Another interim commit moving towards universal handlers

lib/msf/base/sessions/meterpreter_multi.rb

@@ -0,0 +1,26 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-independent meterpreter session type
+#
+###
+class Meterpreter_Multi < Msf::Sessions::Meterpreter
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'unknown'
+    self.base_arch = ARCH_UNKNOWN
+
+    # TODO: can we read the opts and find the UUID to instantiate the right
+    # session type? Is it important?
+  end
+end
+
+end
+end
+

lib/msf/core/payload/multi/reverse_http.rb

@@ -15,14 +15,22 @@ module Msf
 module Payload::Multi::ReverseHttp
 
   include Msf::Payload::UUID::Options
+  include Msf::Payload::Multi
 
   #
   # Register reverse_http specific options
   #
   def initialize(*args)
     super
-    # We don't need options here at all. All options are read on the fly from the
+    #register_advanced_options([
-    # JSON file when a new connection comes in.
+    #    OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
+    #    OptInt.new('StagerRetryCount', [false, 'The number of times the stager should retry if the first connect fails', 10]),
+    #    OptString.new('PayloadProxyHost', [false, 'An optional proxy server IP address or hostname']),
+    #    OptPort.new('PayloadProxyPort', [false, 'An optional proxy server port']),
+    #    OptString.new('PayloadProxyUser', [false, 'An optional proxy server username']),
+    #    OptString.new('PayloadProxyPass', [false, 'An optional proxy server password']),
+    #    OptEnum.new('PayloadProxyType', [false, 'The type of HTTP proxy (HTTP or SOCKS)', 'HTTP', ['HTTP', 'SOCKS']])
+    #  ], self.class)
   end
 
   #

lib/msf/core/payload/windows/meterpreter_loader.rb

@@ -66,14 +66,14 @@ module Payload::Windows::MeterpreterLoader
     ^
   end
 
-  def stage_meterpreter(stageless=false)
+  def stage_meterpreter(opts={})
     # Exceptions will be thrown by the mixin if there are issues.
     dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll'))
 
     asm_opts = {
       rdi_offset: offset,
       length:     dll.length,
-      stageless:  stageless
+      stageless:  opts[:stageless] == true
     }
 
     asm = asm_invoke_metsrv(asm_opts)

lib/msf/core/payload/windows/x64/meterpreter_loader.rb

@@ -69,14 +69,14 @@ module Payload::Windows::MeterpreterLoader_x64
     ^
   end
 
-  def stage_meterpreter(stageless=false)
+  def stage_meterpreter(opts={})
     # Exceptions will be thrown by the mixin if there are issues.
     dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll'))
 
     asm_opts = {
       rdi_offset: offset,
       length:     dll.length,
-      stageless:  stageless
+      stageless:  opts[:stageless] == true
     }
 
     asm = asm_invoke_metsrv(asm_opts)

modules/payloads/singles/windows/meterpreter_bind_tcp.rb

@@ -40,8 +40,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/singles/windows/meterpreter_reverse_http.rb

@@ -40,13 +40,13 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})
     opts[:uuid] ||= generate_payload_uuid
-    opts[:stageless] = true
 
     # create the configuration block
     config_opts = {

modules/payloads/singles/windows/meterpreter_reverse_https.rb

@@ -40,13 +40,13 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})
     opts[:uuid] ||= generate_payload_uuid
-    opts[:stageless] = true
 
     # create the configuration block
     config_opts = {

modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb

@@ -41,8 +41,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/singles/windows/meterpreter_reverse_tcp.rb

@@ -40,8 +40,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb

@@ -40,8 +40,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb

@@ -40,13 +40,13 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})
     opts[:uuid] ||= generate_payload_uuid
-    opts[:stageless] = true
 
     # create the configuration block
     config_opts = {

modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb

@@ -40,13 +40,13 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})
     opts[:uuid] ||= generate_payload_uuid
-    opts[:stageless] = true
 
     # create the configuration block
     config_opts = {

modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb

@@ -41,8 +41,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb

@@ -40,8 +40,9 @@ module MetasploitModule
     ], self.class)
   end
 
-  def generate
+  def generate(opts={})
-    stage_meterpreter(true) + generate_config
+    opts[:stageless] = true
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/stagers/multi/reverse_http.rb

@@ -1,32 +0,0 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-require 'msf/core'
-require 'msf/core/handler/reverse_http'
-require 'msf/core/payload/multi/reverse_http'
-
-module MetasploitModule
-
-  CachedSize = :dynamic
-
-  include Msf::Payload::Stager
-  include Msf::Payload::Multi::ReverseHttp
-
-  # TODO: Add something to this that stops it from being usable from
-  # inside msfvenom (technically this isn't a payload)
-  def initialize(info = {})
-    super(merge_info(info,
-      'Name'        => 'Reverse HTTP Stager (multi-arch)',
-      'Description' => 'Tunnel communication over HTTP (multi-architecture)',
-      'Author'      => 'OJ Reeves',
-      'License'     => MSF_LICENSE,
-      'Platform'    => %w{ android java linux osx php python unix win },
-      'Arch'        => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
-      'Handler'     => Msf::Handler::ReverseHttp,
-      'Convention'  => 'http'))
-  end
-
-end
-

modules/payloads/stagers/multi/reverse_https.rb

@@ -1,31 +0,0 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-require 'msf/core'
-require 'msf/core/handler/reverse_https'
-require 'msf/core/payload/multi/reverse_https'
-
-module MetasploitModule
-
-  CachedSize = :dynamic
-
-  include Msf::Payload::Stager
-  include Msf::Payload::Multi::ReverseHttps
-
-  # TODO: Add something to this that stops it from being usable from
-  # inside msfvenom (technically this isn't a payload)
-  def initialize(info = {})
-    super(merge_info(info,
-      'Name'        => 'Reverse HTTPS Stager (multi-arch)',
-      'Description' => 'Tunnel communication over HTTPS (multi-architecture)',
-      'Author'      => 'OJ Reeves',
-      'License'     => MSF_LICENSE,
-      'Platform'    => %w{ android java linux osx php python unix win },
-      'Arch'        => [ARCH_X86, ARCH_X64, ARCH_PYTHON, ARCH_JAVA],
-      'Handler'     => Msf::Handler::ReverseHttps,
-      'Convention'  => 'https'))
-  end
-
-end

modules/payloads/stages/multi/meterpreter.rb

@@ -0,0 +1,89 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'msf/base/sessions/meterpreter_multi'
+require 'msf/base/sessions/meterpreter_options'
+require 'rex/payloads/meterpreter/config'
+
+###
+#
+# Injects the meterpreter server DLL via the Reflective Dll Injection payload
+# along with transport related configuration.
+#
+###
+
+module MetasploitModule
+
+  include Msf::Sessions::MeterpreterOptions
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'          => 'Architecture-Independent Meterpreter Stage',
+      'Description'   => 'Handle Meterpreter sessions regardless of the target arch/platform',
+      'Author'        => ['OJ Reeves'],
+      'PayloadCompat' => {'Convention' => ['http', 'https']},
+      'License'       => MSF_LICENSE,
+      'Session'       => Msf::Sessions::Meterpreter_Multi))
+  end
+
+  def stage_payload(opts={})
+    #return nil unless opts[:uuid]
+
+    ## TODO: load the "stuff" from the JSON file?
+    ## and if we find an instance, hydrate based on that.
+    ## otherwise use some "sane defaults" as shown below.
+
+    #c = Class.new(::Msf::Payload)
+    #c.include(::Msf::Payload::Stager)
+
+    #case opts[:uuid].platform
+    #when 'python'
+    #  require 'msf/core/payload/python/meterpreter_loader'
+    #  c.include(::Msf::Payload::Python::MeterpreterLoader)
+    #when 'java'
+    #  require 'msf/core/payload/java/meterpreter_loader'
+    #  c.include(::Msf::Payload::Java::MeterpreterLoader)
+    #when 'php'
+    #  require 'msf/core/payload/php/meterpreter_loader'
+    #  c.include(::Msf::Payload::Php::MeterpreterLoader)
+    #when 'windows'
+    #  require 'msf/core/payload/windows/meterpreter_loader'
+    #  if opts[:uuid].arch == ARCH_X86
+    #    c.include(::Msf::Payload::Windows::MeterpreterLoader)
+    #  else
+    #    c.include(::Msf::Payload::Windows::MeterpreterLoader_x64)
+    #  end
+    #else
+    #  return nil
+    #end
+
+    #second_stage = c.new()
+
+    #second_stage.stage_meterpreter(opts) + generate_config(opts)
+    ''
+  end
+
+  def generate_config(opts={})
+    #ds = opts[:datastore] || datastore
+
+    ## create the configuration block, which for staged connections is really simple.
+    #config_opts = {
+    #  arch:       opts[:uuid].arch,
+    #  exitfunk:   ds['EXITFUNC'],
+    #  expiration: ds['SessionExpirationTimeout'].to_i,
+    #  uuid:       opts[:uuid],
+    #  transports: [transport_config(opts)],
+    #  extensions: []
+    #}
+
+    ## create the configuration instance based off the parameters
+    #config = Rex::Payloads::Meterpreter::Config.new(config_opts)
+
+    ## return the binary version of it
+    #config.to_b
+    ''
+  end
+end

modules/payloads/stages/windows/meterpreter.rb

@@ -33,7 +33,7 @@ module MetasploitModule
   end
 
   def stage_payload(opts={})
-    stage_meterpreter + generate_config(opts)
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})

modules/payloads/stages/windows/x64/meterpreter.rb

@@ -33,7 +33,7 @@ module MetasploitModule
   end
 
   def stage_payload(opts={})
-    stage_meterpreter + generate_config(opts)
+    stage_meterpreter(opts) + generate_config(opts)
   end
 
   def generate_config(opts={})