Register the init_* URLs and whitelist these

2015-05-21 00:22:41 -05:00
parent 27406204ed
commit 4622fa60eb
2 changed files with 37 additions and 3 deletions
@@ -154,6 +154,10 @@ module ReverseHttp

    print_status("Started #{scheme.upcase} reverse handler on #{listener_uri}")
    lookup_proxy_settings
+
+    if datastore['IgnoreUnknownPayloads']
+      print_status("Handler is ignoring unknown payloads, there are #{framework.uuid_db.keys.length} UUIDs whitelisted")
+    end
  end

  #
@@ -229,11 +233,21 @@ protected
      conn_id = generate_uri_uuid(URI_CHECKSUM_CONN, uuid)
    end

+    # Validate known UUIDs for all requests if IgnoreUnknownPayloads is set
    if datastore['IgnoreUnknownPayloads'] && ! framework.uuid_db[uuid.puid_hex]
-      print_status("#{cli.peerhost}:#{cli.peerport} Ignoring request with unknown UUID #{uuid.to_s}")
+      print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring request with unknown UUID")
      info[:mode] = :unknown_uuid
    end

+    # Validate known URLs for all session init requests if IgnoreUnknownPayloads is set
+    if datastore['IgnoreUnknownPayloads'] && info[:mode].to_s =~ /^init_/
+      allowed_urls = framework.uuid_db[uuid.puid_hex]['urls'] || []
+      unless allowed_urls.include?(req.relative_resource)
+        print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring request with unknown UUID URL #{req.relative_resource}")
+        info[:mode] = :unknown_uuid_url
+      end
+    end
+
    self.pending_connections += 1

    # Process the requested resource.
@@ -374,7 +388,9 @@ protected
        })

      else
-        print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} #{req.inspect}...")
+        unless [:unknown_uuid, :unknown_uuid_url].include?(info[:mode])
+          print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} with UA #{req.headers['User-Agent']}...")
+        end
        resp.code    = 200
        resp.message = "OK"
        resp.body    = datastore['HttpUnknownRequestResponse'].to_s
@@ -42,7 +42,11 @@ module Msf::Payload::UUID::Options
      return "/" + generate_uri_checksum(sum, len, prefix="")
    end

-    generate_uri_uuid(sum, generate_payload_uuid, len)
+    uuid = generate_payload_uuid
+    uri  = generate_uri_uuid(sum, uuid, len)
+    record_payload_uuid_url(uuid, uri)
+
+    uri
  end

  # Generate a Payload UUID
@@ -68,6 +72,10 @@ module Msf::Payload::UUID::Options
      conf[:puid] = puid_raw
    end

+    if datastore['PayloadUUIDName'].to_s.length > 0 && ! datastore['PayloadUUIDTracking']
+      raise ArgumentError, "The PayloadUUIDName value is ignored unless PayloadUUIDTracking is enabled"
+    end
+
    # Generate the UUID object
    uuid = Msf::Payload::UUID.new(conf)
    record_payload_uuid(uuid)
@@ -98,5 +106,15 @@ module Msf::Payload::UUID::Options
    framework.uuid_db[uuid.puid_hex] = uuid_info
  end

+  # Store a UUID URL in the JSON database if tracking is enabled
+  def record_payload_uuid_url(uuid, url)
+    return unless datastore['PayloadUUIDTracking']
+    uuid_info = framework.uuid_db[uuid.puid_hex]
+    uuid_info['urls'] ||= []
+    uuid_info['urls'] << url
+    uuid_info['urls'].uniq!
+    framework.uuid_db[uuid.puid_hex] = uuid_info
+  end
+
 end