github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-18 15:14:10 +01:00
Code Releases Activity

Fix TLV type defs and config size for HTTP migrate

Browse Source
This commit is contained in:
OJ 2017-10-04 10:42:40 +10:00
parent 32ddcf716f
commit db20322182
No known key found for this signature in database
GPG Key ID: D5DC61FB93260597
7 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
c/meterpreter/source/extensions/python/Lib/meterpreter/core.py
View File

@ -104,7 +104,8 @@ TLV_TYPE_TRANS_PROXY_USER = TLV_META_TYPE_STRING | 437
TLV_TYPE_TRANS_PROXY_PASS = TLV_META_TYPE_STRING | 438 TLV_TYPE_TRANS_PROXY_PASS = TLV_META_TYPE_STRING | 438
TLV_TYPE_TRANS_RETRY_TOTAL = TLV_META_TYPE_UINT | 439 TLV_TYPE_TRANS_RETRY_TOTAL = TLV_META_TYPE_UINT | 439
TLV_TYPE_TRANS_RETRY_WAIT = TLV_META_TYPE_UINT | 440 TLV_TYPE_TRANS_RETRY_WAIT = TLV_META_TYPE_UINT | 440
TLV_TYPE_TRANS_GROUP = TLV_META_TYPE_GROUP | 441 TLV_TYPE_TRANS_HEADERS = TLV_META_TYPE_STRING | 441
TLV_TYPE_TRANS_GROUP = TLV_META_TYPE_GROUP | 442
TLV_TYPE_MACHINE_ID = TLV_META_TYPE_STRING | 460 TLV_TYPE_MACHINE_ID = TLV_META_TYPE_STRING | 460
TLV_TYPE_UUID = TLV_META_TYPE_RAW | 461 TLV_TYPE_UUID = TLV_META_TYPE_RAW | 461

2
c/meterpreter/source/server/server_setup_win.c
View File

@ -240,7 +240,7 @@ static void config_create(Remote* remote, LPBYTE uuid, MetsrvConfig** config, LP
// extend memory appropriately // extend memory appropriately
DWORD neededSize = t->get_config_size(t); DWORD neededSize = t->get_config_size(t);
dprintf("[CONFIG] Allocating %u bytes for transport, total of %u bytes", neededSize, s); dprintf("[CONFIG] Allocating %u bytes for transport, total of %u bytes", neededSize, s + neededSize);
sess = (MetsrvSession*)realloc(sess, s + neededSize); sess = (MetsrvSession*)realloc(sess, s + neededSize);

25
c/meterpreter/source/server/win/server_transport_winhttp.c
View File

@ -855,42 +855,51 @@ void transport_write_http_config(Transport* transport, MetsrvTransportHttp* conf
{ {
HttpTransportContext* ctx = (HttpTransportContext*)transport->ctx; HttpTransportContext* ctx = (HttpTransportContext*)transport->ctx;
dprintf("[HTTP CONF] Writing timeouts");
config->common.comms_timeout = transport->timeouts.comms; config->common.comms_timeout = transport->timeouts.comms;
config->common.retry_total = transport->timeouts.retry_total; config->common.retry_total = transport->timeouts.retry_total;
config->common.retry_wait = transport->timeouts.retry_wait; config->common.retry_wait = transport->timeouts.retry_wait;
wcsncpy(config->common.url, transport->url, URL_SIZE); wcsncpy(config->common.url, transport->url, URL_SIZE);
if (ctx->ua) if (ctx->ua)
{ {
dprintf("[HTTP CONF] Writing UA");
wcsncpy(config->ua, ctx->ua, UA_SIZE); wcsncpy(config->ua, ctx->ua, UA_SIZE);
} }
if (ctx->cert_hash) if (ctx->cert_hash)
{ {
dprintf("[HTTP CONF] Writing cert hash");
memcpy(config->ssl_cert_hash, ctx->cert_hash, CERT_HASH_SIZE); memcpy(config->ssl_cert_hash, ctx->cert_hash, CERT_HASH_SIZE);
} }
if (ctx->proxy) if (ctx->proxy)
{ {
dprintf("[HTTP CONF] Writing proxy");
wcsncpy(config->proxy.hostname, ctx->proxy, PROXY_HOST_SIZE); wcsncpy(config->proxy.hostname, ctx->proxy, PROXY_HOST_SIZE);
} }
if (ctx->proxy_user) if (ctx->proxy_user)
{ {
dprintf("[HTTP CONF] Writing user");
wcsncpy(config->proxy.username, ctx->proxy_user, PROXY_USER_SIZE); wcsncpy(config->proxy.username, ctx->proxy_user, PROXY_USER_SIZE);
} }
if (ctx->proxy_pass) if (ctx->proxy_pass)
{ {
dprintf("[HTTP CONF] Writing pass");
wcsncpy(config->proxy.password, ctx->proxy_pass, PROXY_PASS_SIZE); wcsncpy(config->proxy.password, ctx->proxy_pass, PROXY_PASS_SIZE);
} }
if (ctx->custom_headers) if (ctx->custom_headers)
{ {
dprintf("[HTTP CONF] Writing custom headers");
// let's hope they've allocated the right amount of space based on what we told them // let's hope they've allocated the right amount of space based on what we told them
// in transport_get_config_size_http // in transport_get_config_size_http
wcscpy(config->custom_headers, ctx->custom_headers); wcscpy(config->custom_headers, ctx->custom_headers);
} }
dprintf("[HTTP CONF] Done.");
} }
/*! /*!
@ -900,7 +909,7 @@ void transport_write_http_config(Transport* transport, MetsrvTransportHttp* conf
*/ */
static DWORD transport_get_config_size_http(Transport* t) static DWORD transport_get_config_size_http(Transport* t)
{ {
DWORD size = sizeof(MetsrvTransportNamedPipe); DWORD size = sizeof(MetsrvTransportHttp);
// Make sure we account for the custom headers, if there are any, which aren't // Make sure we account for the custom headers, if there are any, which aren't
// of a predetermined size. // of a predetermined size.

4
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/HttpTransport.java
View File

@ -101,6 +101,10 @@ public class HttpTransport extends Transport {
this.certHash = certHash; this.certHash = certHash;
} }
public String getCustomHeaders() {
return this.customHeaders;
}
public void disconnect() { public void disconnect() {
} }

3
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java
View File

@ -62,7 +62,8 @@ public interface TLVType {
public static final int TLV_TYPE_TRANS_PROXY_PASS = TLVPacket.TLV_META_TYPE_STRING | 438; public static final int TLV_TYPE_TRANS_PROXY_PASS = TLVPacket.TLV_META_TYPE_STRING | 438;
public static final int TLV_TYPE_TRANS_RETRY_TOTAL = TLVPacket.TLV_META_TYPE_UINT | 439; public static final int TLV_TYPE_TRANS_RETRY_TOTAL = TLVPacket.TLV_META_TYPE_UINT | 439;
public static final int TLV_TYPE_TRANS_RETRY_WAIT = TLVPacket.TLV_META_TYPE_UINT | 440; public static final int TLV_TYPE_TRANS_RETRY_WAIT = TLVPacket.TLV_META_TYPE_UINT | 440;
public static final int TLV_TYPE_TRANS_GROUP = TLVPacket.TLV_META_TYPE_GROUP | 441; public static final int TLV_TYPE_TRANS_HEADERS = TLVPacket.TLV_META_TYPE_STRING | 441;
public static final int TLV_TYPE_TRANS_GROUP = TLVPacket.TLV_META_TYPE_GROUP | 442;
public static final int TLV_TYPE_MACHINE_ID = TLVPacket.TLV_META_TYPE_STRING | 460; public static final int TLV_TYPE_MACHINE_ID = TLVPacket.TLV_META_TYPE_STRING | 460;
public static final int TLV_TYPE_UUID = TLVPacket.TLV_META_TYPE_RAW | 461; public static final int TLV_TYPE_UUID = TLVPacket.TLV_META_TYPE_RAW | 461;

4
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_transport_list.java
View File

@ -47,6 +47,10 @@ public class core_transport_list implements Command {
if (h.getCertHash() != null) { if (h.getCertHash() != null) {
transportData.add(TLVType.TLV_TYPE_TRANS_CERT_HASH, h.getCertHash()); transportData.add(TLVType.TLV_TYPE_TRANS_CERT_HASH, h.getCertHash());
} }
if (h.getCustomHeaders() != null) {
transportData.add(TLVType.TLV_TYPE_TRANS_HEADERS, h.getCustomHeaders());
}
} }
response.addOverflow(TLVType.TLV_TYPE_TRANS_GROUP, transportData); response.addOverflow(TLVType.TLV_TYPE_TRANS_GROUP, transportData);

3
powershell/MSF.Powershell/Meterpreter/Enumerations.cs
View File

@ -82,7 +82,8 @@ namespace MSF.Powershell.Meterpreter
TransProxyPass = MetaType.String | 438, TransProxyPass = MetaType.String | 438,
TransRetryTotal = MetaType.Uint | 439, TransRetryTotal = MetaType.Uint | 439,
TransRetryWait = MetaType.Uint | 440, TransRetryWait = MetaType.Uint | 440,
TransGroup = MetaType.Group | 441, TransHeaders = MetaType.String | 441,
TransGroup = MetaType.Group | 442,
MachineId = MetaType.String | 460, MachineId = MetaType.String | 460,
Uuid = MetaType.Raw | 461, Uuid = MetaType.Raw | 461,