Land rapid7#6687, Fix meterpreter platform to include OS in the tuple for all meterpreters

Author: pbarry-r7

lib/msf/base/sessions/command_shell.rb

@@ -50,6 +50,7 @@ def self.type
   def initialize(*args)
     self.platform ||= ""
     self.arch     ||= ""
+    self.max_threads = 1
     super
   end
 
@@ -235,6 +236,7 @@ def reset_ring_sequence
 
   attr_accessor :arch
   attr_accessor :platform
+  attr_accessor :max_threads
 
 protected
 

lib/msf/base/sessions/meterpreter.rb

@@ -69,6 +69,9 @@ def initialize(rstream, opts={})
     # Don't pass the datastore into the init_meterpreter method
     opts.delete(:datastore)
 
+    # Assume by default that 10 threads is a safe number for this session
+    self.max_threads ||= 10
+
     #
     # Initialize the meterpreter client
     #
@@ -323,6 +326,27 @@ def update_session_info
     username = self.sys.config.getuid
     sysinfo  = self.sys.config.sysinfo
 
+    self.platform =
+      self.sys.config.sysinfo["Architecture"].downcase + '/' +
+      self.platform.split('/')[0] +'/' +
+      case self.sys.config.sysinfo['OS']
+      when /windows/i
+        Msf::Module::Platform::Windows
+      when /darwin/i
+        Msf::Module::Platform::OSX
+      when /freebsd/i
+        Msf::Module::Platform::FreeBSD
+      when /netbsd/i
+        Msf::Module::Platform::NetBSD
+      when /openbsd/i
+        Msf::Module::Platform::OpenBSD
+      when /sunos/i
+        Msf::Module::Platform::Solaris
+      else
+        Msf::Module::Platform::Linux
+      end.realname.downcase
+
+
     safe_info = "#{username} @ #{sysinfo['Computer']}"
     safe_info.force_encoding("ASCII-8BIT") if safe_info.respond_to?(:force_encoding)
     # Should probably be using Rex::Text.ascii_safe_hex but leave
@@ -474,6 +498,7 @@ def create(param)
   attr_accessor :skip_ssl
   attr_accessor :skip_cleanup
   attr_accessor :target_id
+  attr_accessor :max_threads
 
 protected
 

lib/msf/core/module/platform.rb

@@ -409,6 +409,10 @@ class V10
       Rank = 700
       Alias = "10"
     end
+    class V11
+      Rank = 800
+      Alias = "11"
+    end
   end
 
   #

modules/post/multi/gather/dns_bruteforce.rb

@@ -32,23 +32,11 @@ def initialize(info={})
 
   # Run Method for when run command is issued
   def run
-
     domain = datastore['DOMAIN']
     hostlst = datastore['NAMELIST']
     a = []
 
     print_status("Performing DNS Forward Lookup Bruteforce for Domain #{domain}")
-    if session.type =~ /shell/
-      # Only one thread possible when shell
-      thread_num = 1
-      # Use the shell platform for selecting the command
-      platform = session.platform
-    else
-      # When in Meterpreter the safest thread number is 10
-      thread_num = 10
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-      platform = session.sys.config.sysinfo['OS']
-    end
 
     name_list = []
     if ::File.exist?(hostlst)
@@ -57,18 +45,17 @@ def run
       end
     end
 
-    platform = session.platform
-
-    case platform
+    case session.platform
     when /win/i
       cmd = "nslookup"
     when /solaris/i
       cmd = "/usr/sbin/host "
     else
       cmd = "/usr/bin/host "
     end
-    while(not name_list.nil? and not name_list.empty?)
-      1.upto(thread_num) do
+
+    while !name_list.nil? && !name_list.empty?
+      1.upto session.max_threads  do
         a << framework.threads.spawn("Module(#{self.refname})", false, name_list.shift) do |n|
           next if n.nil?
           vprint_status("Trying #{n.strip}.#{domain}")

modules/post/multi/gather/dns_reverse_lookup.rb

@@ -44,34 +44,21 @@ def run
       iplst << ipa
     end
 
-    if session.type =~ /shell/
-      # Only one thread possible when shell
-      thread_num = 1
-      # Use the shell platform for selecting the command
-      platform = session.platform
-    else
-      # When in Meterpreter the safest thread number is 10
-      thread_num = 10
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-      platform = session.sys.config.sysinfo['OS']
-    end
-
-    platform = session.platform
-
-    case platform
+    case session.platform
     when /win/i
       cmd = "nslookup"
     when /solaris/i
       cmd = "/usr/sbin/host"
     else
       cmd = "/usr/bin/host"
     end
-    while(not iplst.nil? and not iplst.empty?)
-      1.upto(thread_num) do
+
+    while !iplst.nil? && !iplst.empty?
+      1.upto session.max_threads do
         a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
           next if ip_add.nil?
           r = cmd_exec(cmd, " #{ip_add}")
-          case platform
+          case session.platform
           when /win/
             if r =~ /(Name)/
               r.scan(/Name:\s*\S*\s/) do |n|

modules/post/multi/gather/dns_srv_lookup.rb

@@ -55,22 +55,7 @@ def run
 
     a = []
 
-
-    if session.type =~ /shell/
-      # Only one thread possible when shell
-      thread_num = 1
-      # Use the shell platform for selecting the command
-      platform = session.platform
-    else
-      # When in Meterpreter the safest thread number is 10
-      thread_num = 10
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-      platform = session.sys.config.sysinfo['OS']
-    end
-
-    platform = session.platform
-
-    case platform
+    case session.platform
     when /win/i
       ns_opt = " -query=srv "
       cmd = "nslookup"
@@ -82,13 +67,13 @@ def run
       cmd = "/usr/bin/host"
     end
 
-    while(not srvrcd.nil? and not srvrcd.empty?)
-      1.upto(thread_num) do
+    while !srvrcd.nil? && !srvrcd.empty?
+      1.upto session.max_threads do
         a << framework.threads.spawn("Module(#{self.refname})", false, srvrcd.shift) do |srv|
           next if srv.nil?
           r = cmd_exec(cmd, ns_opt + "#{srv}#{domain}")
 
-          case platform
+          case session.platform
           when /win/
             if r =~ /\s*internet\saddress\s\=\s/
               nslookup_srv_consume("#{srv}#{domain}", r).each do |f|

modules/post/multi/gather/ping_sweep.rb

@@ -40,21 +40,8 @@ def run
         end
         iplst << ipa
       end
-      if session.type =~ /shell/
-        # Only one thread possible when shell
-        thread_num = 1
-        # Use the shell platform for selecting the command
-        platform = session.platform
-      else
-        # When in Meterpreter the safest thread number is 10
-        thread_num = 10
-        # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-        platform = session.sys.config.sysinfo['OS']
-      end
-
-      platform = session.platform
 
-      case platform
+      case session.platform
       when /win/i
         count = " -n 1 "
         cmd = "ping"
@@ -69,10 +56,10 @@ def run
 
       while(not iplst.nil? and not iplst.empty?)
         a = []
-        1.upto(thread_num) do
+        1.upto session.max_threads do
           a << framework.threads.spawn("Module(#{self.refname})", false, iplst.shift) do |ip_add|
             next if ip_add.nil?
-            if platform =~ /solaris/i
+            if session.platform =~ /solaris/i
               r = cmd_exec(cmd, "-n #{ip_add} 1")
             else
               r = cmd_exec(cmd, count + ip_add)

modules/post/multi/gather/skype_enum.rb

@@ -7,19 +7,12 @@
 require 'rex'
 require 'csv'
 
-
-
-
-
 class MetasploitModule < Msf::Post
 
   include Msf::Post::File
   include Msf::Post::Windows::UserProfiles
-
   include Msf::Post::OSX::System
 
-
-
   def initialize(info={})
     super( update_info( info,
         'Name'          => 'Multi Gather Skype User Data Enumeration',
@@ -52,9 +45,9 @@ def run
       return
     end
 
-      if (session.platform =~ /java/) || (session.platform =~ /osx/)
-        # Make sure a Java Meterpreter on anything but OSX will exit
-        if session.platform =~ /java/ and sysinfo['OS'] !~ /Mac OS X/
+      if session.platform =~ /java/
+        # Make sure that Java Meterpreter on anything but OSX will exit
+        if session.platform !~ /osx/
           print_error("This session type and platform are not supported.")
           return
         end
@@ -105,7 +98,7 @@ def check_skype(path, user)
   # Download file using Meterpreter functionality and returns path in loot for the file
   def download_db(profile)
     if session.type =~ /meterpreter/
-      if sysinfo['OS'] =~ /Mac OS X/
+      if session.platform =~ /osx/
         file = session.fs.file.search("#{profile['dir']}/Library/Application Support/Skype/","main.db",true)
       else
         file = session.fs.file.search("#{profile['AppData']}\\Skype","main.db",true)

modules/post/multi/gather/wlan_geolocate.rb

@@ -108,18 +108,8 @@ def perform_geolocation(wlan_list)
 
   # Run Method for when run command is issued
   def run
-    if session.type =~ /shell/
-      # Use the shell platform for selecting the command
-      platform = session.platform
-    else
-      # For Meterpreter use the sysinfo OS since java Meterpreter returns java as platform
-      platform = session.sys.config.sysinfo['OS']
-      platform = 'osx' if platform =~ /darwin/i
-    end
-
-    case platform
+    case session.platform
     when /win/i
-
       listing = cmd_exec('netsh wlan show networks mode=bssid')
       if listing.nil?
         print_error("Unable to generate wireless listing.")
@@ -136,7 +126,6 @@ def run
       end
 
     when /osx/i
-
       listing = cmd_exec('/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s')
       if listing.nil?
         print_error("Unable to generate wireless listing.")
@@ -152,7 +141,6 @@ def run
       end
 
     when /linux/i
-
       listing = cmd_exec('iwlist scanning')
       if listing.nil?
         print_error("Unable to generate wireless listing.")
@@ -169,7 +157,6 @@ def run
       end
 
     when /solaris/i
-
       listing = cmd_exec('dladm scan-wifi')
       if listing.blank?
         print_error("Unable to generate wireless listing.")
@@ -182,7 +169,6 @@ def run
       end
 
     when /bsd/i
-
       interface = cmd_exec("dmesg | grep -i wlan | cut -d ':' -f1 | uniq")
       # Printing interface as this platform requires the interface to be specified
       # it might not be detected correctly.

modules/post/multi/manage/set_wallpaper.rb

@@ -71,12 +71,7 @@ def android_set_wallpaper(file)
   end
 
   def os_set_wallpaper(file)
-    if session.type =~ /meterpreter/ && session.sys.config.sysinfo['OS'] =~ /darwin/i
-      platform = 'osx'
-    else
-      platform = session.platform
-    end
-    case platform
+    case session.platform
     when /osx/
       osx_set_wallpaper(file)
     when /win/