The payload was missing require 'msf/core/handler/reverse_tcp', latest update pulled with msfupdate broke the startup of the framework, where you got this kind of an error:
!master ~/4tools/metasploit-framework> msfconsole
/home/tony/4tools/metasploit-framework/modules/payloads/singles/android/meterpreter_reverse_tcp.rb:28:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError)
from /home/tony/4tools/metasploit-framework/lib/msf/core/payload_set.rb:198:in `new'
from /home/tony/4tools/metasploit-framework/lib/msf/core/payload_set.rb:198:in `add_module'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/loading.rb:71:in `on_module_load'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/base.rb:182:in `load_module'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/base.rb:237:in `block in load_modules'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/directory.rb:55:in `block (2 levels) in each_module_reference_name'
from /var/lib/gems/2.3.0/gems/rex-core-0.1.2/lib/rex/file.rb:127:in `block in find'
from /var/lib/gems/2.3.0/gems/rex-core-0.1.2/lib/rex/file.rb:126:in `catch'
from /var/lib/gems/2.3.0/gems/rex-core-0.1.2/lib/rex/file.rb:126:in `find'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/directory.rb:46:in `block in each_module_reference_name'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/directory.rb:34:in `foreach'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/directory.rb:34:in `each_module_reference_name'
from /home/tony/4tools/metasploit-framework/lib/msf/core/modules/loader/base.rb:236:in `load_modules'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `block in load_modules'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/loading.rb:115:in `each'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/loading.rb:115:in `load_modules'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each'
from /home/tony/4tools/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path'
from /home/tony/4tools/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths'
from /home/tony/4tools/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each'
from /home/tony/4tools/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths'
from /home/tony/4tools/metasploit-framework/lib/msf/ui/console/driver.rb:204:in `initialize'
from /home/tony/4tools/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new'
from /home/tony/4tools/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver'
from /home/tony/4tools/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
from /home/tony/4tools/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
from /home/tony/4tools/metasploit-framework/msfconsole:48:in `<main>'
PR7007 centralized JCL job card for any JCL cmd payload. This PR simply
uses that new format for existing JCL cmd payloads. No functionality
for these payloads was changed, added or deleted.
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.
For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
Using the separation of block_recv and reverse_tcp, implement
reverse_tcp_dns using original shellcode as template with dynamic
injection of parameters. Concatenate the whole thing in the
generation call chain, and compile the resulting shellcode for
delivery.
Metasploit module pruned to bare minimum, with the LHOST OptString
moved into the library component.
Testing:
Win2k8r2
ToDo:
Update payload sizes when this branch is "complete"
Ensure UUIDs and adjacent black magic all work properly
Misc:
Clean up rc4.rb to use the rc4_keys method when generating a
stage. Makes the implementation far more readable and reduces
redundant code.
Brent Cook
OJ
Adam Cammack
Brent Cook
Tim
Tonimir Kisasondi
RageLtMan
bigendian smalls
William Webb
wchen-r7
Hans Jerry Illikainen
earthquake
Brendan Watters