Land rapid7#8021, Add new core_native_arch method to Meterpreter

Author: Brent Cook

Gemfile.lock

@@ -14,7 +14,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.2.15)
+      metasploit-payloads (= 1.2.16)
       metasploit_data_models
       metasploit_payloads-mettle (= 0.1.7)
       msgpack
@@ -169,7 +169,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.15)
+    metasploit-payloads (1.2.16)
     metasploit_data_models (2.0.14)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)

lib/msf/base/sessions/meterpreter.rb

@@ -536,6 +536,15 @@ def arch
     end
   end
 
+  #
+  # Get a string representation of the architecture of the process in which the
+  # current session is running. This defaults to the same value of arch but can
+  # be overridden by specific meterpreter implementations to add support.
+  #
+  def native_arch
+    arch
+  end
+
   #
   # Generate a binary suffix based on arch
   #

lib/msf/base/sessions/meterpreter_python.rb

@@ -108,6 +108,10 @@ def lookup_error(error_code)
     unknown_error
   end
 
+  def native_arch
+    @native_arch ||= self.core.native_arch
+  end
+
   def supports_ssl?
     false
   end

lib/rex/post/meterpreter/client_core.rb

@@ -325,6 +325,18 @@ def machine_id(timeout=nil)
     Rex::Text.md5(mid.to_s.downcase.strip)
   end
 
+  def native_arch(timeout=nil)
+    # Not all meterpreter implementations support this
+    request = Packet.create_request('core_native_arch')
+
+    args = [ request ]
+    args << timeout if timeout
+
+    response = client.send_request(*args)
+
+    response.get_tlv_value(TLV_TYPE_STRING)
+  end
+
   def transport_remove(opts={})
     request = transport_prepare_request('core_transport_remove', opts)
 

lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

@@ -119,7 +119,7 @@ def add_function(name, return_type, params, windows_name=nil, calling_conv="stdc
   def process_function_call(function, args, client)
     raise "#{function.params.length} arguments expected. #{args.length} arguments provided." unless args.length == function.params.length
 
-    if client.arch == ARCH_X64
+    if client.native_arch == ARCH_X64
       native = 'Q<'
     else
       native = 'V'

metasploit-framework.gemspec

@@ -65,7 +65,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.2.15'
+  spec.add_runtime_dependency 'metasploit-payloads', '1.2.16'
   # Needed for the next-generation POSIX Meterpreter
   spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.7'
   # Needed by msfgui and other rpc components

modules/payloads/singles/python/meterpreter_bind_tcp.rb

@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 53182
+  CachedSize = 53370
 
   include Msf::Payload::Single
   include Msf::Payload::Python

modules/payloads/singles/python/meterpreter_reverse_http.rb

@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 53142
+  CachedSize = 53334
 
   include Msf::Payload::Single
   include Msf::Payload::Python

modules/payloads/singles/python/meterpreter_reverse_https.rb

@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 53146
+  CachedSize = 53334
 
   include Msf::Payload::Single
   include Msf::Payload::Python

modules/payloads/singles/python/meterpreter_reverse_tcp.rb

@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 53098
+  CachedSize = 53286
 
   include Msf::Payload::Single
   include Msf::Payload::Python