Another interim commit moving towards universal handlers
OJ
parent
09d9733a75
commit
b0970783ff
|
|
@ -0,0 +1,26 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'msf/base/sessions/meterpreter'
|
||||
|
||||
module Msf
|
||||
module Sessions
|
||||
|
||||
###
|
||||
#
|
||||
# This class creates a platform-independent meterpreter session type
|
||||
#
|
||||
###
|
||||
class Meterpreter_Multi < Msf::Sessions::Meterpreter
|
||||
def initialize(rstream, opts={})
|
||||
super
|
||||
self.base_platform = 'unknown'
|
||||
self.base_arch = ARCH_UNKNOWN
|
||||
|
||||
# TODO: can we read the opts and find the UUID to instantiate the right
|
||||
# session type? Is it important?
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -15,14 +15,22 @@ module Msf
|
|||
module Payload::Multi::ReverseHttp
|
||||
|
||||
include Msf::Payload::UUID::Options
|
||||
include Msf::Payload::Multi
|
||||
|
||||
#
|
||||
# Register reverse_http specific options
|
||||
#
|
||||
def initialize(*args)
|
||||
super
|
||||
# We don't need options here at all. All options are read on the fly from the
|
||||
# JSON file when a new connection comes in.
|
||||
#register_advanced_options([
|
||||
# OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
|
||||
# OptInt.new('StagerRetryCount', [false, 'The number of times the stager should retry if the first connect fails', 10]),
|
||||
# OptString.new('PayloadProxyHost', [false, 'An optional proxy server IP address or hostname']),
|
||||
# OptPort.new('PayloadProxyPort', [false, 'An optional proxy server port']),
|
||||
# OptString.new('PayloadProxyUser', [false, 'An optional proxy server username']),
|
||||
# OptString.new('PayloadProxyPass', [false, 'An optional proxy server password']),
|
||||
# OptEnum.new('PayloadProxyType', [false, 'The type of HTTP proxy (HTTP or SOCKS)', 'HTTP', ['HTTP', 'SOCKS']])
|
||||
# ], self.class)
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -66,14 +66,14 @@ module Payload::Windows::MeterpreterLoader
|
|||
^
|
||||
end
|
||||
|
||||
def stage_meterpreter(stageless=false)
|
||||
def stage_meterpreter(opts={})
|
||||
# Exceptions will be thrown by the mixin if there are issues.
|
||||
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll'))
|
||||
|
||||
asm_opts = {
|
||||
rdi_offset: offset,
|
||||
length: dll.length,
|
||||
stageless: stageless
|
||||
stageless: opts[:stageless] == true
|
||||
}
|
||||
|
||||
asm = asm_invoke_metsrv(asm_opts)
|
||||
|
|
|
|||
|
|
@ -69,14 +69,14 @@ module Payload::Windows::MeterpreterLoader_x64
|
|||
^
|
||||
end
|
||||
|
||||
def stage_meterpreter(stageless=false)
|
||||
def stage_meterpreter(opts={})
|
||||
# Exceptions will be thrown by the mixin if there are issues.
|
||||
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll'))
|
||||
|
||||
asm_opts = {
|
||||
rdi_offset: offset,
|
||||
length: dll.length,
|
||||
stageless: stageless
|
||||
stageless: opts[:stageless] == true
|
||||
}
|
||||
|
||||
asm = asm_invoke_metsrv(asm_opts)
|
||||
|
|
|
|||
|
|
@ -40,8 +40,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -40,13 +40,13 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
opts[:stageless] = true
|
||||
|
||||
# create the configuration block
|
||||
config_opts = {
|
||||
|
|
|
|||
|
|
@ -40,13 +40,13 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
opts[:stageless] = true
|
||||
|
||||
# create the configuration block
|
||||
config_opts = {
|
||||
|
|
|
|||
|
|
@ -41,8 +41,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -40,8 +40,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -40,8 +40,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -40,13 +40,13 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
opts[:stageless] = true
|
||||
|
||||
# create the configuration block
|
||||
config_opts = {
|
||||
|
|
|
|||
|
|
@ -40,13 +40,13 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
opts[:uuid] ||= generate_payload_uuid
|
||||
opts[:stageless] = true
|
||||
|
||||
# create the configuration block
|
||||
config_opts = {
|
||||
|
|
|
|||
|
|
@ -41,8 +41,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -40,8 +40,9 @@ module MetasploitModule
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def generate
|
||||
stage_meterpreter(true) + generate_config
|
||||
def generate(opts={})
|
||||
opts[:stageless] = true
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/handler/reverse_http'
|
||||
require 'msf/core/payload/multi/reverse_http'
|
||||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = :dynamic
|
||||
|
||||
include Msf::Payload::Stager
|
||||
include Msf::Payload::Multi::ReverseHttp
|
||||
|
||||
# TODO: Add something to this that stops it from being usable from
|
||||
# inside msfvenom (technically this isn't a payload)
|
||||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Reverse HTTP Stager (multi-arch)',
|
||||
'Description' => 'Tunnel communication over HTTP (multi-architecture)',
|
||||
'Author' => 'OJ Reeves',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => %w{ android java linux osx php python unix win },
|
||||
'Arch' => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
|
||||
'Handler' => Msf::Handler::ReverseHttp,
|
||||
'Convention' => 'http'))
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/handler/reverse_https'
|
||||
require 'msf/core/payload/multi/reverse_https'
|
||||
|
||||
module MetasploitModule
|
||||
|
||||
CachedSize = :dynamic
|
||||
|
||||
include Msf::Payload::Stager
|
||||
include Msf::Payload::Multi::ReverseHttps
|
||||
|
||||
# TODO: Add something to this that stops it from being usable from
|
||||
# inside msfvenom (technically this isn't a payload)
|
||||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Reverse HTTPS Stager (multi-arch)',
|
||||
'Description' => 'Tunnel communication over HTTPS (multi-architecture)',
|
||||
'Author' => 'OJ Reeves',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => %w{ android java linux osx php python unix win },
|
||||
'Arch' => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
|
||||
'Handler' => Msf::Handler::ReverseHttps,
|
||||
'Convention' => 'https'))
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,89 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/base/sessions/meterpreter_multi'
|
||||
require 'msf/base/sessions/meterpreter_options'
|
||||
require 'rex/payloads/meterpreter/config'
|
||||
|
||||
###
|
||||
#
|
||||
# Injects the meterpreter server DLL via the Reflective Dll Injection payload
|
||||
# along with transport related configuration.
|
||||
#
|
||||
###
|
||||
|
||||
module MetasploitModule
|
||||
|
||||
include Msf::Sessions::MeterpreterOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Architecture-Independent Meterpreter Stage',
|
||||
'Description' => 'Handle Meterpreter sessions regardless of the target arch/platform',
|
||||
'Author' => ['OJ Reeves'],
|
||||
'PayloadCompat' => {'Convention' => ['http', 'https']},
|
||||
'License' => MSF_LICENSE,
|
||||
'Session' => Msf::Sessions::Meterpreter_Multi))
|
||||
end
|
||||
|
||||
def stage_payload(opts={})
|
||||
#return nil unless opts[:uuid]
|
||||
|
||||
## TODO: load the "stuff" from the JSON file?
|
||||
## and if we find an instance, hydrate based on that.
|
||||
## otherwise use some "sane defaults" as shown below.
|
||||
|
||||
#c = Class.new(::Msf::Payload)
|
||||
#c.include(::Msf::Payload::Stager)
|
||||
|
||||
#case opts[:uuid].platform
|
||||
#when 'python'
|
||||
# require 'msf/core/payload/python/meterpreter_loader'
|
||||
# c.include(::Msf::Payload::Python::MeterpreterLoader)
|
||||
#when 'java'
|
||||
# require 'msf/core/payload/java/meterpreter_loader'
|
||||
# c.include(::Msf::Payload::Java::MeterpreterLoader)
|
||||
#when 'php'
|
||||
# require 'msf/core/payload/php/meterpreter_loader'
|
||||
# c.include(::Msf::Payload::Php::MeterpreterLoader)
|
||||
#when 'windows'
|
||||
# require 'msf/core/payload/windows/meterpreter_loader'
|
||||
# if opts[:uuid].arch == ARCH_X86
|
||||
# c.include(::Msf::Payload::Windows::MeterpreterLoader)
|
||||
# else
|
||||
# c.include(::Msf::Payload::Windows::MeterpreterLoader_x64)
|
||||
# end
|
||||
#else
|
||||
# return nil
|
||||
#end
|
||||
|
||||
#second_stage = c.new()
|
||||
|
||||
#second_stage.stage_meterpreter(opts) + generate_config(opts)
|
||||
''
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
#ds = opts[:datastore] || datastore
|
||||
|
||||
## create the configuration block, which for staged connections is really simple.
|
||||
#config_opts = {
|
||||
# arch: opts[:uuid].arch,
|
||||
# exitfunk: ds['EXITFUNC'],
|
||||
# expiration: ds['SessionExpirationTimeout'].to_i,
|
||||
# uuid: opts[:uuid],
|
||||
# transports: [transport_config(opts)],
|
||||
# extensions: []
|
||||
#}
|
||||
|
||||
## create the configuration instance based off the parameters
|
||||
#config = Rex::Payloads::Meterpreter::Config.new(config_opts)
|
||||
|
||||
## return the binary version of it
|
||||
#config.to_b
|
||||
''
|
||||
end
|
||||
end
|
||||
|
|
@ -33,7 +33,7 @@ module MetasploitModule
|
|||
end
|
||||
|
||||
def stage_payload(opts={})
|
||||
stage_meterpreter + generate_config(opts)
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ module MetasploitModule
|
|||
end
|
||||
|
||||
def stage_payload(opts={})
|
||||
stage_meterpreter + generate_config(opts)
|
||||
stage_meterpreter(opts) + generate_config(opts)
|
||||
end
|
||||
|
||||
def generate_config(opts={})
|
||||
|
|
|
|||
Loading…
Reference in New Issue