Module: Msf::Sessions::MettleConfig

Includes:
Payload::TransportConfig
Defined in:
lib/msf/base/sessions/mettle_config.rb

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary collapse

Methods included from Payload::TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Methods included from Payload::UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Instance Method Details

#encode_stage?Boolean

Stage encoding is not safe for Mettle (doesn’t apply to stageless)

Returns:

  • (Boolean) 


121
122
123
124
125
126
127
128
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 121

def encode_stage?
  if datastore['EnableStageEncoding'] && !@warned
    print_warning("Stage encoding is not supported for #{refname}")
    @warned = true
  end

  false
end

#generate_config(opts = {}) ⇒ Object 



88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 88

def generate_config(opts = {})
  ds = opts[:datastore] || datastore

  opts[:background] = ds['MeterpreterTryToFork'] ? 1 : 0

  if ds['PayloadProcessCommandLine'] != ''
    opts[:name] ||= ds['PayloadProcessCommandLine']
  end

  opts[:uuid] ||= generate_payload_uuid

  case opts[:scheme]
  when 'http'
    opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))
  when 'https'
    opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))
  when 'tcp'
    opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))
  else
    raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"
  end

  opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip
  guid = "\x00" * 16
  unless opts[:stageless] == true
    guid = [SecureRandom.uuid.gsub('-', '')].pack('H*')
  end
  opts[:session_guid] = Base64.encode64(guid).strip

  opts.slice(:uuid, :session_guid, :uri, :debug, :log_file, :name, :background)
end

#generate_http_uri(opts) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 55

def generate_http_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end

  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri << luri
  target_uri << generate_uri(opts)
  target_uri << '|'
  target_uri << generate_uri_option(opts, :ua)
  target_uri << generate_uri_option(opts, :host)
  target_uri << generate_uri_option(opts, :referer)
  if opts[:cookie]
    opts[:header] = "Cookie: #{opts[:cookie]}"
    target_uri << generate_uri_option(opts, :header)
  end
  target_uri.strip
end

#generate_tcp_uri(opts) ⇒ Object 



77
78
79
80
81
82
83
84
85
86
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 77

def generate_tcp_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end
  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri
end

#generate_uri(opts = {}) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 35

def generate_uri(opts = {})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 128 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(127 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, 'Minimum StagerURILength is 5'
  end

  generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])
end

#generate_uri_option(opts, opt) ⇒ Object 



51
52
53
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 51

def generate_uri_option(opts, opt)
  opts[opt] ? "--#{opt} '#{opts[opt].gsub('\'', "\\'")}' " : ''
end

#initialize(info = {}) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/msf/base/sessions/mettle_config.rb', line 11

def initialize(info = {})
  super

  register_advanced_options(
    [
      OptBool.new(
        'MeterpreterTryToFork',
        'Fork a new process if the functionality is available',
        default: false
      ),
    ]
  )
  unless staged?
    register_advanced_options(
      [
        OptEnum.new(
          'PayloadLinuxMinKernel',
          [true, 'Linux minimum kernel version for compatibility', '2.6', ['2.6', '3.17']]
        )
      ]
    )
  end
end