Add transport list binding

2025-03-24 18:16:24 +01:00 · 2015-11-04 14:04:22 +10:00 · 2015-11-04 14:04:22 +10:00 · 4b44e69ce9
commit 4b44e69ce9
parent 73b8422c14
4 changed files with 60 additions and 11 deletions
--- a/c/meterpreter/source/extensions/python/Lib/meterpreter/init.py
+++ b/c/meterpreter/source/extensions/python/Lib/meterpreter/init.py
@ -1,2 +1,2 @@
-__all__ = ['core', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito']
+__all__ = ['core', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito', 'transport']

--- a/c/meterpreter/source/extensions/python/Lib/meterpreter/core.py
+++ b/c/meterpreter/source/extensions/python/Lib/meterpreter/core.py
@ -192,23 +192,29 @@ def packet_get_tlv_default(pkt, tlv_type, default):

 # END OF COPY PASTE

-def validate_bindings(required):
-  """Use to make sure that the current set of bindings that is available
-  in Meterpreter's bindings list contains all those that are required by
-  the caller."""
-  missing = set(required) - set(dir(meterpreter_bindings))
-  if len(missing) > 0:
+def validate_binding(required):
+  """Makes sure that the current set of bindings that is available
+  in Meterpreter's bindings list contains that required by the caller.
+  This function returns the correct binding name to call."""
+
+  # assume all core commands are valid
+  if required[:5] == 'core_':
+    required = 'meterpreter_core'
+
+  if not required in set(dir(meterpreter_bindings)):
    raise Exception('Missing bindings: {0}'.format(list(missing)))

+  return required
+
 def invoke_meterpreter(method, is_local, tlv = ""):
-  validate_bindings([method])
+  binding = validate_binding(method)

  header = struct.pack('>I', PACKET_TYPE_REQUEST)
  header += tlv_pack(TLV_TYPE_METHOD, method)
  header += tlv_pack(TLV_TYPE_REQUEST_ID, 0)
  req = struct.pack('>I', len(header) + len(tlv) + 4) + header + tlv

-  return getattr(meterpreter_bindings, method)(is_local, req)
+  return getattr(meterpreter_bindings, binding)(is_local, req)

 def rnd_string(n):
  return ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(n))
--- a/c/meterpreter/source/extensions/python/Lib/meterpreter/transport.py
+++ b/c/meterpreter/source/extensions/python/Lib/meterpreter/transport.py
@ -0,0 +1,32 @@
+import meterpreter_bindings
+import datetime
+
+from meterpreter.core import *
+from meterpreter.tlv import *
+
+def list():
+  resp = invoke_meterpreter('core_transport_list', True)
+  if resp == None:
+      return []
+
+  transports = []
+  for transport in packet_enum_tlvs(resp, TLV_TYPE_TRANS_GROUP):
+    t = transport['value']
+    transports.append({
+      'URL': packet_get_tlv(t, TLV_TYPE_TRANS_URL)['value'],
+      'CommTimeout': packet_get_tlv(t, TLV_TYPE_TRANS_COMM_TIMEOUT)['value'],
+      'RetryTotal': packet_get_tlv(t, TLV_TYPE_TRANS_RETRY_TOTAL)['value'],
+      'RetryWait': packet_get_tlv(t, TLV_TYPE_TRANS_RETRY_WAIT)['value'],
+      'UA': packet_get_tlv_default(t, TLV_TYPE_TRANS_UA, None)['value'],
+      'ProxyHost': packet_get_tlv_default(t, TLV_TYPE_TRANS_PROXY_HOST, None)['value'],
+      'ProxyUser': packet_get_tlv_default(t, TLV_TYPE_TRANS_PROXY_USER, None)['value'],
+      'ProxyPass': packet_get_tlv_default(t, TLV_TYPE_TRANS_PROXY_PASS, None)['value'],
+      'CertHash': packet_get_tlv_default(t, TLV_TYPE_TRANS_CERT_HASH, None)['value']
+    })
+
+  expiry_secs = packet_get_tlv(resp, TLV_TYPE_TRANS_SESSION_EXP)['value']
+  expiry = datetime.datetime.now() + datetime.timedelta(seconds=expiry_secs)
+  return {
+    'SessionExpiry': expiry,
+    'Transports': transports
+  }
--- a/c/meterpreter/source/extensions/python/python_meterpreter_binding.c
+++ b/c/meterpreter/source/extensions/python/python_meterpreter_binding.c
@ -69,8 +69,13 @@ VOID binding_startup()
 VOID binding_add_command(const char* commandName)
 {
 	dprintf("[PYTHON] Adding command %s", (char*)commandName);
-	list_add(gBoundCommandList, (char*)commandName);
-	binding_insert_command(commandName);
+
+	// only add non-core commands
+	if (_strnicmp("core_", commandName, 5) != 0)
+	{
+		list_add(gBoundCommandList, (char*)commandName);
+		binding_insert_command(commandName);
+	}
 }

 VOID binding_init()
@ -78,6 +83,12 @@ VOID binding_init()
 	dprintf("[PYTHON] Initialising binding...");
 	gMeterpreterModule = Py_InitModule("meterpreter_bindings", NULL);

+	// we have a hard-coded core command binding for all core commands. This allows us to use
+	// the one function for all base core commands that aren't included as part of the "normal"
+	// mechanisms for extension loading. Without this, we'd have to manually wire in each of the
+	// base commands, which doesn't make sense. Instead we can match against core command names
+	// and funnel through this binding knowing that they'll be there regardless of the wiring.
+	binding_insert_command("meterpreter_core");
 	for (PNODE node = gBoundCommandList->start; node != NULL; node = node->next)
 	{
 		binding_insert_command((const char*)node->data);