Land rapid7#9074, Add prints and error checking to HTTP CmdStagers

wwebb-r7 · wwebb-r7 · commit 84fe0847bf62 · 2017-10-11T14:27:52.000-05:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -237,7 +237,7 @@ GEM
       metasm
       rex-arch
       rex-text
-    rex-exploitation (0.1.14)
+    rex-exploitation (0.1.15)
       jsobfu
       metasm
       rex-arch
diff --git a/LICENSE_GEMS b/LICENSE_GEMS
@@ -84,7 +84,7 @@ rex-arch, 0.1.9, "New BSD"
 rex-bin_tools, 0.1.4, "New BSD"
 rex-core, 0.1.11, "New BSD"
 rex-encoder, 0.1.4, "New BSD"
-rex-exploitation, 0.1.14, "New BSD"
+rex-exploitation, 0.1.15, "New BSD"
 rex-java, 0.1.5, "New BSD"
 rex-mime, 0.1.5, "New BSD"
 rex-nop, 0.1.1, "New BSD"
diff --git a/lib/msf/core/exploit/cmdstager/http.rb b/lib/msf/core/exploit/cmdstager/http.rb
@@ -27,9 +27,25 @@ def start_service(opts = {})
   end
 
   def on_request_uri(cli, request)
-    if request['User-Agent'] =~ /^(?:Wget|curl)/
+    client = cli.peerhost
+
+    if (user_agent = request.headers['User-Agent'])
+      client << " (#{user_agent})"
+    end
+
+    print_status("Client #{client} requested #{request.raw_uri}")
+
+    if stager_instance.respond_to?(:user_agent)
+      agent_regex = stager_instance.user_agent
+    else
+      agent_regex = /.*/
+    end
+
+    if user_agent =~ agent_regex
+      print_status("Sending payload to #{client}")
       send_response(cli, exe)
     else
+      print_status("Sending 404 to #{client}")
       send_not_found(cli)
     end
   end
