update linux and windows meterpreters to use metasploit-payloads
This commit is contained in:
Brent Cook
+2
-2
@@ -9,7 +9,7 @@ PATH
|
||||
json
|
||||
metasploit-concern (= 0.4.0)
|
||||
metasploit-model (~> 0.29.0)
|
||||
meterpreter_bins (= 0.0.22)
|
||||
metasploit-payloads (= 0.0.2)
|
||||
msgpack
|
||||
nokogiri
|
||||
packetfu (= 1.1.9)
|
||||
@@ -123,6 +123,7 @@ GEM
|
||||
metasploit-model (0.29.2)
|
||||
activesupport
|
||||
railties (< 4.0.0)
|
||||
metasploit-payloads (0.0.2)
|
||||
metasploit_data_models (0.24.0)
|
||||
activerecord (>= 3.2.13, < 4.0.0)
|
||||
activesupport
|
||||
@@ -132,7 +133,6 @@ GEM
|
||||
pg
|
||||
railties (< 4.0.0)
|
||||
recog (~> 1.0)
|
||||
meterpreter_bins (0.0.22)
|
||||
method_source (0.8.2)
|
||||
mime-types (1.25.1)
|
||||
mini_portile (0.6.2)
|
||||
|
||||
@@ -52,7 +52,7 @@ module Payload::Windows::StagelessMeterpreter
|
||||
end
|
||||
|
||||
def generate_stageless_x86(url = nil)
|
||||
dll, offset = load_rdi_dll(MeterpreterBinaries.path('metsrv', 'x86.dll'))
|
||||
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll'))
|
||||
|
||||
conf = {
|
||||
:rdi_offset => offset,
|
||||
@@ -104,7 +104,7 @@ module Payload::Windows::StagelessMeterpreter
|
||||
unless datastore['EXTENSIONS'].nil?
|
||||
datastore['EXTENSIONS'].split(',').each do |e|
|
||||
e = e.strip.downcase
|
||||
ext, o = load_rdi_dll(MeterpreterBinaries.path("ext_server_#{e}", 'x86.dll'))
|
||||
ext, o = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{e}", 'x86.dll'))
|
||||
|
||||
# append the size, offset to RDI and the payload itself
|
||||
dll << [ext.length].pack('V') + ext
|
||||
|
||||
@@ -52,7 +52,7 @@ module Payload::Windows::StagelessMeterpreter_x64
|
||||
end
|
||||
|
||||
def generate_stageless_x64(url = nil)
|
||||
dll, offset = load_rdi_dll(MeterpreterBinaries.path('metsrv', 'x64.dll'))
|
||||
dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll'))
|
||||
|
||||
conf = {
|
||||
:rdi_offset => offset,
|
||||
@@ -104,7 +104,7 @@ module Payload::Windows::StagelessMeterpreter_x64
|
||||
unless datastore['EXTENSIONS'].nil?
|
||||
datastore['EXTENSIONS'].split(',').each do |e|
|
||||
e = e.strip.downcase
|
||||
ext, o = load_rdi_dll(MeterpreterBinaries.path("ext_server_#{e}", 'x64.dll'))
|
||||
ext, o = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{e}", 'x64.dll'))
|
||||
|
||||
# append the size, offset to RDI and the payload itself
|
||||
dll << [ext.length].pack('V') + ext
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# -*- coding: binary -*-
|
||||
|
||||
require 'meterpreter_bins'
|
||||
require 'metasploit-payloads'
|
||||
require 'rex/post/meterpreter/client'
|
||||
require 'rex/post/meterpreter/ui/console'
|
||||
|
||||
@@ -249,7 +249,7 @@ class ClientCore < Extension
|
||||
# Get us to the installation root and then into data/meterpreter, where
|
||||
# the file is expected to be
|
||||
modname = "ext_server_#{mod.downcase}"
|
||||
path = MeterpreterBinaries.path(modname, client.binary_suffix)
|
||||
path = MetasploitPayloads.meterpreter_path(modname, client.binary_suffix)
|
||||
|
||||
if opts['ExtensionPath']
|
||||
path = ::File.expand_path(opts['ExtensionPath'])
|
||||
@@ -633,7 +633,7 @@ class ClientCore < Extension
|
||||
# Create the migrate stager
|
||||
migrate_stager = c.new()
|
||||
|
||||
dll = MeterpreterBinaries.path('metsrv',binary_suffix)
|
||||
dll = MetasploitPayloads.meterpreter_path('metsrv', binary_suffix)
|
||||
if dll.nil?
|
||||
raise RuntimeError, "metsrv.#{binary_suffix} not found", caller
|
||||
end
|
||||
@@ -669,10 +669,7 @@ class ClientCore < Extension
|
||||
end
|
||||
|
||||
def generate_linux_stub
|
||||
file = ::File.join(Msf::Config.data_directory, "meterpreter", "msflinker_linux_x86.bin")
|
||||
blob = ::File.open(file, "rb") {|f|
|
||||
f.read(f.stat.size)
|
||||
}
|
||||
blob = MetasploitPayloads.read('meterpreter', 'msflinker_linux_x86.bin')
|
||||
|
||||
Rex::Payloads::Meterpreter::Patch.patch_timeouts!(blob,
|
||||
:expiration => self.client.expiration,
|
||||
|
||||
@@ -45,7 +45,7 @@ class Priv < Extension
|
||||
|
||||
elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
|
||||
|
||||
elevator_path = MeterpreterBinaries.path('elevator', client.binary_suffix)
|
||||
elevator_path = MetasploitPayloads.meterpreter_path('elevator', client.binary_suffix)
|
||||
if elevator_path.nil?
|
||||
raise RuntimeError, "elevator.#{binary_suffix} not found", caller
|
||||
end
|
||||
|
||||
@@ -157,7 +157,7 @@ class UI < Rex::Post::UI
|
||||
|
||||
# include the x64 screenshot dll if the host OS is x64
|
||||
if( client.sys.config.sysinfo['Architecture'] =~ /^\S*x64\S*/ )
|
||||
screenshot_path = MeterpreterBinaries.path('screenshot','x64.dll')
|
||||
screenshot_path = MetasploitPayloads.meterpreter_path('screenshot','x64.dll')
|
||||
if screenshot_path.nil?
|
||||
raise RuntimeError, "screenshot.x64.dll not found", caller
|
||||
end
|
||||
@@ -172,7 +172,7 @@ class UI < Rex::Post::UI
|
||||
end
|
||||
|
||||
# but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
|
||||
screenshot_path = MeterpreterBinaries.path('screenshot','x86.dll')
|
||||
screenshot_path = MetasploitPayloads.meterpreter_path('screenshot','x86.dll')
|
||||
if screenshot_path.nil?
|
||||
raise RuntimeError, "screenshot.x86.dll not found", caller
|
||||
end
|
||||
|
||||
@@ -689,8 +689,8 @@ class Console::CommandDispatcher::Core
|
||||
case opt
|
||||
when "-l"
|
||||
exts = SortedSet.new
|
||||
msf_path = MeterpreterBinaries.metasploit_data_dir
|
||||
gem_path = MeterpreterBinaries.local_dir
|
||||
msf_path = MetasploitPayloads.msf_meterpreter_dir
|
||||
gem_path = MetasploitPayloads.local_meterpreter_dir
|
||||
[msf_path, gem_path].each do |path|
|
||||
::Dir.entries(path).each { |f|
|
||||
if (::File.file?(::File.join(path, f)) && f =~ /ext_server_(.*)\.#{client.binary_suffix}/ )
|
||||
@@ -737,8 +737,8 @@ class Console::CommandDispatcher::Core
|
||||
|
||||
def cmd_load_tabs(str, words)
|
||||
tabs = SortedSet.new
|
||||
msf_path = MeterpreterBinaries.metasploit_data_dir
|
||||
gem_path = MeterpreterBinaries.local_dir
|
||||
msf_path = MetasploitPayloads.msf_meterpreter_dir
|
||||
gem_path = MetasploitPayloads.local_meterpreter_dir
|
||||
[msf_path, gem_path].each do |path|
|
||||
::Dir.entries(path).each { |f|
|
||||
if (::File.file?(::File.join(path, f)) && f =~ /ext_server_(.*)\.#{client.binary_suffix}/ )
|
||||
|
||||
@@ -64,7 +64,7 @@ Gem::Specification.new do |spec|
|
||||
# are needed when there's no database
|
||||
spec.add_runtime_dependency 'metasploit-model', '~> 0.29.0'
|
||||
# Needed for Meterpreter on Windows, soon others.
|
||||
spec.add_runtime_dependency 'meterpreter_bins', '0.0.22'
|
||||
spec.add_runtime_dependency 'metasploit-payloads', '0.0.2'
|
||||
# Needed by msfgui and other rpc components
|
||||
spec.add_runtime_dependency 'msgpack'
|
||||
# Needed by anemone crawler
|
||||
|
||||
@@ -100,12 +100,7 @@ module Metasploit3
|
||||
end
|
||||
|
||||
def generate_stage
|
||||
#file = File.join(Msf::Config.data_directory, "msflinker_linux_x86.elf")
|
||||
file = File.join(Msf::Config.data_directory, "meterpreter", "msflinker_linux_x86.bin")
|
||||
|
||||
blob = File.open(file, "rb") {|f|
|
||||
f.read(f.stat.size)
|
||||
}
|
||||
blob = MetasploitPayloads.read('meterpreter', 'msflinker_linux_x86.bin')
|
||||
|
||||
Rex::Payloads::Meterpreter::Patch.patch_timeouts!(blob,
|
||||
:expiration => datastore['SessionExpirationTimeout'].to_i,
|
||||
@@ -113,6 +108,6 @@ module Metasploit3
|
||||
:retry_total => datastore['SessionRetryTotal'].to_i,
|
||||
:retry_wait => datastore['SessionRetryWait'].to_i)
|
||||
|
||||
return blob
|
||||
blob
|
||||
end
|
||||
end
|
||||
|
||||
@@ -35,7 +35,7 @@ module Metasploit3
|
||||
end
|
||||
|
||||
def library_path
|
||||
MeterpreterBinaries.path('metsrv','x86.dll')
|
||||
MetasploitPayloads.meterpreter_path('metsrv','x86.dll')
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -41,7 +41,7 @@ module Metasploit3
|
||||
end
|
||||
|
||||
def library_path
|
||||
MeterpreterBinaries.path('metsrv','x86.dll')
|
||||
MetasploitPayloads.meterpreter_path('metsrv','x86.dll')
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -35,7 +35,7 @@ module Metasploit3
|
||||
end
|
||||
|
||||
def library_path
|
||||
MeterpreterBinaries.path('metsrv','x64.dll')
|
||||
MetasploitPayloads.meterpreter_path('metsrv','x64.dll')
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -92,7 +92,7 @@ if client.platform =~ /win32|win64/
|
||||
to ||= from
|
||||
print_status(" >> Uploading #{from}...")
|
||||
fd = client.fs.file.new(tempdir + "\\" + to, "wb")
|
||||
path = (from == 'metsrv.x86.dll') ? MeterpreterBinaries.path('metsrv','x86.dll') : File.join(based, from)
|
||||
path = (from == 'metsrv.x86.dll') ? MetasploitPayloads.meterpreter_path('metsrv','x86.dll') : File.join(based, from)
|
||||
fd.write(::File.read(path, ::File.size(path)))
|
||||
fd.close
|
||||
end
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
require 'spec_helper'
|
||||
require 'rex/post/meterpreter'
|
||||
|
||||
describe MeterpreterBinaries do
|
||||
describe MetasploitPayloads do
|
||||
it 'is available' do
|
||||
expect(described_class).to eq(MeterpreterBinaries)
|
||||
expect(described_class).to eq(MetasploitPayloads)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user