)
|
||||
if not k32.GetSystemDirectoryW(ctypes.byref(sys_dir), 260):
|
||||
return ERROR_FAILURE
|
||||
return ERROR_FAILURE_WINDOWS
|
||||
|
||||
vol_buf = ctypes.create_unicode_buffer(260)
|
||||
fs_buf = ctypes.create_unicode_buffer(260)
|
||||
|
|
@ -587,7 +587,7 @@ class PythonMeterpreter(object):
|
|||
if not k32.GetVolumeInformationW(ctypes.c_wchar_p(sys_dir.value[:3]),
|
||||
vol_buf, ctypes.sizeof(vol_buf), ctypes.byref(serial_num), None,
|
||||
None, fs_buf, ctypes.sizeof(fs_buf)):
|
||||
return ERROR_FAILURE
|
||||
return ERROR_FAILURE_WINDOWS
|
||||
serial_num = serial_num.value
|
||||
serial = "{0:04x}-{1:04x}".format((serial_num >> 16) & 0xFFFF, serial_num & 0xFFFF)
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -34,6 +34,18 @@ class ClientCore < Extension
|
|||
UNIX_PATH_MAX = 108
|
||||
DEFAULT_SOCK_PATH = "/tmp/meterpreter.sock"
|
||||
|
||||
METERPRETER_TRANSPORT_SSL = 0
|
||||
METERPRETER_TRANSPORT_HTTP = 1
|
||||
METERPRETER_TRANSPORT_HTTPS = 2
|
||||
|
||||
VALID_TRANSPORTS = {
|
||||
'reverse_tcp' => METERPRETER_TRANSPORT_SSL,
|
||||
'reverse_http' => METERPRETER_TRANSPORT_HTTP,
|
||||
'reverse_https' => METERPRETER_TRANSPORT_HTTPS,
|
||||
'bind_tcp' => METERPRETER_TRANSPORT_SSL
|
||||
}
|
||||
|
||||
|
||||
include Rex::Payloads::Meterpreter::UriChecksum
|
||||
|
||||
#
|
||||
|
|
@ -241,20 +253,28 @@ class ClientCore < Extension
|
|||
end
|
||||
|
||||
def change_transport(opts={})
|
||||
transport = opts[:type].downcase
|
||||
|
||||
unless valid_transport?(transport)
|
||||
raise ArgumentError, "#{transport} is not a valid transport"
|
||||
end
|
||||
|
||||
request = Packet.create_request('core_change_transport')
|
||||
|
||||
url = "#{opts[:scheme]}://#{opts[:lhost]}:#{opts[:lport]}"
|
||||
scheme = transport.split('_')[1]
|
||||
url = "#{scheme}://#{opts[:lhost]}:#{opts[:lport]}"
|
||||
|
||||
if opts[:adduri]
|
||||
unless transport.ends_with?('tcp')
|
||||
checksum = generate_uri_checksum(URI_CHECKSUM_CONN)
|
||||
rand = Rex::Text.rand_text_alphanumeric(16)
|
||||
url << "/#{checksum}_#{rand}/"
|
||||
end
|
||||
|
||||
request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, opts[:type])
|
||||
request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, VALID_TRANSPORTS[transport])
|
||||
request.add_tlv(TLV_TYPE_TRANSPORT_URL, url)
|
||||
|
||||
response = client.send_request(request)
|
||||
client.send_request(request)
|
||||
return true
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -439,6 +459,13 @@ class ClientCore < Extension
|
|||
true
|
||||
end
|
||||
|
||||
#
|
||||
# Indicates if the given transport is a valid transport option.
|
||||
#
|
||||
def valid_transport?(transport)
|
||||
VALID_TRANSPORTS.has_key?(transport.downcase)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def generate_payload_stub(process)
|
||||
|
|
|
|||
|
|
@ -18,18 +18,6 @@ class Console::CommandDispatcher::Core
|
|||
|
||||
include Console::CommandDispatcher
|
||||
|
||||
METERPRETER_TRANSPORT_SSL = 0
|
||||
METERPRETER_TRANSPORT_HTTP = 1
|
||||
METERPRETER_TRANSPORT_HTTPS = 2
|
||||
|
||||
VALID_TRANSPORTS = {
|
||||
'reverse_tcp' => METERPRETER_TRANSPORT_SSL,
|
||||
'reverse_http' => METERPRETER_TRANSPORT_HTTP,
|
||||
'reverse_https' => METERPRETER_TRANSPORT_HTTPS,
|
||||
'bind_tcp' => METERPRETER_TRANSPORT_SSL
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Initializes an instance of the core command set using the supplied shell
|
||||
# for interactivity.
|
||||
|
|
@ -341,17 +329,19 @@ class Console::CommandDispatcher::Core
|
|||
def cmd_transport(*args)
|
||||
if ( args.length == 0 or args.include?("-h") )
|
||||
#cmd_transport_help
|
||||
return true
|
||||
return
|
||||
end
|
||||
|
||||
transport = args.shift.downcase
|
||||
unless VALID_TRANSPORTS.has_key?(transport)
|
||||
unless client.core.valid_transport?(transport)
|
||||
#cmd_transport_help
|
||||
return
|
||||
end
|
||||
|
||||
if transport == 'bind_tcp'
|
||||
unless args.length == 1
|
||||
#cmd_transport_help
|
||||
return
|
||||
end
|
||||
|
||||
lhost = ""
|
||||
|
|
@ -359,19 +349,18 @@ class Console::CommandDispatcher::Core
|
|||
else
|
||||
unless args.length == 2
|
||||
#cmd_transport_help
|
||||
return
|
||||
end
|
||||
|
||||
lhost = args.shift
|
||||
lport = args.shift.to_i
|
||||
end
|
||||
|
||||
print_status("Swapping transport ...")
|
||||
print_status("Swapping transport to #{transport} at #{lhost}:#{lport} ...")
|
||||
client.core.change_transport({
|
||||
:type => VALID_TRANSPORTS[transport],
|
||||
:scheme => transport.split('_')[1],
|
||||
:type => transport,
|
||||
:lhost => lhost,
|
||||
:lport => lport,
|
||||
:adduri => !transport.ends_with?('tcp')
|
||||
:lport => lport
|
||||
})
|
||||
client.shutdown_passive_dispatcher
|
||||
shell.stop
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
require 'spec_helper'
|
||||
require 'msf/core/handler/reverse_http/uri_checksum'
|
||||
require 'rex/payloads/meterpreter/uri_checksum'
|
||||
|
||||
describe Msf::Handler::ReverseHttp::UriChecksum do
|
||||
class DummyClass
|
||||
|
|
|
|||
Loading…
Reference in New Issue