Skip to content

Commit 510ff88

Browse files
author
Brent Cook
committed
Land rapid7#8439, native OSX meterpreter support
2 parents d0aeef9 + 1d0db02 commit 510ff88

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

44 files changed

+278
-69
lines changed

Gemfile.lock

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ PATH
3030
metasploit-model
3131
metasploit-payloads (= 1.2.37)
3232
metasploit_data_models
33-
metasploit_payloads-mettle (= 0.1.10)
33+
metasploit_payloads-mettle (= 0.1.14)
3434
msgpack
3535
nessus_rest
3636
net-ssh
@@ -189,7 +189,7 @@ GEM
189189
postgres_ext
190190
railties (~> 4.2.6)
191191
recog (~> 2.0)
192-
metasploit_payloads-mettle (0.1.10)
192+
metasploit_payloads-mettle (0.1.14)
193193
method_source (0.8.2)
194194
mini_portile2 (2.2.0)
195195
minitest (5.10.2)

lib/msf/base/sessions/meterpreter_x64_osx.rb

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# -*- coding: binary -*-
2+
3+
require 'msf/base/sessions/meterpreter'
4+
5+
module Msf
6+
module Sessions
7+
8+
###
9+
#
10+
# This class creates a platform-specific meterpreter session type
11+
#
12+
###
13+
class Meterpreter_x64_OSX < Msf::Sessions::Meterpreter
14+
def supports_ssl?
15+
false
16+
end
17+
def supports_zlib?
18+
false
19+
end
20+
def initialize(rstream, opts={})
21+
super
22+
self.base_platform = 'osx'
23+
self.base_arch = ARCH_X64
24+
end
25+
end
26+
27+
end
28+
end
29+

lib/msf/base/sessions/meterpreter_x86_osx.rb

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# -*- coding: binary -*-
2+
3+
require 'msf/base/sessions/meterpreter'
4+
5+
module Msf
6+
module Sessions
7+
8+
###
9+
#
10+
# This class creates a platform-specific meterpreter session type
11+
#
12+
###
13+
class Meterpreter_x86_OSX < Msf::Sessions::Meterpreter
14+
def supports_ssl?
15+
false
16+
end
17+
def supports_zlib?
18+
false
19+
end
20+
def initialize(rstream, opts={})
21+
super
22+
self.base_platform = 'osx'
23+
self.base_arch = ARCH_X86
24+
end
25+
end
26+
27+
end
28+
end
29+

lib/msf/util/exe.rb

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ def self.to_zip(files)
106106
# @return [String]
107107
# @return [NilClass]
108108
def self.to_executable(framework, arch, plat, code = '', opts = {})
109-
if elf? code
109+
if elf? code or macho? code
110110
return code
111111
end
112112

@@ -2148,15 +2148,19 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
21482148
end
21492149
end
21502150
when 'macho', 'osx-app'
2151-
macho = case arch
2152-
when ARCH_X86,nil
2153-
to_osx_x86_macho(framework, code, exeopts)
2154-
when ARCH_X64
2155-
to_osx_x64_macho(framework, code, exeopts)
2156-
when ARCH_ARMLE
2157-
to_osx_arm_macho(framework, code, exeopts)
2158-
when ARCH_PPC
2159-
to_osx_ppc_macho(framework, code, exeopts)
2151+
if macho? code
2152+
macho = code
2153+
else
2154+
macho = case arch
2155+
when ARCH_X86,nil
2156+
to_osx_x86_macho(framework, code, exeopts)
2157+
when ARCH_X64
2158+
to_osx_x64_macho(framework, code, exeopts)
2159+
when ARCH_ARMLE
2160+
to_osx_arm_macho(framework, code, exeopts)
2161+
when ARCH_PPC
2162+
to_osx_ppc_macho(framework, code, exeopts)
2163+
end
21602164
end
21612165
fmt == 'osx-app' ? Msf::Util::EXE.to_osx_app(macho) : macho
21622166
when 'vba'
@@ -2284,6 +2288,10 @@ def self.elf?(code)
22842288
code[0..3] == "\x7FELF"
22852289
end
22862290

2291+
def self.macho?(code)
2292+
code[0..3] == "\xCF\xFA\xED\xFE" || code[0..3] == "\xCE\xFA\xED\xFE" || code[0..3] == "\xCA\xFE\xBA\xBE"
2293+
end
2294+
22872295
end
22882296
end
22892297
end

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ def cmd_shell(*args)
259259
print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
260260
cmd_execute("-f", path, "-c", "-H", "-i")
261261
end
262-
when 'linux'
262+
when 'linux', 'osx'
263263
# Don't expand_path() this because it's literal anyway
264264
path = "/bin/sh"
265265
cmd_execute("-f", path, "-c", "-i")

metasploit-framework.gemspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ Gem::Specification.new do |spec|
7272
# Needed for Meterpreter
7373
spec.add_runtime_dependency 'metasploit-payloads', '1.2.37'
7474
# Needed for the next-generation POSIX Meterpreter
75-
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.10'
75+
spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.1.14'
7676
# Needed by msfgui and other rpc components
7777
spec.add_runtime_dependency 'msgpack'
7878
# get list of network interfaces, like eth* from OS.

modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010

1111
module MetasploitModule
1212

13-
CachedSize = 652264
13+
CachedSize = 675048
1414

1515
include Msf::Payload::Single
1616
include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010

1111
module MetasploitModule
1212

13-
CachedSize = 652264
13+
CachedSize = 675048
1414

1515
include Msf::Payload::Single
1616
include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010

1111
module MetasploitModule
1212

13-
CachedSize = 652264
13+
CachedSize = 675048
1414

1515
include Msf::Payload::Single
1616
include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010

1111
module MetasploitModule
1212

13-
CachedSize = 645136
13+
CachedSize = 668360
1414

1515
include Msf::Payload::Single
1616
include Msf::Sessions::MeterpreterOptions

0 commit comments

Comments
 (0)