Register the init_* URLs and whitelist these

HD Moore · HD Moore · commit 4622fa60eb66 · 2015-05-21T00:22:41.000-05:00
diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
@@ -154,6 +154,10 @@ def setup_handler
 
     print_status("Started #{scheme.upcase} reverse handler on #{listener_uri}")
     lookup_proxy_settings
+
+    if datastore['IgnoreUnknownPayloads']
+      print_status("Handler is ignoring unknown payloads, there are #{framework.uuid_db.keys.length} UUIDs whitelisted")
+    end
   end
 
   #
@@ -229,11 +233,21 @@ def on_request(cli, req, obj)
       conn_id = generate_uri_uuid(URI_CHECKSUM_CONN, uuid)
     end
 
+    # Validate known UUIDs for all requests if IgnoreUnknownPayloads is set
     if datastore['IgnoreUnknownPayloads'] && ! framework.uuid_db[uuid.puid_hex]
-      print_status("#{cli.peerhost}:#{cli.peerport} Ignoring request with unknown UUID #{uuid.to_s}")
+      print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring request with unknown UUID")
       info[:mode] = :unknown_uuid
     end
 
+    # Validate known URLs for all session init requests if IgnoreUnknownPayloads is set
+    if datastore['IgnoreUnknownPayloads'] && info[:mode].to_s =~ /^init_/
+      allowed_urls = framework.uuid_db[uuid.puid_hex]['urls'] || []
+      unless allowed_urls.include?(req.relative_resource)
+        print_status("#{cli.peerhost}:#{cli.peerport} (UUID: #{uuid.to_s}) Ignoring request with unknown UUID URL #{req.relative_resource}")
+        info[:mode] = :unknown_uuid_url
+      end
+    end
+
     self.pending_connections += 1
 
     # Process the requested resource.
@@ -374,7 +388,9 @@ def on_request(cli, req, obj)
         })
 
       else
-        print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} #{req.inspect}...")
+        unless [:unknown_uuid, :unknown_uuid_url].include?(info[:mode])
+          print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} with UA #{req.headers['User-Agent']}...")
+        end
         resp.code    = 200
         resp.message = "OK"
         resp.body    = datastore['HttpUnknownRequestResponse'].to_s
diff --git a/lib/msf/core/payload/uuid/options.rb b/lib/msf/core/payload/uuid/options.rb
@@ -42,7 +42,11 @@ def generate_uri_uuid_mode(mode,len=nil)
       return "/" + generate_uri_checksum(sum, len, prefix="")
     end
 
-    generate_uri_uuid(sum, generate_payload_uuid, len)
+    uuid = generate_payload_uuid
+    uri  = generate_uri_uuid(sum, uuid, len)
+    record_payload_uuid_url(uuid, uri)
+
+    uri
   end
 
   # Generate a Payload UUID
@@ -68,6 +72,10 @@ def generate_payload_uuid
       conf[:puid] = puid_raw
     end
 
+    if datastore['PayloadUUIDName'].to_s.length > 0 && ! datastore['PayloadUUIDTracking']
+      raise ArgumentError, "The PayloadUUIDName value is ignored unless PayloadUUIDTracking is enabled"
+    end
+
     # Generate the UUID object
     uuid = Msf::Payload::UUID.new(conf)
     record_payload_uuid(uuid)
@@ -98,5 +106,15 @@ def record_payload_uuid(uuid, info={})
     framework.uuid_db[uuid.puid_hex] = uuid_info
   end
 
+  # Store a UUID URL in the JSON database if tracking is enabled
+  def record_payload_uuid_url(uuid, url)
+    return unless datastore['PayloadUUIDTracking']
+    uuid_info = framework.uuid_db[uuid.puid_hex]
+    uuid_info['urls'] ||= []
+    uuid_info['urls'] << url
+    uuid_info['urls'].uniq!
+    framework.uuid_db[uuid.puid_hex] = uuid_info
+  end
+
 end
 
