Module: Msf::Sessions::MettleConfig

Includes:
Payload::TransportConfig
Defined in:
lib/msf/base/sessions/mettle_config.rb

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary collapse

Methods included from Payload::TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Methods included from Payload::UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #initialize, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Methods included from Payload::Pingback::Options

#initialize

Instance Method Details

#encode_stage?Boolean

Stage encoding is not safe for Mettle (doesn't apply to stageless)

Returns:

  • (Boolean)

106
107
108
109
110
111
112
113
# File 'lib/msf/base/sessions/mettle_config.rb', line 106

def encode_stage?
  if datastore['EnableStageEncoding'] && !@warned
    print_warning("Stage encoding is not supported for #{refname}")
    @warned = true
  end

  false
end

#generate_config(opts = {}) ⇒ Object


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/msf/base/sessions/mettle_config.rb', line 67

def generate_config(opts={})
  ds = opts[:datastore] || datastore

  if ds['PayloadProcessCommandLine'] != ''
    opts[:name] ||= ds['PayloadProcessCommandLine']
  end

  if ds['RemoteMeterpreterDebugFile'] != ''
    opts[:log_file] ||= ds['RemoteMeterpreterDebugFile']
  end

  log_level = ds['MeterpreterDebugLevel'].to_i
  log_level = 0 if log_level < 0
  log_level = 3 if log_level > 3
  opts[:debug] = log_level
  opts[:uuid] ||= generate_payload_uuid

  case opts[:scheme]
  when 'http'
    opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))
  when 'https'
    opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))
  when 'tcp'
    opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))
  else
    raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"
  end

  opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip
  guid = "\x00" * 16
  unless opts[:stageless] == true
    guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
  end
  opts[:session_guid] = Base64.encode64(guid).strip

  opts.slice(:uuid, :session_guid, :uri, :debug, :log_file, :name)
end

#generate_http_uri(opts) ⇒ Object


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/msf/base/sessions/mettle_config.rb', line 34

def generate_http_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end

  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri << luri
  target_uri << generate_uri(opts)
  target_uri << '|'
  target_uri << generate_uri_option(opts, :ua)
  target_uri << generate_uri_option(opts, :host)
  target_uri << generate_uri_option(opts, :referer)
  if opts[:cookie]
    opts[:header] = "Cookie: #{opts[:cookie]}"
    target_uri << generate_uri_option(opts, :header)
  end
  target_uri.strip
end

#generate_tcp_uri(opts) ⇒ Object


56
57
58
59
60
61
62
63
64
65
# File 'lib/msf/base/sessions/mettle_config.rb', line 56

def generate_tcp_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end
  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri
end

#generate_uri(opts = {}) ⇒ Object


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/msf/base/sessions/mettle_config.rb', line 14

def generate_uri(opts={})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 128 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(127 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, "Minimum StagerURILength is 5"
  end

  generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])
end

#generate_uri_option(opts, opt) ⇒ Object


30
31
32
# File 'lib/msf/base/sessions/mettle_config.rb', line 30

def generate_uri_option(opts, opt)
  opts[opt] ? "--#{opt} '#{opts[opt].gsub(/'/, "\\'")}' " : ''
end