github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-04-24 10:09:49 +02:00
Code Releases Activity

Fix typo, bomb out on invalid cert

Browse Source 
When the server cert checking fails, meterpreter now exits.
This commit is contained in:
OJ 2015-03-17 14:39:41 +10:00
parent 0739cbc0f3
commit 46ab7a02e8
3 changed files with 10 additions and 5 deletions
c/meterpreter/source
common
core.c
server
server_setup.c
win
server_setup_winhttp.c

6
c/meterpreter/source/common/core.c

@ -1842,7 +1842,7 @@ DWORD packet_receive_http_via_winhttp(Remote *remote, Packet **packet)
if (!WinHttpQueryOption(hReq, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &pCertContext, &dwCertContextSize)) if (!WinHttpQueryOption(hReq, WINHTTP_OPTION_SERVER_CERT_CONTEXT, &pCertContext, &dwCertContextSize))
{ {
vdprintf("[PACKET RECEIVE WINHTTPS] Failed to get the certificate context: %u", GetLastError()); vdprintf("[PACKET RECEIVE WINHTTPS] Failed to get the certificate context: %u", GetLastError());
SetLastError(ERROR_NOT_FOUND); SetLastError(ERROR_WINHTTP_SECURE_INVALID_CERT);
break; break;
} }
@ -1851,7 +1851,7 @@ DWORD packet_receive_http_via_winhttp(Remote *remote, Packet **packet)
if (!CertGetCertificateContextProperty(pCertContext, CERT_SHA1_HASH_PROP_ID, hash, &dwHashSize)) if (!CertGetCertificateContextProperty(pCertContext, CERT_SHA1_HASH_PROP_ID, hash, &dwHashSize))
{ {
vdprintf("[PACKET RECEIVE WINHTTPS] Failed to get the certificate hash: %u", GetLastError()); vdprintf("[PACKET RECEIVE WINHTTPS] Failed to get the certificate hash: %u", GetLastError());
SetLastError(ERROR_NOT_FOUND); SetLastError(ERROR_WINHTTP_SECURE_INVALID_CERT);
break; break;
} }
@ -1862,7 +1862,7 @@ DWORD packet_receive_http_via_winhttp(Remote *remote, Packet **packet)
if (memcmp(hash, remote->pCertHash, 20) != 0) if (memcmp(hash, remote->pCertHash, 20) != 0)
{ {
vdprintf("[PACKET RECEIVE WINHTTPS] Certificate hash doesn't match, bailing out"); vdprintf("[PACKET RECEIVE WINHTTPS] Certificate hash doesn't match, bailing out");
SetLastError(ERROR_NOT_FOUND); SetLastError(ERROR_WINHTTP_SECURE_INVALID_CERT);
break; break;
} }
} }

2
c/meterpreter/source/server/server_setup.c

@ -744,7 +744,7 @@ DWORD server_setup(SOCKET fd)
hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10], hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9], hash[10],
hash[11], hash[12], hash[13], hash[14], hash[15], hash[16], hash[17], hash[18], hash[19]); hash[11], hash[12], hash[13], hash[14], hash[15], hash[16], hash[17], hash[18], hash[19]);
if (strcmp(hash, "METERPETER_SSL_CERT_HASH") != 0) if (strcmp(hash, "METERPRETER_SSL_CERT_HASH") != 0)
{ {
pRemote->pCertHash = hash; pRemote->pCertHash = hash;
dprintf("[SERVER] is validating hashes %p", pRemote->pCertHash); dprintf("[SERVER] is validating hashes %p", pRemote->pCertHash);

7
c/meterpreter/source/server/win/server_setup_winhttp.c

@ -129,12 +129,17 @@ DWORD server_dispatch_http_winhttp(Remote* remote, THREAD* serverThread, int iEx
result = packet_receive_via_http(remote, &packet); result = packet_receive_via_http(remote, &packet);
if (result != ERROR_SUCCESS) if (result != ERROR_SUCCESS)
{ {
// Update the timestamp for empty replies // Update the timestamp for empty replies
if (result == ERROR_EMPTY) if (result == ERROR_EMPTY)
{ {
remote->comm_last_packet = current_unix_timestamp(); remote->comm_last_packet = current_unix_timestamp();
} }
else if (result == ERROR_WINHTTP_SECURE_INVALID_CERT)
{
// This means that the certificate validation failed, and so
// we don't trust who we're connecting with. Bail out.
break;
}
if (ecount < 10) if (ecount < 10)
{ {