Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/base/sessions/mettle_config.rb
32904 views
1
# -*- coding: binary -*-

2


3
require 'base64'

4
require 'securerandom'

5


6
module Msf

7
  module Sessions

8
    module MettleConfig

9
      include Msf::Payload::TransportConfig

10


11
      def initialize(info = {})

12
        super

13


14
        register_advanced_options(

15
          [

16
            OptBool.new(

17
              'MeterpreterTryToFork',

18
              'Fork a new process if the functionality is available',

19
              default: false

20
            ),

21
          ]

22
        )

23
        unless staged?

24
          register_advanced_options(

25
            [

26
              OptEnum.new(

27
                'PayloadLinuxMinKernel',

28
                [true, 'Linux minimum kernel version for compatibility', '2.6', ['2.6', '3.17']]

29
              )

30
            ]

31
          )

32
        end

33
      end

34


35
      def generate_uri(opts = {})

36
        ds = opts[:datastore] || datastore

37
        uri_req_len = ds['StagerURILength'].to_i

38


39
        # Choose a random URI length between 30 and 128 bytes

40
        if uri_req_len == 0

41
          uri_req_len = 30 + luri.length + rand(127 - (30 + luri.length))

42
        end

43


44
        if uri_req_len < 5

45
          raise ArgumentError, 'Minimum StagerURILength is 5'

46
        end

47


48
        generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])

49
      end

50


51
      def generate_uri_option(opts, opt)

52
        opts[opt] ? "--#{opt} '#{opts[opt].gsub('\'', "\\'")}' " : ''

53
      end

54


55
      def generate_http_uri(opts)

56
        if Rex::Socket.is_ipv6?(opts[:lhost])

57
          target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"

58
        else

59
          target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"

60
        end

61


62
        target_uri << ':'

63
        target_uri << opts[:lport].to_s

64
        target_uri << luri

65
        target_uri << generate_uri(opts)

66
        target_uri << '|'

67
        target_uri << generate_uri_option(opts, :ua)

68
        target_uri << generate_uri_option(opts, :host)

69
        target_uri << generate_uri_option(opts, :referer)

70
        if opts[:cookie]

71
          opts[:header] = "Cookie: #{opts[:cookie]}"

72
          target_uri << generate_uri_option(opts, :header)

73
        end

74
        target_uri.strip

75
      end

76


77
      def generate_tcp_uri(opts)

78
        if Rex::Socket.is_ipv6?(opts[:lhost])

79
          target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"

80
        else

81
          target_uri = "#{opts[:scheme]}://#{opts[:lhost]}"

82
        end

83
        target_uri << ':'

84
        target_uri << opts[:lport].to_s

85
        target_uri

86
      end

87


88
      def generate_config(opts = {})

89
        ds = opts[:datastore] || datastore

90


91
        opts[:background] = ds['MeterpreterTryToFork'] ? 1 : 0

92


93
        if ds['PayloadProcessCommandLine'] != ''

94
          opts[:name] ||= ds['PayloadProcessCommandLine']

95
        end

96


97
        opts[:uuid] ||= generate_payload_uuid

98


99
        case opts[:scheme]

100
        when 'http'

101
          opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))

102
        when 'https'

103
          opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))

104
        when 'tcp'

105
          opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))

106
        else

107
          raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"

108
        end

109


110
        opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip

111
        guid = "\x00" * 16

112
        unless opts[:stageless] == true

113
          guid = [SecureRandom.uuid.gsub('-', '')].pack('H*')

114
        end

115
        opts[:session_guid] = Base64.encode64(guid).strip

116


117
        opts.slice(:uuid, :session_guid, :uri, :debug, :log_file, :name, :background)

118
      end

119


120
      # Stage encoding is not safe for Mettle (doesn't apply to stageless)

121
      def encode_stage?

122
        if datastore['EnableStageEncoding'] && !@warned

123
          print_warning("Stage encoding is not supported for #{refname}")

124
          @warned = true

125
        end

126


127
        false

128
      end

129
    end

130
  end

131
end

132


133