From b4ff3b544ff7e3ddc8d40afb9691109cfe175515 Mon Sep 17 00:00:00 2001 From: William Vu Date: Fri, 21 Dec 2018 14:32:59 -0600 Subject: [PATCH] Add CMDSTAGER::SSL datastore option It has come to my attention that since I added the HTTP(S) command stagers, no one has used HTTPS. This is probably why. The CmdStager options hash takes precedence over any datastore options. --- lib/msf/core/exploit/cmdstager.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/exploit/cmdstager.rb b/lib/msf/core/exploit/cmdstager.rb index 4a2e870be5..0219d354ba 100644 --- a/lib/msf/core/exploit/cmdstager.rb +++ b/lib/msf/core/exploit/cmdstager.rb @@ -56,7 +56,8 @@ module Exploit::CmdStager register_advanced_options( [ OptEnum.new('CMDSTAGER::FLAVOR', [false, 'The CMD Stager to use.', 'auto', flavors]), - OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.']) + OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.']), + OptBool.new('CMDSTAGER::SSL', [false, 'Use SSL/TLS for supported stagers', false]) ], self.class) end @@ -129,6 +130,7 @@ module Exploit::CmdStager self.stager_instance = create_stager if stager_instance.respond_to?(:http?) && stager_instance.http? + opts[:ssl] = datastore['CMDSTAGER::SSL'] unless opts.key?(:ssl) opts[:payload_uri] = start_service(opts) end