Module: Msf::Sessions::MettleConfig

Includes:

Payload::TransportConfig

Defined in:

lib/msf/base/sessions/mettle_config.rb

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary

• #encode_stage? ⇒ Boolean

  Stage encoding is not safe for Mettle (doesn’t apply to stageless).

• #generate_config(opts = {}) ⇒ Object
• #generate_http_uri(opts) ⇒ Object
• #generate_tcp_uri(opts) ⇒ Object
• #generate_uri(opts = {}) ⇒ Object
• #generate_uri_option(opts, opt) ⇒ Object
• #initialize(info = {}) ⇒ Object

Methods included from Payload::TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Methods included from Payload::UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Instance Method Details

#encode_stage? ⇒ Boolean

Stage encoding is not safe for Mettle (doesn’t apply to stageless)

Returns:

• (Boolean)

# File 'lib/msf/base/sessions/mettle_config.rb', line 112

def encode_stage?
  if datastore['EnableStageEncoding'] && !@warned
    print_warning("Stage encoding is not supported for #{refname}")
    @warned = true
  end

  false
end

#generate_config(opts = {}) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 79

def generate_config(opts={})
  ds = opts[:datastore] || datastore

  opts[:background] = ds['MeterpreterTryToFork'] ? 1 : 0

  if ds['PayloadProcessCommandLine'] != ''
    opts[:name] ||= ds['PayloadProcessCommandLine']
  end

  opts[:uuid] ||= generate_payload_uuid

  case opts[:scheme]
  when 'http'
    opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))
  when 'https'
    opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))
  when 'tcp'
    opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))
  else
    raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"
  end

  opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip
  guid = "\x00" * 16
  unless opts[:stageless] == true
    guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
  end
  opts[:session_guid] = Base64.encode64(guid).strip

  opts.slice(:uuid, :session_guid, :uri, :debug, :log_file, :name, :background)
end

#generate_http_uri(opts) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 46

def generate_http_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end

  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri << luri
  target_uri << generate_uri(opts)
  target_uri << '|'
  target_uri << generate_uri_option(opts, :ua)
  target_uri << generate_uri_option(opts, :host)
  target_uri << generate_uri_option(opts, :referer)
  if opts[:cookie]
    opts[:header] = "Cookie: #{opts[:cookie]}"
    target_uri << generate_uri_option(opts, :header)
  end
  target_uri.strip
end

#generate_tcp_uri(opts) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 68

def generate_tcp_uri(opts)
  if Rex::Socket.is_ipv6?(opts[:lhost])
    target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
  else
    target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"
  end
  target_uri << ':'
  target_uri << opts[:lport].to_s
  target_uri
end

#generate_uri(opts = {}) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 26

def generate_uri(opts={})
  ds = opts[:datastore] || datastore
  uri_req_len = ds['StagerURILength'].to_i

  # Choose a random URI length between 30 and 128 bytes
  if uri_req_len == 0
    uri_req_len = 30 + luri.length + rand(127 - (30 + luri.length))
  end

  if uri_req_len < 5
    raise ArgumentError, "Minimum StagerURILength is 5"
  end

  generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])
end

#generate_uri_option(opts, opt) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 42

def generate_uri_option(opts, opt)
  opts[opt] ? "--#{opt} '#{opts[opt].gsub(/'/, "\\'")}' " : ''
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/base/sessions/mettle_config.rb', line 12

def initialize(info = {})
  super

  register_advanced_options(
    [
      OptBool.new(
        'MeterpreterTryToFork',
        'Fork a new process if the functionality is available',
        default: false
      )
    ]
  )
end