Refactored expiration and timeout logic in client_core.rb

2014-09-15 01:01:23 -04:00 · 2014-09-15 01:01:23 -04:00 · e55dab3914
parent b7714c9661
commit e55dab3914
2 changed files with 39 additions and 6 deletions
--- a/lib/rex/payloads/meterpreter/patch.rb
+++ b/lib/rex/payloads/meterpreter/patch.rb
@ -11,7 +11,7 @@ module Rex
      module Patch

        # Replace the transport string
-        def self.patch_transport blob, ssl, url, expiration, comm_timeout
+        def self.patch_transport blob, ssl

          i = blob.index("METERPRETER_TRANSPORT_SSL")
          if i
@ -19,18 +19,36 @@ module Rex
            blob[i, str.length] = str
          end

+          return blob
+        end
+
+        # Replace the URL
+        def self.patch_url blob, url
+
          i = blob.index("https://" + ("X" * 256))
          if i
            str = url
            blob[i, str.length] = str
          end

+          return blob
+        end
+
+        # Replace the session expiration timeout
+        def self.patch_expiration blob, expiration
+
          i = blob.index([0xb64be661].pack("V"))
          if i
            str = [ expiration ].pack("V")
            blob[i, str.length] = str
          end

+          return blob
+        end
+
+        # Replace the session communication timeout
+        def self.patch_comm_timeout blob, comm_timeout
+
          i = blob.index([0xaf79257f].pack("V"))
          if i
            str = [ comm_timeout ].pack("V")
@ -48,7 +66,7 @@ module Rex
            blob[i, ua.length] = ua
          end

-          return blob, i
+          return blob
        end

        # Activate a custom proxy
@ -75,7 +93,7 @@ module Rex
            end
          end

-          return blob, i, proxyinfo
+          return blob
        end

        # Proxy authentification
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@ -234,9 +234,24 @@ class ClientCore < Extension
      # Replace the transport string first (TRANSPORT_SOCKET_SSL)
      blob = Rex::Payloads::Meterpreter::Patch.patch_transport(
        blob,
-        client.ssl,
-        self.client.url,
-        self.client.expiration,
+        client.ssl
+      )
+
+      # Replace the URL
+      blob = Rex::Payloads::Meterpreter::Patch.patch_url(
+        blob,
+        self.client.url
+      )
+
+      # Replace the session expiration timeout
+      blob = Rex::Payloads::Meterpreter::Patch.patch_expiration(
+        blob,
+        self.client.expiration
+      ) 
+
+      # Replace the session communication timeout
+      blob = Rex::Payloads::Meterpreter::Patch.patch_comm_timeout(
+        blob,
        self.client.comm_timeout
      )