diff --git a/data/meterpreter/ext_server_espia.dll b/data/meterpreter/ext_server_espia.dll index 568dbdfb61..0b86768228 100644 Binary files a/data/meterpreter/ext_server_espia.dll and b/data/meterpreter/ext_server_espia.dll differ diff --git a/data/meterpreter/ext_server_incognito.dll b/data/meterpreter/ext_server_incognito.dll index 872610b43b..df48830e7c 100755 Binary files a/data/meterpreter/ext_server_incognito.dll and b/data/meterpreter/ext_server_incognito.dll differ diff --git a/data/meterpreter/ext_server_priv.dll b/data/meterpreter/ext_server_priv.dll index 44c233b020..60e393d715 100755 Binary files a/data/meterpreter/ext_server_priv.dll and b/data/meterpreter/ext_server_priv.dll differ diff --git a/data/meterpreter/ext_server_sniffer.dll b/data/meterpreter/ext_server_sniffer.dll index daa297423c..bf69c42723 100644 Binary files a/data/meterpreter/ext_server_sniffer.dll and b/data/meterpreter/ext_server_sniffer.dll differ diff --git a/data/meterpreter/ext_server_stdapi.dll b/data/meterpreter/ext_server_stdapi.dll index b7c60b0e19..30ef481496 100755 Binary files a/data/meterpreter/ext_server_stdapi.dll and b/data/meterpreter/ext_server_stdapi.dll differ diff --git a/data/meterpreter/metcli.exe b/data/meterpreter/metcli.exe index 49ac555fa5..332cca98c7 100644 Binary files a/data/meterpreter/metcli.exe and b/data/meterpreter/metcli.exe differ diff --git a/data/meterpreter/metsrv.dll b/data/meterpreter/metsrv.dll index e007ee8ebc..a6d0c4bfd3 100755 Binary files a/data/meterpreter/metsrv.dll and b/data/meterpreter/metsrv.dll differ diff --git a/external/source/meterpreter/source/server/server_setup.c b/external/source/meterpreter/source/server/server_setup.c index 5076a90774..bb061bb2cd 100644 --- a/external/source/meterpreter/source/server/server_setup.c +++ b/external/source/meterpreter/source/server/server_setup.c @@ -144,7 +144,7 @@ static DWORD negotiate_ssl(Remote *remote) SSL_load_error_strings(); SSL_library_init(); - remote->meth = TLSv1_client_method(); + remote->meth = SSLv3_client_method(); remote->ctx = SSL_CTX_new(remote->meth); SSL_CTX_set_mode(remote->ctx, SSL_MODE_AUTO_RETRY); diff --git a/lib/rex/post/meterpreter/client.rb b/lib/rex/post/meterpreter/client.rb index 74afe34fc3..e0a9a5c4c5 100644 --- a/lib/rex/post/meterpreter/client.rb +++ b/lib/rex/post/meterpreter/client.rb @@ -80,7 +80,7 @@ class Client self.ext = ObjectAliases.new self.ext_aliases = ObjectAliases.new self.response_timeout = to - + # Switch the socket to SSL mode swap_sock_plain_to_ssl() @@ -103,7 +103,7 @@ class Client ssl.accept - sock.extend(Rex::Socket::SslTcp) + sock.extend(Rex::Socket::SslTcp) sock.sslsock = ssl sock.sslctx = ctx @@ -112,16 +112,16 @@ class Client raise RuntimeError, "Could not read the SSL hello tag" end end - + def swap_sock_ssl_to_plain - + # Remove references to the SSLSocket and Context self.sock.sslsock = nil self.sock.sslctx = nil - + # Force garbage cleanup / SSL_free() GC.start() - + self.sock = self.sock.fd self.sock.extend(::Rex::Socket::Tcp) end @@ -131,20 +131,20 @@ class Client cert = OpenSSL::X509::Certificate.new cert.version = 2 cert.serial = rand(0xFFFFFFFF) - # name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]]) + subject = OpenSSL::X509::Name.new([ - ["C","US"], - ['ST', Rex::Text.rand_state()], + ["C","US"], + ['ST', Rex::Text.rand_state()], ["L", Rex::Text.rand_text_alpha(rand(20) + 10)], ["O", Rex::Text.rand_text_alpha(rand(20) + 10)], - ["CN", Rex::Text.rand_hostname], + ["CN", self.sock.getsockname[1] || Rex::Text.rand_hostname], ]) issuer = OpenSSL::X509::Name.new([ - ["C","US"], - ['ST', Rex::Text.rand_state()], + ["C","US"], + ['ST', Rex::Text.rand_state()], ["L", Rex::Text.rand_text_alpha(rand(20) + 10)], ["O", Rex::Text.rand_text_alpha(rand(20) + 10)], - ["CN", Rex::Text.rand_hostname], + ["CN", Rex::Text.rand_text_alpha(rand(20) + 10)], ]) cert.subject = subject @@ -162,16 +162,16 @@ class Client ef.issuer_certificate = cert cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") cert.sign(key, OpenSSL::Digest::SHA1.new) - - ctx = OpenSSL::SSL::SSLContext.new(:TLSv1) + + ctx = OpenSSL::SSL::SSLContext.new(:SSLv3) ctx.key = key ctx.cert = cert - ctx.session_id_context = OpenSSL::Digest::MD5.hexdigest(::Rex::Text.rand_text(64)) + ctx.session_id_context = Rex::Text.rand_text(16) return ctx end - + # # Loads the contents of the supplied file and executes it as a script using # the binding context of the session @@ -183,7 +183,7 @@ class Client end ## - # + # # Accessors # ## @@ -226,12 +226,12 @@ class Client old = Rex::Post::Meterpreter::Extensions.constants require("rex/post/meterpreter/extensions/#{name.downcase}/#{name.downcase}") new = Rex::Post::Meterpreter::Extensions.constants - + # No new constants added? if ((diff = new - old).empty?) return false end - + klass = Rex::Post::Meterpreter::Extensions.const_get(diff[0]).const_get(diff[0]) # Save the module name to class association now that the code is @@ -318,3 +318,4 @@ protected end end; end; end +