not passing this flag was causing an error attempting
to open the keyset. by setting this we are telling the
CAPI that we only care about ephemeral keys, and so we don't
run into the container issues.
MSP-12356
Currently, the select timeout on the server socket is 100 ns, meaning that
while idle, the process can wake up 100k times per second. This switches the
timeout to 0.5 second, reducing the idle CPU usage and seemingly increasing
the reliability of posix meterpreter as well.
Tested with various test post test modules without failures.
This commit includes code which will allow for HTTP/S payload URIs to be hot-patched by the server without losing the UUID information. This was put in so that the stageless payloads can be used over and over again and not have issues with session URIs colliding.
The mechanism used for validation of the SSL cert string was the same as for many of the other global replacement options. However, the string value that was used for checking was also the same. The result was that the patch mechanism wasn't patching the right instance of the string.
DERP!
Why this hit stageless only I'm really not sure.
This commit just adds the braces around single-line blocks as per our "standard". This is important, especially in the case where those single lines contain macros which could expand to multiple lines.
Also added the use of the group packet functionality to make the search result code a little easier on the eye.
Querying of the status of SSL cert verification is now possible. This commit allows for this to be enabled and disabled on the fly.
Also include some code tidy/refactoring.
Instead of basing everything on URLs, the transport hopping now actually supports the creation of a whole new transport on the fly. The transport instance is stored in the remote as a "next transport" pointer.
This better facilitates the notion of being able to set all of the parameters on the transport when doing the switch, and is a step closer to being able to support chains of transports.
This commit includes code which attempts to bind to both IPv4 and IPv6 addresses so that the attacker can connect on either interface.
In the case of Windows XP, the IPv6 stack doesn't allow modification of the socket options so that both address types can be listened to on the same socket. Rather than create separate sockets for both cases, XP and earlier simply fall back to IPv4 only.
The transport refactor appears to be working, but the transport swtching
requires more work on the side of stageless posix before it will work.
At the moment, the POSIX implementation of the transport switching is
commented out so that it can't be used or built into the binaries.
This should mean we can move forward on other friends without this
holding us back.
This commit includes code which attempts to bind to both IPv4 and IPv6 addresses so that the attacker can connect on either interface.
In the case of Windows XP, the IPv6 stack doesn't allow modification of the socket options so that both address types can be listened to on the same socket. Rather than create separate sockets for both cases, XP and earlier simply fall back to IPv4 only.
