Land #20012, MeterpreterOptions break-up and default extension loading removal

MeterpreterOptions break-up and default extension loading removal

Author: msutovsky-r7

lib/msf/base/sessions/meterpreter.rb

@@ -180,32 +180,30 @@ def bootstrap(datastore = {}, handler = nil)
       print_warning('Meterpreter start up operations have been aborted. Use the session at your own risk.')
       return nil
     end
-    # Unhook the process prior to loading stdapi to reduce logging/inspection by any AV/PSP
-    if datastore['AutoUnhookProcess'] == true
-      console.run_single('load unhook')
-      console.run_single('unhook_pe')
-    end
-
-    unless datastore['AutoLoadStdapi'] == false
-
-      session.load_stdapi
-
-      unless datastore['AutoSystemInfo'] == false
-        session.load_session_info
-      end
-
-      # only load priv on native windows
-      # TODO: abstract this too, to remove windows stuff
-      if session.platform == 'windows' && [ARCH_X86, ARCH_X64].include?(session.arch)
-        session.load_priv rescue nil
-      end
-    end
-
+    extensions = datastore['AutoLoadExtensions']&.delete(' ').split(',') || []
+
+    # BEGIN: This should be removed on MSF 7
+    # Unhook the process prior to loading stdapi to reduce logging/inspection by any AV/PSP (by default unhook is first, see meterpreter_options/windows.rb)
+    extensions.push('unhook') if datastore['AutoUnhookProcess'] && session.platform == 'windows'
+    extensions.push('stdapi') if datastore['AutoLoadStdapi']
+    extensions.push('priv') if datastore['AutoLoadStdapi'] && session.platform == 'windows'
+    extensions.push('android') if session.platform == 'android'
+    extensions = extensions.uniq
+    # END
+    original = console.disable_output
+    console.disable_output = true
     # TODO: abstract this a little, perhaps a "post load" function that removes
     # platform-specific stuff?
-    if session.platform == 'android'
-      session.load_android
+    extensions.each do |extension|
+      begin
+        console.run_single("load #{extension}")
+        console.run_single('unhook_pe') if extension == 'unhook'
+        session.load_session_info if extension == 'stdapi' && datastore['AutoSystemInfo']
+      rescue => e
+        print_warning("Failed loading extension #{extension}")
+      end
     end
+    console.disable_output = original
 
     ['InitialAutoRunScript', 'AutoRunScript'].each do |key|
       unless datastore[key].nil? || datastore[key].empty?

lib/msf/base/sessions/meterpreter_options/android.rb

@@ -0,0 +1,27 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Android
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi,android']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/apple_ios.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::AppleIos
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+            OptString.new(
+              'PayloadProcessCommandLine',
+              [ false, 'The displayed command line that will be used by the payload', '']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/bsd.rb

@@ -0,0 +1,27 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Bsd
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options.rb renamed to lib/msf/base/sessions/meterpreter_options/common.rb

@@ -7,7 +7,7 @@ module Sessions
     #
     # Defines common options across all Meterpreter implementations
     #
-    module MeterpreterOptions
+    module MeterpreterOptions::Common
 
       TIMEOUT_SESSION = 24 * 3600 * 7  # 1 week
       TIMEOUT_COMMS = 300              # 5 minutes
@@ -63,14 +63,6 @@ def initialize(info = {})
               'SessionCommunicationTimeout',
               [ false, 'The number of seconds of no activity before this session should be killed', TIMEOUT_COMMS]
             ),
-            OptString.new(
-              'PayloadProcessCommandLine',
-              [ false, 'The displayed command line that will be used by the payload', '']
-            ),
-            OptBool.new(
-              'AutoUnhookProcess',
-              [true, "Automatically load the unhook extension and unhook the process", false]
-            ),
             OptBool.new(
               'MeterpreterDebugBuild',
               [false, 'Use a debug version of Meterpreter']

lib/msf/base/sessions/meterpreter_options/java.rb

@@ -0,0 +1,27 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Java
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/linux.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Linux
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+            OptString.new(
+              'PayloadProcessCommandLine',
+              [ false, 'The displayed command line that will be used by the payload', '']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/osx.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::OSX
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, 'Automatically load extensions on bootstrap, comma separated.', 'stdapi']
+            ),
+            OptString.new(
+              'PayloadProcessCommandLine',
+              [ false, 'The displayed command line that will be used by the payload', '']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/php.rb

@@ -0,0 +1,27 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Php
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end

lib/msf/base/sessions/meterpreter_options/python.rb

@@ -0,0 +1,27 @@
+# -*- coding: binary -*-
+
+require 'shellwords'
+
+module Msf
+  module Sessions
+    #
+    # Defines common options across all Meterpreter implementations
+    #
+    module MeterpreterOptions::Python
+      include Msf::Sessions::MeterpreterOptions::Common
+      def initialize(info = {})
+        super(info)
+
+        register_advanced_options(
+          [
+            OptString.new(
+              'AutoLoadExtensions',
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'stdapi']
+            ),
+          ],
+          self.class
+        )
+      end
+    end
+  end
+end