We are currently inconsistently handling errors in recv() when flushing data from a TCP socket. In one case, we handle the graceful close, but not the error case. In the other, we handle exactly the opposite.
Both of these loops may spin indefinitely depending on the recv value from the remote server. In one, if the TCP connection is abruptly closed in stageless meterpreter or on a transport switch, the flush function may loop. In the other, if the remote server does a socket shutdown, but not a close, we will also loop.
This setting doesn't appear to have any bearing at all on the way the proxy stuff is managed, as a result looking for this flag doesn't make sense. Instead, we just look for presence of the URLs to use, and if found, that's what we use.
This also uses the WinHttpSetOption function for setting credentials which allows for independenc use of user and password.
The original implementation assumed that the UUIDs were coming through a strings, but this was changed at some point to use the 16-byte UUID format straight out of MSF.
This was causing issues when UUIDs had null bytes in them because the UUID was being truncated and the result was that UUIDs that were being parsed in MSF were too small, resulting in exceptions.
Only compute the value once, this prevents changing if drive topology changes.
Consider ata and md drive prefixes.
Always set a MACHINE_ID value, upstream expects it in the reply.
Transport hopping checks for prev/next weren't right. Also, moving from TCP comms was resulting failure due to the fact that it's close to impossible to get Windows to flush the buffer to MSF prior to terminating the socket without doing all kinds of horrible stuff to the socket options (which would ultimately bloat the stagers).
Instead we rely on MSf to clean things up.
Users can now add transports without switching to them straight away. They can then move forward and backwards using the next and prev commands in MSF. There's also the get UUID facility too.
Migration now works again, and supports all the transports while migrating as well. At the moment we don't have the ability to take extensions across as well, though that might come when we have fixed up the issues with stageless meterpreter.
Creation of transports for switching is done a little differently now. But the transports do cycle correctly now when things fail, each with their respective retry times.
Lots of transported related things were in the core library which didn't make any sense given that the only thing that needed it was metsrv. This moves the functionality out into metsrv, reformats stuff and gets rid of some dead code.
TODO: Make this work with POSIX.
This changeset fixes an issue with POSIX failing to keep track of loaded
extensions properly. The timeout calcs for waiting were trying to be too
smart and hence were simplified.
Also added another flush when reconnecting so that the body of the
second instance of metsrv is ignored by the POSIX side. In future, when
stageless meterpreter works with POSIX, we won't have to do this.
Currently, the select timeout on the server socket is 100 ns, meaning that
while idle, the process can wake up 100k times per second. This switches the
timeout to 0.5 second, reducing the idle CPU usage and seemingly increasing
the reliability of posix meterpreter as well.
Tested with various test post test modules without failures.
This commit includes code which will allow for HTTP/S payload URIs to be hot-patched by the server without losing the UUID information. This was put in so that the stageless payloads can be used over and over again and not have issues with session URIs colliding.
