@@ -28,7 +28,6 @@ def initialize(shell)
28
28
self . extensions = [ ]
29
29
self . bgjobs = [ ]
30
30
self . bgjob_id = 0
31
-
32
31
end
33
32
34
33
@@load_opts = Rex ::Parser ::Arguments . new (
@@ -50,7 +49,6 @@ def commands
50
49
"irb" => "Drop into irb scripting mode" ,
51
50
"use" => "Deprecated alias for 'load'" ,
52
51
"load" => "Load one or more meterpreter extensions" ,
53
- "transport" => "Change the current transport mechanism" ,
54
52
"machine_id" => "Get the MSF ID of the machine attached to the session" ,
55
53
"quit" => "Terminate the meterpreter session" ,
56
54
"resource" => "Run the commands stored in a file" ,
@@ -67,10 +65,17 @@ def commands
67
65
if client . passive_service
68
66
c [ "detach" ] = "Detach the meterpreter session (for http/https)"
69
67
end
70
- # The only meterp that implements this right now is native Windows and for
71
- # whatever reason it is not adding core_migrate to its list of commands.
72
- # Use a dumb platform til it gets sorted.
73
- #if client.commands.include? "core_migrate"
68
+
69
+ # Currently we have some windows-specific core commands`
70
+ if client . platform =~ /win/
71
+ # only support the SSL switching for HTTPS
72
+ if client . passive_service && client . sock . type? == 'tcp-ssl'
73
+ c [ "ssl_verify" ] = "Modify the SSL certificate verification setting"
74
+ end
75
+
76
+ c [ "transport" ] = "Change the current transport mechanism"
77
+ end
78
+
74
79
if client . platform =~ /win/ || client . platform =~ /linux/
75
80
c [ "migrate" ] = "Migrate the server to another process"
76
81
end
@@ -329,6 +334,87 @@ def cmd_machine_id(*args)
329
334
print_good ( "Machine ID: #{ client . core . machine_id } " )
330
335
end
331
336
337
+ #
338
+ # Arguments for ssl verification
339
+ #
340
+ @@ssl_verify_opts = Rex ::Parser ::Arguments . new (
341
+ '-e' => [ false , 'Enable SSL certificate verification' ] ,
342
+ '-d' => [ false , 'Disable SSL certificate verification' ] ,
343
+ '-q' => [ false , 'Query the statis of SSL certificate verification' ] ,
344
+ '-h' => [ false , 'Help menu' ] )
345
+
346
+ #
347
+ # Help for ssl verification
348
+ #
349
+ def cmd_ssl_verify_help
350
+ print_line ( 'Usage: ssl_verify [options]' )
351
+ print_line
352
+ print_line ( 'Change and query the current setting for SSL verification' )
353
+ print_line ( 'Only one of the following options can be used at a time' )
354
+ print_line ( @@ssl_verify_opts . usage )
355
+ end
356
+
357
+ #
358
+ # Handle the SSL verification querying and setting function.
359
+ #
360
+ def cmd_ssl_verify ( *args )
361
+ if ( args . length == 0 or args . include? ( "-h" ) )
362
+ cmd_ssl_verify_help
363
+ return
364
+ end
365
+
366
+ query = false
367
+ enable = false
368
+ disable = false
369
+
370
+ settings = 0
371
+
372
+ @@ssl_verify_opts . parse ( args ) do |opt , idx , val |
373
+ case opt
374
+ when '-q'
375
+ query = true
376
+ settings += 1
377
+ when '-e'
378
+ enable = true
379
+ settings += 1
380
+ when '-d'
381
+ disable = true
382
+ settings += 1
383
+ end
384
+ end
385
+
386
+ # Make sure only one action has been chosen
387
+ if settings != 1
388
+ cmd_ssl_verify_help
389
+ return
390
+ end
391
+
392
+ if query
393
+ hash = client . core . get_ssl_hash_verify
394
+ if hash
395
+ print_good ( "SSL verification is enabled. SHA1 Hash: #{ hash . unpack ( "H*" ) [ 0 ] } " )
396
+ else
397
+ print_good ( "SSL verification is disabled." )
398
+ end
399
+
400
+ elsif enable
401
+ hash = client . core . enable_ssl_hash_verify
402
+ if hash
403
+ print_good ( "SSL verification has been enabled. SHA1 Hash: #{ hash . unpack ( "H*" ) [ 0 ] } " )
404
+ else
405
+ print_error ( "Failed to enable SSL verification" )
406
+ end
407
+
408
+ else
409
+ if client . core . disable_ssl_hash_verify
410
+ print_good ( 'SSL verification has been disabled' )
411
+ else
412
+ print_error ( "Failed to disable SSL verification" )
413
+ end
414
+ end
415
+
416
+ end
417
+
332
418
#
333
419
# Arguments for transport switching
334
420
#
@@ -347,13 +433,19 @@ def cmd_machine_id(*args)
347
433
'-ex' => [ true , "Expiration timout (seconds) for http(s) transports (default: #{ Rex ::Post ::Meterpreter ::ClientCore ::DEFAULT_SESSION_EXPIRATION } )" ] ,
348
434
'-h' => [ false , 'Help menu' ] )
349
435
436
+ #
437
+ # Display help for transport switching
438
+ #
350
439
def cmd_transport_help
351
440
print_line ( 'Usage: transport [options]' )
352
441
print_line
353
442
print_line ( 'Change the current Meterpreter transport mechanism' )
354
443
print_line ( @@transport_opts . usage )
355
444
end
356
445
446
+ #
447
+ # Change the current transport setings.
448
+ #
357
449
def cmd_transport ( *args )
358
450
if ( args . length == 0 or args . include? ( "-h" ) )
359
451
cmd_transport_help
@@ -409,7 +501,7 @@ def cmd_transport(*args)
409
501
end
410
502
411
503
print_status ( "Swapping transport ..." )
412
- if client . core . change_transport ( opts )
504
+ if client . core . transport_change ( opts )
413
505
client . shutdown_passive_dispatcher
414
506
shell . stop
415
507
else
0 commit comments