From ec9f0b524229ecfbebc4e76c57fa53ebec504afd Mon Sep 17 00:00:00 2001
From: dwelch-r7 <dean_welch@rapid7.com>
Date: Mon, 11 Apr 2022 16:11:12 +0100
Subject: [PATCH] Add log path session config option

---
 lib/msf/core/payload/windows/meterpreter_loader.rb        | 4 ++--
 .../core/payload/windows/x64/meterpreter_loader_x64.rb    | 3 ++-
 lib/rex/payloads/meterpreter/config.rb                    | 8 +++++---
 .../singles/windows/meterpreter_bind_named_pipe.rb        | 3 ++-
 modules/payloads/singles/windows/meterpreter_bind_tcp.rb  | 3 ++-
 .../payloads/singles/windows/meterpreter_reverse_http.rb  | 3 ++-
 .../payloads/singles/windows/meterpreter_reverse_https.rb | 3 ++-
 .../singles/windows/meterpreter_reverse_ipv6_tcp.rb       | 3 ++-
 .../payloads/singles/windows/meterpreter_reverse_tcp.rb   | 3 ++-
 .../singles/windows/x64/meterpreter_bind_named_pipe.rb    | 3 ++-
 .../payloads/singles/windows/x64/meterpreter_bind_tcp.rb  | 3 ++-
 .../singles/windows/x64/meterpreter_reverse_http.rb       | 3 ++-
 .../singles/windows/x64/meterpreter_reverse_https.rb      | 3 ++-
 .../singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb   | 3 ++-
 .../singles/windows/x64/meterpreter_reverse_tcp.rb        | 3 ++-
 15 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/lib/msf/core/payload/windows/meterpreter_loader.rb b/lib/msf/core/payload/windows/meterpreter_loader.rb
index 64ac7dca32..85b2b32adb 100644
--- a/lib/msf/core/payload/windows/meterpreter_loader.rb
+++ b/lib/msf/core/payload/windows/meterpreter_loader.rb
@@ -82,9 +82,9 @@ module Payload::Windows::MeterpreterLoader
       transports:        opts[:transport_config] || [transport_config(opts)],
       extensions:        [],
       stageless:         opts[:stageless] == true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build:       datastore['MeterpreterDebugBuild'],
+      log_path:          Msf::OptMeterpreterDebugLogging.parse_logging_options(ds['MeterpreterDebugLogging'])[:rpath]
     }
-
     # create the configuration instance based off the parameters
     config = Rex::Payloads::Meterpreter::Config.new(config_opts)
 
diff --git a/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rb b/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rb
index 859e26c7b7..be4066fc77 100644
--- a/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rb
+++ b/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rb
@@ -85,7 +85,8 @@ module Payload::Windows::MeterpreterLoader_x64
       transports:        opts[:transport_config] || [transport_config(opts)],
       extensions:        [],
       stageless:         opts[:stageless] == true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:          Msf::OptMeterpreterDebugLogging.parse_logging_options(ds['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/lib/rex/payloads/meterpreter/config.rb b/lib/rex/payloads/meterpreter/config.rb
index 9e980621eb..62b02239a3 100644
--- a/lib/rex/payloads/meterpreter/config.rb
+++ b/lib/rex/payloads/meterpreter/config.rb
@@ -12,6 +12,7 @@ class Rex::Payloads::Meterpreter::Config
   PROXY_USER_SIZE = 64
   PROXY_PASS_SIZE = 64
   CERT_HASH_SIZE = 20
+  LOG_PATH_SIZE = 260 # https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd
 
   def initialize(opts={})
     @opts = opts
@@ -33,6 +34,7 @@ private
   end
 
   def to_str(item, size)
+
     if item.size >= size  # ">=" instead of only ">", because we need space for a terminating null byte (for string handling in C)
       raise Msf::PayloadItemSizeError.new(item, size - 1)
     end
@@ -58,16 +60,16 @@ private
     else
       session_guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
     end
-
     session_data = [
       0,                  # comms socket, patched in by the stager
       exit_func,          # exit function identifer
       opts[:expiration],  # Session expiry
       uuid,               # the UUID
-      session_guid        # the Session GUID
+      session_guid,        # the Session GUID
+      to_str(opts[:log_path] || '', LOG_PATH_SIZE) # Path to log file on remote target
     ]
 
-    session_data.pack('QVVA*A*')
+    session_data.pack('QVVA*A*A*')
   end
 
   def transport_block(opts)
diff --git a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
index fa70c4d4c1..d40c97ddb7 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
index f497aae56e..f5d00a271e 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
index ca12e41f05..55e4333729 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
@@ -56,7 +56,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
index f97bdaf9e0..0ad56be2b4 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
@@ -56,7 +56,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
index 961e0a8886..fdb4403456 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
@@ -52,7 +52,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
index 524f40264d..db2f2b8ca5 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
index e624f309a6..1b6a365115 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
index f367109eac..910ca6d774 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
index e0eb33273d..d82d788f7e 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
@@ -56,7 +56,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
index 53e7e0c513..73d3448e20 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
@@ -56,7 +56,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
index a90cd121be..7a4e064d67 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
@@ -52,7 +52,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
index 4c9d0cdd22..57b348f3fd 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
@@ -51,7 +51,8 @@ module MetasploitModule
       extensions: (datastore['EXTENSIONS'] || '').split(','),
       ext_init:   (datastore['EXTINIT'] || ''),
       stageless:  true,
-      debug_build: datastore['MeterpreterDebugBuild']
+      debug_build: datastore['MeterpreterDebugBuild'],
+      log_path:   Msf::OptMeterpreterDebugLogging.parse_logging_options(datastore['MeterpreterDebugLogging'])[:rpath]
     }
 
     # create the configuration instance based off the parameters