adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Uses a hash for options as opposed to numerous methods on blob

Browse Source
This commit is contained in:
Sean Verity
2014-09-17 14:11:37 -04:00
parent 3c11251432
commit 4bd14ed5ea
2 changed files with 37 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/rex/payloads/meterpreter/patch.rb
+22 -7
View File
@@ -19,7 +19,6 @@ module Rex
blob[i, str.length] = str
end
return blob
end
# Replace the URL
@@ -31,7 +30,6 @@ module Rex
blob[i, str.length] = str
end
return blob
end
# Replace the session expiration timeout
@@ -43,7 +41,6 @@ module Rex
blob[i, str.length] = str
end
return blob
end
# Replace the session communication timeout
@@ -55,18 +52,17 @@ module Rex
blob[i, str.length] = str
end
return blob
end
# Replace the user agent string with our option
def patch_ua! blob, ua
ua = ua[0,255] + "\x00"
i = blob.index("METERPRETER_UA\x00")
if i
blob[i, ua.length] = ua
end
return blob
end
# Activate a custom proxy
@@ -93,7 +89,6 @@ module Rex
end
end
return blob
end
# Proxy authentification
@@ -112,7 +107,27 @@ module Rex
blob[proxy_password_loc, proxy_password.length] = proxy_password
end
return blob
end
# Patch options into metsrv for reverse HTTP payloads
def patch_passive_service! blob, options
blob.patch_transport! blob, options[:ssl]
blob.patch_url! blob, options[:url]
blob.patch_expiration! blob, options[:expiration]
blob.patch_comm_timeout! blob, options[:comm_timeout]
blob.patch_ua! blob, options[:ua]
blob.patch_proxy!(blob,
options[:proxyhost],
options[:proxyport],
options[:proxy_type]
)
blob.patch_proxy_auth!(blob,
options[:proxy_username],
options[:proxy_password],
options[:proxy_type]
)
end
end
lib/rex/post/meterpreter/client_core.rb
+15 -35
View File
@@ -231,42 +231,22 @@ class ClientCore < Extension
if client.passive_service
blob.extend(Rex::Payloads::Meterpreter::Patch)
blob.extend Rex::Payloads::Meterpreter::Patch
# Replace the transport string first (TRANSPORT_SOCKET_SSL)
blob.patch_transport!(blob, client.ssl)
# Replace the URL
blob.patch_url!(blob, self.client.url)
# Replace the session expiration timeout
blob.patch_expiration!(blob, self.client.expiration)
# Replace the session communication timeout
blob.patch_comm_timeout!(blob, self.client.comm_timeout)
# Replace the user agent string with our option
blob.patch_ua!(
blob,
client.exploit_datastore['MeterpreterUserAgent'][0,255] + "\x00"
)
# Activate a custom proxy
blob.patch_proxy!(
blob,
client.exploit_datastore['PROXYHOST'],
client.exploit_datastore['PROXYPORT'],
client.exploit_datastore['PROXY_TYPE']
)
# Proxy authentication
blob.patch_proxy_auth!(
blob,
client.exploit_datastore['PROXY_USERNAME'],
client.exploit_datastore['PROXY_PASSWORD'],
client.exploit_datastore['PROXY_TYPE']
)
conn_id = self.client.conn_id
#
# Patch options into metsrv for reverse HTTP payloads
#
blob.patch_passive_service! blob,
:ssl => client.ssl,
:url => self.client.url,
:expiration => self.client.expiration,
:comm_timeout => self.client.comm_timeout,
:ua => client.exploit_datastore['MeterpreterUserAgent'],
:proxyhost => client.exploit_datastore['PROXYHOST'],
:proxyport => client.exploit_datastore['PROXYPORT'],
:proxy_type => client.exploit_datastore['PROXY_TYPE'],
:proxy_username => client.exploit_datastore['PROXY_USERNAME'],
:proxy_password => client.exploit_datastore['PROXY_PASSWORD']
end