Uses a hash for options as opposed to numerous methods on blob

veritysr · veritysr · commit 4bd14ed5eae1 · 2014-09-17T14:11:37.000-04:00
diff --git a/lib/rex/payloads/meterpreter/patch.rb b/lib/rex/payloads/meterpreter/patch.rb
@@ -19,7 +19,6 @@ def patch_transport! blob, ssl
             blob[i, str.length] = str
           end
 
-          return blob
         end
 
         # Replace the URL
@@ -31,7 +30,6 @@ def patch_url! blob, url
             blob[i, str.length] = str
           end
 
-          return blob
         end
 
         # Replace the session expiration timeout
@@ -43,7 +41,6 @@ def patch_expiration! blob, expiration
             blob[i, str.length] = str
           end
 
-          return blob
         end
 
         # Replace the session communication timeout
@@ -55,18 +52,17 @@ def patch_comm_timeout! blob, comm_timeout
             blob[i, str.length] = str
           end
 
-          return blob
         end
 
         # Replace the user agent string with our option
         def patch_ua! blob, ua
 
+          ua = ua[0,255] + "\x00"
           i = blob.index("METERPRETER_UA\x00")
           if i
             blob[i, ua.length] = ua
           end
 
-          return blob
         end
 
         # Activate a custom proxy
@@ -93,7 +89,6 @@ def patch_proxy! blob, proxyhost, proxyport, proxy_type
             end
           end
 
-          return blob
         end
 
         # Proxy authentification
@@ -112,7 +107,27 @@ def patch_proxy_auth! blob, proxy_username, proxy_password, proxy_type
             blob[proxy_password_loc, proxy_password.length] = proxy_password
           end
 
-          return blob
+        end
+
+        # Patch options into metsrv for reverse HTTP payloads
+        def patch_passive_service! blob, options
+
+          blob.patch_transport! blob, options[:ssl]
+          blob.patch_url! blob, options[:url]
+          blob.patch_expiration! blob, options[:expiration]
+          blob.patch_comm_timeout! blob, options[:comm_timeout]
+          blob.patch_ua! blob, options[:ua]
+          blob.patch_proxy!(blob,
+            options[:proxyhost],
+            options[:proxyport],
+            options[:proxy_type]
+          )
+          blob.patch_proxy_auth!(blob,
+            options[:proxy_username],
+            options[:proxy_password],
+            options[:proxy_type]
+          )
+
         end
 
       end
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
@@ -231,42 +231,22 @@ def migrate( pid )
 
     if client.passive_service
 
-      blob.extend(Rex::Payloads::Meterpreter::Patch)
-
-      # Replace the transport string first (TRANSPORT_SOCKET_SSL)
-      blob.patch_transport!(blob, client.ssl)
-
-      # Replace the URL
-      blob.patch_url!(blob, self.client.url)
-
-      # Replace the session expiration timeout
-      blob.patch_expiration!(blob, self.client.expiration)
-
-      # Replace the session communication timeout
-      blob.patch_comm_timeout!(blob, self.client.comm_timeout)
-
-      # Replace the user agent string with our option
-      blob.patch_ua!(
-        blob,
-        client.exploit_datastore['MeterpreterUserAgent'][0,255] + "\x00"
-      )
-
-      # Activate a custom proxy
-      blob.patch_proxy!(
-        blob,
-        client.exploit_datastore['PROXYHOST'],
-        client.exploit_datastore['PROXYPORT'],
-        client.exploit_datastore['PROXY_TYPE']
-      )
-      # Proxy authentication
-      blob.patch_proxy_auth!(
-        blob,
-        client.exploit_datastore['PROXY_USERNAME'],
-        client.exploit_datastore['PROXY_PASSWORD'],
-        client.exploit_datastore['PROXY_TYPE']
-      )
-
-      conn_id = self.client.conn_id
+      blob.extend Rex::Payloads::Meterpreter::Patch
+
+      #
+      # Patch options into metsrv for reverse HTTP payloads
+      #
+      blob.patch_passive_service! blob,
+        :ssl  =>  client.ssl,
+        :url =>  self.client.url,
+        :expiration  => self.client.expiration,
+        :comm_timeout  =>  self.client.comm_timeout,
+        :ua  =>  client.exploit_datastore['MeterpreterUserAgent'],
+        :proxyhost =>  client.exploit_datastore['PROXYHOST'],
+        :proxyport =>  client.exploit_datastore['PROXYPORT'],
+        :proxy_type  =>  client.exploit_datastore['PROXY_TYPE'],
+        :proxy_username  =>  client.exploit_datastore['PROXY_USERNAME'],
+        :proxy_password  =>  client.exploit_datastore['PROXY_PASSWORD']
 
     end
 
