From 47fa97816d7f92c9e9a27774edfc25fd262bc2ae Mon Sep 17 00:00:00 2001 From: OJ Date: Thu, 2 Apr 2015 09:05:38 +1000 Subject: [PATCH] Code fixes as per suggestions, fix build * Use of `ERROR_FAILURE_WINDOWS` in python meterpreter. * Moving of constants/logic to client_core instead of command_dispatcher. * Fix spec include. --- data/meterpreter/meterpreter.py | 4 +-- lib/rex/post/meterpreter/client_core.rb | 35 ++++++++++++++++--- .../ui/console/command_dispatcher/core.rb | 27 +++++--------- .../handler/reverse_http/uri_checksum_spec.rb | 2 +- 4 files changed, 42 insertions(+), 26 deletions(-) diff --git a/data/meterpreter/meterpreter.py b/data/meterpreter/meterpreter.py index 3f78be90d4..5f36b8241e 100644 --- a/data/meterpreter/meterpreter.py +++ b/data/meterpreter/meterpreter.py @@ -578,7 +578,7 @@ class PythonMeterpreter(object): k32 = ctypes.windll.kernel32 sys_dir = ctypes.create_unicode_buffer(260) if not k32.GetSystemDirectoryW(ctypes.byref(sys_dir), 260): - return ERROR_FAILURE + return ERROR_FAILURE_WINDOWS vol_buf = ctypes.create_unicode_buffer(260) fs_buf = ctypes.create_unicode_buffer(260) @@ -587,7 +587,7 @@ class PythonMeterpreter(object): if not k32.GetVolumeInformationW(ctypes.c_wchar_p(sys_dir.value[:3]), vol_buf, ctypes.sizeof(vol_buf), ctypes.byref(serial_num), None, None, fs_buf, ctypes.sizeof(fs_buf)): - return ERROR_FAILURE + return ERROR_FAILURE_WINDOWS serial_num = serial_num.value serial = "{0:04x}-{1:04x}".format((serial_num >> 16) & 0xFFFF, serial_num & 0xFFFF) else: diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb index 262710f1ed..a43ae8d542 100644 --- a/lib/rex/post/meterpreter/client_core.rb +++ b/lib/rex/post/meterpreter/client_core.rb @@ -34,6 +34,18 @@ class ClientCore < Extension UNIX_PATH_MAX = 108 DEFAULT_SOCK_PATH = "/tmp/meterpreter.sock" + METERPRETER_TRANSPORT_SSL = 0 + METERPRETER_TRANSPORT_HTTP = 1 + METERPRETER_TRANSPORT_HTTPS = 2 + + VALID_TRANSPORTS = { + 'reverse_tcp' => METERPRETER_TRANSPORT_SSL, + 'reverse_http' => METERPRETER_TRANSPORT_HTTP, + 'reverse_https' => METERPRETER_TRANSPORT_HTTPS, + 'bind_tcp' => METERPRETER_TRANSPORT_SSL + } + + include Rex::Payloads::Meterpreter::UriChecksum # @@ -241,20 +253,28 @@ class ClientCore < Extension end def change_transport(opts={}) + transport = opts[:type].downcase + + unless valid_transport?(transport) + raise ArgumentError, "#{transport} is not a valid transport" + end + request = Packet.create_request('core_change_transport') - url = "#{opts[:scheme]}://#{opts[:lhost]}:#{opts[:lport]}" + scheme = transport.split('_')[1] + url = "#{scheme}://#{opts[:lhost]}:#{opts[:lport]}" - if opts[:adduri] + unless transport.ends_with?('tcp') checksum = generate_uri_checksum(URI_CHECKSUM_CONN) rand = Rex::Text.rand_text_alphanumeric(16) url << "/#{checksum}_#{rand}/" end - request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, opts[:type]) + request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, VALID_TRANSPORTS[transport]) request.add_tlv(TLV_TYPE_TRANSPORT_URL, url) - response = client.send_request(request) + client.send_request(request) + return true end # @@ -439,6 +459,13 @@ class ClientCore < Extension true end + # + # Indicates if the given transport is a valid transport option. + # + def valid_transport?(transport) + VALID_TRANSPORTS.has_key?(transport.downcase) + end + private def generate_payload_stub(process) diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb index 5387269e0b..676e987782 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb @@ -18,18 +18,6 @@ class Console::CommandDispatcher::Core include Console::CommandDispatcher - METERPRETER_TRANSPORT_SSL = 0 - METERPRETER_TRANSPORT_HTTP = 1 - METERPRETER_TRANSPORT_HTTPS = 2 - - VALID_TRANSPORTS = { - 'reverse_tcp' => METERPRETER_TRANSPORT_SSL, - 'reverse_http' => METERPRETER_TRANSPORT_HTTP, - 'reverse_https' => METERPRETER_TRANSPORT_HTTPS, - 'bind_tcp' => METERPRETER_TRANSPORT_SSL - } - - # # Initializes an instance of the core command set using the supplied shell # for interactivity. @@ -341,17 +329,19 @@ class Console::CommandDispatcher::Core def cmd_transport(*args) if ( args.length == 0 or args.include?("-h") ) #cmd_transport_help - return true + return end transport = args.shift.downcase - unless VALID_TRANSPORTS.has_key?(transport) + unless client.core.valid_transport?(transport) #cmd_transport_help + return end if transport == 'bind_tcp' unless args.length == 1 #cmd_transport_help + return end lhost = "" @@ -359,19 +349,18 @@ class Console::CommandDispatcher::Core else unless args.length == 2 #cmd_transport_help + return end lhost = args.shift lport = args.shift.to_i end - print_status("Swapping transport ...") + print_status("Swapping transport to #{transport} at #{lhost}:#{lport} ...") client.core.change_transport({ - :type => VALID_TRANSPORTS[transport], - :scheme => transport.split('_')[1], + :type => transport, :lhost => lhost, - :lport => lport, - :adduri => !transport.ends_with?('tcp') + :lport => lport }) client.shutdown_passive_dispatcher shell.stop diff --git a/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb b/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb index 7051b82e5a..69ed45f828 100644 --- a/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb +++ b/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb @@ -1,5 +1,5 @@ require 'spec_helper' -require 'msf/core/handler/reverse_http/uri_checksum' +require 'rex/payloads/meterpreter/uri_checksum' describe Msf::Handler::ReverseHttp::UriChecksum do class DummyClass