Module: Msf::Sessions::MettleConfig

Includes:
Payload::TransportConfig
Defined in:
lib/msf/base/sessions/mettle_config.rb

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary collapse

Methods included from Payload::TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Methods included from Payload::UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #initialize, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Methods included from Payload::Pingback::Options

#initialize

Instance Method Details

#encode_stage?Boolean

Stage encoding is not safe for Mettle (doesn't apply to stageless)

Returns:

  • (Boolean)

104
105
106
107
108
109
110
111
# File 'lib/msf/base/sessions/mettle_config.rb', line 104

def encode_stage?
  if datastore['EnableStageEncoding'] && !@warned
    print_warning("Stage encoding is not supported for #{refname}")
    @warned = true
  end

  false
end

#generate_config(opts = {}) ⇒ Object


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/msf/base/sessions/mettle_config.rb', line 65

def generate_config(opts={})
  ds = opts[:datastore] || datastore

  if ds['PayloadProcessCommandLine'] != ''
    opts[:name] ||= ds['PayloadProcessCommandLine']
  end

  if ds['RemoteMeterpreterDebugFile'] != ''
    opts[:log_file] ||= ds['RemoteMeterpreterDebugFile']
  end

  log_level = ds['MeterpreterDebugLevel'].to_i
  log_level = 0 if log_level < 0
  log_level = 3 if log_level > 3
  opts[:debug] = log_level
  opts[:uuid] ||= generate_payload_uuid

  case opts[:scheme]
  when 'http'
    opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))
  when 'https'
    opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))
  when 'tcp'
    opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))
  else
    raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"
  end

  opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip
  guid = "\x00" * 16
  unless opts[:stageless] == true
    guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
  end
  opts[:session_guid] = Base64.encode64(guid).strip

  opts.slice(:uuid, :session_guid, :uri, :debug, :log_file, :name)
end

#generate_http_uri(opts) ⇒ Object


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/msf/base/sessions/mettle_config.rb', line 32

def generate_http_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end

  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri << luri
  target_uri << generate_uri(opts)
  target_uri << '|'
  target_uri << generate_uri_option(opts, :ua)
  target_uri << generate_uri_option(opts, :host)
  target_uri << generate_uri_option(opts, :referer)
  if opts[:cookie]
    opts[:header] = "Cookie: #{opts[:cookie]}"
    target_uri << generate_uri_option(opts, :header)
  end
  target_uri.strip
end

#generate_tcp_uri(opts) ⇒ Object


54
55
56
57
58
59
60
61
62
63
# File 'lib/msf/base/sessions/mettle_config.rb', line 54

def generate_tcp_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end
  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri
end

#generate_uri(opts = {}) ⇒ Object


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# File 'lib/msf/base/sessions/mettle_config.rb', line 12

def generate_uri(opts={})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 128 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(127 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, "Minimum StagerURILength is 5"
  end

  generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])
end

#generate_uri_option(opts, opt) ⇒ Object


28
29
30
# File 'lib/msf/base/sessions/mettle_config.rb', line 28

def generate_uri_option(opts, opt)
  opts[opt] ? "--#{opt} '#{opts[opt].gsub(/'/, "\\'")}' " : ''
end