Refactor Msf::Payload::UUID, use this in reverse_http

HD Moore · HD Moore · commit 378e86748657 · 2015-03-22T16:17:12.000-05:00
diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
@@ -212,14 +212,18 @@ def lookup_proxy_settings
   #
   def on_request(cli, req, obj)
     resp = Rex::Proto::Http::Response.new
+    info = process_uri_resource(req.relative_resource)
+    uuid = info[:uuid] || Msf::Payload::UUID.new
 
-    print_status("#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}...")
+    # Configure the UUID architecture and payload if necessary
+    uuid.arch      = obj.arch if uuid.arch.nil?
+    uuid.platform  = obj.platform if uuid.platform.nil?
 
-    info = process_uri_resource(req.relative_resource)
+    print_status "#{cli.peerhost}:#{cli.peerport} Request received for #{req.relative_resource}... (UUID:#{uuid.to_s})"
 
     conn_id = nil
     if info[:mode] && info[:mode] != :connect
-      conn_id = generate_uri_connect_uuid(info[:uuid], obj.arch, obj.platform)
+      conn_id = generate_uri_connect_uuid(uuid)
     end
 
     # Process the requested resource.
@@ -255,6 +259,7 @@ def on_request(cli, req, obj)
           :expiration         => datastore['SessionExpirationTimeout'].to_i,
           :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
           :ssl                => ssl?,
+          :uuid               => uuid
         })
         self.pending_connections += 1
 
@@ -282,7 +287,8 @@ def on_request(cli, req, obj)
           :url                => url,
           :expiration         => datastore['SessionExpirationTimeout'].to_i,
           :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
-          :ssl                => ssl?
+          :ssl                => ssl?,
+          :uuid               => uuid
         })
 
       when :init_native
@@ -318,6 +324,7 @@ def on_request(cli, req, obj)
           :expiration         => datastore['SessionExpirationTimeout'].to_i,
           :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
           :ssl                => ssl?,
+          :uuid               => uuid
         })
 
       when :connect
@@ -333,6 +340,7 @@ def on_request(cli, req, obj)
           :expiration         => datastore['SessionExpirationTimeout'].to_i,
           :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
           :ssl                => ssl?,
+          :uuid               => uuid
         })
 
       else
diff --git a/lib/msf/core/handler/reverse_http/uri_checksum.rb b/lib/msf/core/handler/reverse_http/uri_checksum.rb
@@ -46,48 +46,25 @@ def process_uri_resource(uri)
           # Figure out the mode based on the checksum
           uri_csum = Rex::Text.checksum8(uri_bare)
 
+          # Extract the UUID if the URI is long enough
           uri_uuid = nil
-
           if uri_bare.length >= URI_CHECKSUM_UUID_MIN_LEN
-            uri_uuid =
-              Msf::Payload::UUID.payload_uuid_parse_raw(
-                Rex::Text.decode_base64url(
-                  uri_bare[0, Msf::Payload::UUID::UriLength]))
-
-            # Verify the uri_uuid fields and unset everything but
-            # the unique ID itself unless it looks wonky.
-            if uri_uuid[:timestamp] > (Time.now.utc.to_i + (24*3600*365)) ||
-               uri_uuid[:timestamp] < (Time.now.utc.to_i - (24*3600*365)) ||
-               (uri_uuid[:arch].nil? && uri_uuid[:platform].nil?)
-               uri_uuid = { puid: uri_uuid[:puid] }
-            end
+            uri_uuid = Msf::Payload::UUID.new(uri: uri_bare)
           end
 
           uri_mode = URI_CHECKSUM_MODES[uri_csum]
 
-          # Return a hash of URI attributes to the caller
-          {
-             uri: uri_bare,
-             sum: uri_csum,
-            uuid: uri_uuid,
-            mode: uri_mode
-          }
+          # Return a hash of URI attributes
+          { uri: uri_bare, sum: uri_csum, uuid: uri_uuid, mode: uri_mode }
         end
 
         # Create a URI that matches the :connect mode with optional UUID, Arch, and Platform
         #
-        # @param uuid [Hash] An optional hash with the UUID parameters
-        # @param arch [String] An optional architecture name to use if no UUID is provided
-        # @param platform [String] An optional platform name to use if no UUID is provided
-        # @return [String] The URI string that checksums to the given value
-        def generate_uri_connect_uuid(uuid=nil, arch=nil, platform=nil)
+        # @param uuid [Msf::Payload::UUID] A valid UUID object
+        # @return [String] The URI string for connections
+        def generate_uri_connect_uuid(uuid)
           curl_uri_len = URI_CHECKSUM_UUID_MIN_LEN+rand(URI_CHECKSUM_CONN_MAX_LEN-URI_CHECKSUM_UUID_MIN_LEN)
-          curl_prefix  = Rex::Text.encode_base64url(
-            Msf::Payload::UUID.payload_uuid_generate_raw(
-                   uuid: uuid[:puid],
-                   arch: uuid[:arch] || arch,
-               platform: uuid[:platform] || platform,
-              timestamp: uuid[:timestamp] ))
+          curl_prefix  = uuid.to_uri
 
           # Pad out the URI and make the checksum match :connect
           "/" + generate_uri_checksum(URI_CHECKSUM_CONN, curl_uri_len, curl_prefix)
diff --git a/lib/msf/core/payload/uuid.rb b/lib/msf/core/payload/uuid.rb
