Skip to content

Commit 50f95f9

Browse files
author
Brent Cook
committed
Land rapid7#7681, Get ready for stageless mettle
2 parents b9a7ed9 + 6dcdf74 commit 50f95f9

File tree

10 files changed

+65
-22
lines changed

10 files changed

+65
-22
lines changed

Gemfile.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ PATH
1616
metasploit-model
1717
metasploit-payloads (= 1.2.4)
1818
metasploit_data_models
19-
metasploit_payloads-mettle (= 0.1.3)
19+
metasploit_payloads-mettle (= 0.1.4)
2020
msgpack
2121
nessus_rest
2222
net-ssh
@@ -33,7 +33,7 @@ PATH
3333
rb-readline-r7
3434
recog
3535
redcarpet
36-
rex-arch (= 0.1.2)
36+
rex-arch (= 0.1.4)
3737
rex-bin_tools
3838
rex-core
3939
rex-encoder
@@ -180,7 +180,7 @@ GEM
180180
postgres_ext
181181
railties (~> 4.2.6)
182182
recog (~> 2.0)
183-
metasploit_payloads-mettle (0.1.3)
183+
metasploit_payloads-mettle (0.1.4)
184184
method_source (0.8.2)
185185
mime-types (3.1)
186186
mime-types-data (~> 3.2015)
@@ -237,7 +237,7 @@ GEM
237237
recog (2.1.2)
238238
nokogiri
239239
redcarpet (3.3.4)
240-
rex-arch (0.1.2)
240+
rex-arch (0.1.4)
241241
rex-text
242242
rex-bin_tools (0.1.1)
243243
metasm

lib/msf/base/sessions/mettle_config.rb

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# -*- coding: binary -*-
2+
3+
require 'msf/core/payload/transport_config'
4+
require 'base64'
5+
6+
module Msf
7+
module Sessions
8+
module MettleConfig
9+
10+
include Msf::Payload::TransportConfig
11+
12+
def generate_config(opts={})
13+
transport = transport_config_reverse_tcp(opts)
14+
opts[:uuid] ||= generate_payload_uuid
15+
opts[:uuid] = Base64.encode64(opts[:uuid].to_raw).strip
16+
opts[:uri] ||= "#{transport[:scheme]}://#{transport[:lhost]}:#{transport[:lport]}"
17+
opts.slice(:uuid, :uri, :debug, :log_file)
18+
end
19+
20+
end
21+
end
22+
end

lib/msf/core/payload/uuid.rb

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,11 @@ class Msf::Payload::UUID
3838
19 => ARCH_DALVIK,
3939
20 => ARCH_PYTHON,
4040
21 => ARCH_NODEJS,
41-
22 => ARCH_FIREFOX
41+
22 => ARCH_FIREFOX,
42+
23 => ARCH_ZARCH,
43+
24 => ARCH_AARCH64,
44+
25 => ARCH_MIPS64,
45+
26 => ARCH_PPC64LE
4246
}
4347

4448
Platforms = {

lib/msf/util/exe.rb

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,10 @@ def self.to_zip(files)
107107
# @return [String]
108108
# @return [NilClass]
109109
def self.to_executable(framework, arch, plat, code = '', opts = {})
110+
if elf? code
111+
return code
112+
end
113+
110114
if arch.index(ARCH_X86)
111115

112116
if plat.index(Msf::Module::Platform::Windows)
@@ -959,6 +963,9 @@ def self.to_osx_app(exe, opts = {})
959963
# @param big_endian [Boolean] Set to "false" by default
960964
# @return [String]
961965
def self.to_exe_elf(framework, opts, template, code, big_endian=false)
966+
if elf? code
967+
return code
968+
end
962969

963970
# Allow the user to specify their own template
964971
set_template_default(opts, template)
@@ -2127,6 +2134,9 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
21272134
exeopts[:uac] = true
21282135
Msf::Util::EXE.to_exe_msi(framework, exe, exeopts)
21292136
when 'elf'
2137+
if elf? code
2138+
return code
2139+
end
21302140
if !plat || plat.index(Msf::Module::Platform::Linux)
21312141
case arch
21322142
when ARCH_X86,nil
@@ -2154,6 +2164,9 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
21542164
end
21552165
end
21562166
when 'elf-so'
2167+
if elf? code
2168+
return code
2169+
end
21572170
if !plat || plat.index(Msf::Module::Platform::Linux)
21582171
case arch
21592172
when ARCH_X64
@@ -2293,6 +2306,10 @@ def self.find_payload_tag(mo, err_msg)
22932306
bo
22942307
end
22952308

2309+
def self.elf?(code)
2310+
code[0..3] == "\x7FELF"
2311+
end
2312+
22962313
end
22972314
end
22982315
end

metasploit-framework.gemspec

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ Gem::Specification.new do |spec|
6767
# Needed for Meterpreter
6868
spec.add_runtime_dependency 'metasploit-payloads', '1.2.4'
6969
# Needed for the next-generation POSIX Meterpreter
70-
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.3'
70+
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.4'
7171
# Needed by msfgui and other rpc components
7272
spec.add_runtime_dependency 'msgpack'
7373
# get list of network interfaces, like eth* from OS.
@@ -128,7 +128,7 @@ Gem::Specification.new do |spec|
128128
spec.add_runtime_dependency 'rex-struct2'
129129
# Library which contains architecture specific information such as registers, opcodes,
130130
# and stack manipulation routines.
131-
spec.add_runtime_dependency 'rex-arch', '0.1.2'
131+
spec.add_runtime_dependency 'rex-arch', '0.1.4'
132132
# Library for working with OLE.
133133
spec.add_runtime_dependency 'rex-ole'
134134
# Library for creating and/or parsing MIME messages.

modules/payloads/stages/linux/armle/mettle.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,12 @@
66
require 'msf/core'
77
require 'msf/base/sessions/meterpreter_armle_linux'
88
require 'msf/base/sessions/meterpreter_options'
9+
require 'msf/base/sessions/mettle_config'
910
require 'rex/elfparsey'
1011

1112
module MetasploitModule
1213
include Msf::Sessions::MeterpreterOptions
14+
include Msf::Sessions::MettleConfig
1315

1416
def initialize(info = {})
1517
super(
@@ -80,8 +82,6 @@ def handle_intermediate_stage(conn, payload)
8082
end
8183

8284
def generate_stage(opts = {})
83-
opts[:uuid] ||= generate_payload_uuid
84-
MetasploitPayloads::Mettle.new('armv5l-linux-musleabi', opts.slice(:uuid, :url, :debug, :log_file)).
85-
to_binary :process_image
85+
MetasploitPayloads::Mettle.new('armv5l-linux-musleabi', generate_config(opts)).to_binary :process_image
8686
end
8787
end

modules/payloads/stages/linux/mipsbe/mettle.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,12 @@
66
require 'msf/core'
77
require 'msf/base/sessions/meterpreter_mipsbe_linux'
88
require 'msf/base/sessions/meterpreter_options'
9+
require 'msf/base/sessions/mettle_config'
910
require 'rex/elfparsey'
1011

1112
module MetasploitModule
1213
include Msf::Sessions::MeterpreterOptions
14+
include Msf::Sessions::MettleConfig
1315

1416
def initialize(info = {})
1517
super(
@@ -91,8 +93,6 @@ def handle_intermediate_stage(conn, payload)
9193
end
9294

9395
def generate_stage(opts = {})
94-
opts[:uuid] ||= generate_payload_uuid
95-
MetasploitPayloads::Mettle.new('mips-linux-muslsf', opts.slice(:uuid, :url, :debug, :log_file)).
96-
to_binary :process_image
96+
MetasploitPayloads::Mettle.new('mips-linux-muslsf', generate_config(opts)).to_binary :process_image
9797
end
9898
end

modules/payloads/stages/linux/mipsle/mettle.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,12 @@
66
require 'msf/core'
77
require 'msf/base/sessions/meterpreter_mipsle_linux'
88
require 'msf/base/sessions/meterpreter_options'
9+
require 'msf/base/sessions/mettle_config'
910
require 'rex/elfparsey'
1011

1112
module MetasploitModule
1213
include Msf::Sessions::MeterpreterOptions
14+
include Msf::Sessions::MettleConfig
1315

1416
def initialize(info = {})
1517
super(
@@ -91,8 +93,6 @@ def handle_intermediate_stage(conn, payload)
9193
end
9294

9395
def generate_stage(opts = {})
94-
opts[:uuid] ||= generate_payload_uuid
95-
MetasploitPayloads::Mettle.new('mipsel-linux-muslsf', opts.slice(:uuid, :url, :debug, :log_file)).
96-
to_binary :process_image
96+
MetasploitPayloads::Mettle.new('mipsel-linux-muslsf', generate_config(opts)).to_binary :process_image
9797
end
9898
end

modules/payloads/stages/linux/x64/mettle.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,12 @@
66
require 'msf/core'
77
require 'msf/base/sessions/meterpreter_x64_mettle_linux'
88
require 'msf/base/sessions/meterpreter_options'
9+
require 'msf/base/sessions/mettle_config'
910
require 'rex/elfparsey'
1011

1112
module MetasploitModule
1213
include Msf::Sessions::MeterpreterOptions
14+
include Msf::Sessions::MettleConfig
1315

1416
def initialize(info = {})
1517
super(
@@ -88,8 +90,6 @@ def handle_intermediate_stage(conn, payload)
8890
end
8991

9092
def generate_stage(opts = {})
91-
opts[:uuid] ||= generate_payload_uuid
92-
MetasploitPayloads::Mettle.new('x86_64-linux-musl', opts.slice(:uuid, :url, :debug, :log_file)).
93-
to_binary :process_image
93+
MetasploitPayloads::Mettle.new('x86_64-linux-musl', generate_config(opts)).to_binary :process_image
9494
end
9595
end

modules/payloads/stages/linux/x86/mettle.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,12 @@
66
require 'msf/core'
77
require 'msf/base/sessions/meterpreter_x86_mettle_linux'
88
require 'msf/base/sessions/meterpreter_options'
9+
require 'msf/base/sessions/mettle_config'
910
require 'rex/elfparsey'
1011

1112
module MetasploitModule
1213
include Msf::Sessions::MeterpreterOptions
14+
include Msf::Sessions::MettleConfig
1315

1416
def initialize(info = {})
1517
super(
@@ -91,8 +93,6 @@ def handle_intermediate_stage(conn, payload)
9193
end
9294

9395
def generate_stage(opts = {})
94-
opts[:uuid] ||= generate_payload_uuid
95-
MetasploitPayloads::Mettle.new('i486-linux-musl', opts.slice(:uuid, :url, :debug, :log_file)).
96-
to_binary :process_image
96+
MetasploitPayloads::Mettle.new('i486-linux-musl', generate_config(opts)).to_binary :process_image
9797
end
9898
end

0 commit comments

Comments
 (0)