Module: Msf::Payload::Adapter::Fetch::Server::Https
Instance Method Summary collapse
- #add_resource(fetch_service, uri, srvexe) ⇒ Object
- #cleanup_http_fetch_service(fetch_service, delete_resource) ⇒ Object
- #fetch_protocol ⇒ Object
-
#initialize(*args) ⇒ Object
This mixin supports both HTTP and HTTPS fetch handlers.
- #on_request_uri(cli, request, srvexe) ⇒ Object
- #payload_response(srvexe) ⇒ Object
- #ssl_cert ⇒ Object
- #ssl_cipher ⇒ Object
- #ssl_compression ⇒ Object
- #ssl_version ⇒ Object
- #start_http_fetch_handler(srvname, srvexe) ⇒ Object
- #start_https_fetch_handler(srvname, srvexe) ⇒ Object
- #start_https_server(ssl, ssl_cert, ssl_compression, ssl_cipher, ssl_version) ⇒ Object
Instance Method Details
#add_resource(fetch_service, uri, srvexe) ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 26 def add_resource(fetch_service, uri, srvexe) vprint_status("Adding resource #{uri}") if fetch_service.resources.include?(uri) # When we clean up, we need to leave resources alone, because we never added one. @delete_resource = false fail_with(Msf::Exploit::Failure::BadConfig, "Resource collision detected. Set FETCH_URI to a different value to continue.") end fetch_service.add_resource(uri, 'Proc' => proc do |cli, req| on_request_uri(cli, req, srvexe) end, 'VirtualDirectory' => true) rescue ::Exception => e # When we clean up, we need to leave resources alone, because we never added one. @delete_resource = false fail_with(Msf::Exploit::Failure::Unknown, "Failed to add resource\n #{e}") end |
#cleanup_http_fetch_service(fetch_service, delete_resource) ⇒ Object
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 44 def cleanup_http_fetch_service(fetch_service, delete_resource) unless fetch_service.nil? escaped_srvuri = ('/' + srvuri).gsub('//', '/') if fetch_service.resources.include?(escaped_srvuri) && delete_resource fetch_service.remove_resource(escaped_srvuri) end fetch_service.deref if fetch_service.resources.empty? # if we don't call deref, we cannot start another httpserver # this is a reimplementation of the cleanup_service method # in Exploit::Remote::SocketServer temp_service = fetch_service fetch_service = nil temp_service.cleanup temp_service.deref end end end |
#fetch_protocol ⇒ Object
63 64 65 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 63 def fetch_protocol 'HTTPS' end |
#initialize(*args) ⇒ Object
This mixin supports both HTTP and HTTPS fetch handlers. If you only want HTTP, use the HTTP mixin that imports this, but removes the HTTPS options
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 5 def initialize(*args) super ( [ Msf::OptBool.new('FETCH_CHECK_CERT', [true,"Check SSL certificate", false]) ] ) ( [ Msf::OptString.new('FetchHttpServerName', [true, 'Http Server Name', 'Apache']), Msf::OptPath.new('FetchSSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)', '']), Msf::OptBool.new('FetchSSLCompression', [ false, 'Enable SSL/TLS-level compression', false ]), Msf::OptString.new('FetchSSLCipher', [ false, 'String for SSL cipher spec - "DHE-RSA-AES256-SHA" or "ADH"']), Msf::OptEnum.new('FetchSSLVersion', 'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', enums: Rex::Socket::SslTcp.supported_ssl_methods) ] ) end |
#on_request_uri(cli, request, srvexe) ⇒ Object
67 68 69 70 71 72 73 74 75 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 67 def on_request_uri(cli, request, srvexe) client = cli.peerhost vprint_status("Client #{client} requested #{request.uri}") if (user_agent = request.headers['User-Agent']) client += " (#{user_agent})" end vprint_status("Sending payload to #{client}") cli.send_response(payload_response(srvexe)) end |
#payload_response(srvexe) ⇒ Object
77 78 79 80 81 82 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 77 def payload_response(srvexe) res = Rex::Proto::Http::Response.new(200, 'OK', Rex::Proto::Http::DefaultProtocol) res['Content-Type'] = 'text/html' res.body = srvexe.to_s.unpack('C*').pack('C*') res end |
#ssl_cert ⇒ Object
84 85 86 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 84 def ssl_cert datastore['FetchSSLCert'] end |
#ssl_cipher ⇒ Object
92 93 94 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 92 def ssl_cipher datastore['FetchSSLCipher'] end |
#ssl_compression ⇒ Object
88 89 90 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 88 def ssl_compression datastore['FetchSSLCompression'] end |
#ssl_version ⇒ Object
96 97 98 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 96 def ssl_version datastore['FetchSSLVersion'] end |
#start_http_fetch_handler(srvname, srvexe) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 100 def start_http_fetch_handler(srvname, srvexe) # this looks a bit funny because I converted it to use an instance variable so that if we crash in the # middle and don't return a value, we still have the right fetch_service to clean up. escaped_srvuri = ('/' + srvuri).gsub('//', '/') @fetch_service = start_https_server(false, nil, nil, nil, nil) if @fetch_service.nil? if @fetch_service.nil? cleanup_handler fail_with(Msf::Exploit::Failure::BadConfig, "Fetch Handler failed to start on #{fetch_bindhost}:#{fetch_bindport}") end vprint_status('HTTP server started') @fetch_service.server_name = srvname add_resource(@fetch_service, escaped_srvuri, srvexe) @fetch_service end |
#start_https_fetch_handler(srvname, srvexe) ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 115 def start_https_fetch_handler(srvname, srvexe) # this looks a bit funny because I converted it to use an instance variable so that if we crash in the # middle and don't return a value, we still have the right fetch_service to clean up. escaped_srvuri = ('/' + srvuri).gsub('//', '/') @fetch_service = start_https_server(true, ssl_cert, ssl_compression, ssl_cipher, ssl_version) if @fetch_service.nil? if @fetch_service.nil? cleanup_handler fail_with(Msf::Exploit::Failure::BadConfig, "Fetch Handler failed to start on #{fetch_bindhost}:#{fetch_bindport}\n #{e}") end vprint_status('HTTPS server started') @fetch_service.server_name = srvname add_resource(@fetch_service, escaped_srvuri, srvexe) @fetch_service end |
#start_https_server(ssl, ssl_cert, ssl_compression, ssl_cipher, ssl_version) ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 |
# File 'lib/msf/core/payload/adapter/fetch/server/https.rb', line 130 def start_https_server(ssl, ssl_cert, ssl_compression, ssl_cipher, ssl_version) begin fetch_service = Rex::ServiceManager.start( Rex::Proto::Http::Server, fetch_bindport, fetch_bindhost, ssl, { 'Msf' => framework, 'MsfExploit' => self }, _determine_server_comm(fetch_bindhost), ssl_cert, ssl_compression, ssl_cipher, ssl_version ) rescue Exception => e cleanup_handler fail_with(Msf::Exploit::Failure::BadConfig, "Fetch Handler failed to start on #{fetch_bindhost}:#{fetch_bindport}\n #{e}") end vprint_status("Fetch Handler listening on #{fetch_bindhost}:#{fetch_bindport}") fetch_service end |