Lands rapid7#4906 and fixes rapid7#4905 by updating Conventions for HTTP incompatible payloads

HD Moore · HD Moore · commit 02c7461d32fd · 2015-03-11T00:49:27.000-05:00
diff --git a/modules/payloads/stages/windows/shell.rb b/modules/payloads/stages/windows/shell.rb
@@ -23,7 +23,7 @@ def initialize(info = {})
       'Session'       => Msf::Sessions::CommandShellWindows,
       'PayloadCompat' =>
         {
-          'Convention' => 'sockedi -https'
+          'Convention' => 'sockedi -http -https'
         },
       'Stage'         =>
         {
diff --git a/modules/payloads/stages/windows/upexec.rb b/modules/payloads/stages/windows/upexec.rb
@@ -23,7 +23,7 @@ def initialize(info = {})
       'Session'       => Msf::Sessions::CommandShellWindows,
       'PayloadCompat' =>
         {
-          'Convention' => 'sockedi -https'
+          'Convention' => 'sockedi -http -https'
         },
       'Stage'         =>
         {
diff --git a/modules/payloads/stages/windows/vncinject.rb b/modules/payloads/stages/windows/vncinject.rb
@@ -25,7 +25,8 @@ def initialize(info = {})
       'Name'          => 'VNC Server (Reflective Injection)',
       'Description'   => 'Inject a VNC Dll via a reflective loader (staged)',
       'Author'        => [ 'sf' ],
-      'Session'       => Msf::Sessions::VncInject ))
+      'Session'       => Msf::Sessions::VncInject,
+      'Convention'    => 'sockedi -http -https'))
 
   end
 
diff --git a/modules/payloads/stages/windows/x64/shell.rb b/modules/payloads/stages/windows/x64/shell.rb
@@ -23,7 +23,7 @@ def initialize(info = {})
       'Session'       => Msf::Sessions::CommandShellWindows,
       'PayloadCompat' =>
         {
-          'Convention' => 'sockrdi'
+          'Convention' => 'sockrdi -http -https'
         },
       'Stage'         =>
         {
diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
@@ -2991,39 +2991,6 @@
                           reference_name: 'windows/shell/find_tag'
   end
 
-  context 'windows/shell/reverse_hop_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_hop_http',
-                              'stages/windows/shell'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/shell/reverse_hop_http'
-  end
-
-  context 'windows/shell/reverse_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_http',
-                              'stages/windows/shell'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/shell/reverse_http'
-  end
-
-  context 'windows/shell/reverse_http_proxy_pstore' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                            'stagers/windows/reverse_http_proxy_pstore',
-                            'stages/windows/shell'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/shell/reverse_http_proxy_pstore'
-  end
-
   context 'windows/shell/reverse_ipv6_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
@@ -3217,39 +3184,6 @@
                           reference_name: 'windows/upexec/find_tag'
   end
 
-  context 'windows/upexec/reverse_hop_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_hop_http',
-                              'stages/windows/upexec'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/upexec/reverse_hop_http'
-  end
-
-  context 'windows/upexec/reverse_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_http',
-                              'stages/windows/upexec'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/upexec/reverse_http'
-  end
-
-  context 'windows/upexec/reverse_http_proxy_pstore' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                            'stagers/windows/reverse_http_proxy_pstore',
-                            'stages/windows/upexec'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/upexec/reverse_http_proxy_pstore'
-  end
-
   context 'windows/upexec/reverse_ipv6_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
@@ -3393,39 +3327,6 @@
                           reference_name: 'windows/vncinject/find_tag'
   end
 
-  context 'windows/vncinject/reverse_hop_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_hop_http',
-                              'stages/windows/vncinject'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/vncinject/reverse_hop_http'
-  end
-
-  context 'windows/vncinject/reverse_http' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/reverse_http',
-                              'stages/windows/vncinject'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/vncinject/reverse_http'
-  end
-
-  context 'windows/vncinject/reverse_http_proxy_pstore' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                            'stagers/windows/reverse_http_proxy_pstore',
-                            'stages/windows/vncinject'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/vncinject/reverse_http_proxy_pstore'
-  end
-
   context 'windows/vncinject/reverse_ipv6_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
@@ -3578,17 +3479,6 @@
                           reference_name: 'windows/x64/shell/bind_tcp'
   end
 
-  context 'windows/x64/shell/reverse_https' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/x64/reverse_https',
-                              'stages/windows/x64/shell'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/x64/shell/reverse_https'
-  end
-
   context 'windows/x64/shell/reverse_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
@@ -3631,17 +3521,6 @@
                           reference_name: 'windows/x64/vncinject/bind_tcp'
   end
 
-  context 'windows/x64/vncinject/reverse_https' do
-    it_should_behave_like 'payload cached size is consistent',
-                          ancestor_reference_names: [
-                              'stagers/windows/x64/reverse_https',
-                              'stages/windows/x64/vncinject'
-                          ],
-                          dynamic_size: false,
-                          modules_pathname: modules_pathname,
-                          reference_name: 'windows/x64/vncinject/reverse_https'
-  end
-
   context 'windows/x64/vncinject/reverse_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ def initialize(info = {})`
`23`	`23`	`'Session' => Msf::Sessions::CommandShellWindows,`
`24`	`24`	`'PayloadCompat' =>`
`25`	`25`	`{`
`26`		`- 'Convention' => 'sockedi -https'`
	`26`	`+ 'Convention' => 'sockedi -http -https'`
`27`	`27`	`},`
`28`	`28`	`'Stage' =>`
`29`	`29`	`{`