Skip to content

Commit b38a962

Browse files
OJBrent Cook
authored andcommitted
Fix default session GUID when not specified
This resolves an issue with stategless HTTP sessions
1 parent 7a2a475 commit b38a962

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

lib/rex/post/meterpreter/packet.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -676,6 +676,8 @@ class Packet < GroupTlv
676676
PACKET_TYPE_SIZE = 4
677677
PACKET_HEADER_SIZE = XOR_KEY_SIZE + SESSION_GUID_SIZE + ENCRYPTED_FLAGS_SIZE + PACKET_LENGTH_SIZE + PACKET_TYPE_SIZE
678678

679+
SESSION_NULL_GUID = "\x00" * SESSION_GUID_SIZE
680+
679681
AES_IV_SIZE = 16
680682

681683
ENC_FLAG_NONE = 0x0
@@ -802,7 +804,7 @@ def aes_decrypt(key, iv, data)
802804
def to_r(session_guid = nil, key = nil)
803805
xor_key = (rand(254) + 1).chr + (rand(254) + 1).chr + (rand(254) + 1).chr + (rand(254) + 1).chr
804806

805-
raw = session_guid.dup
807+
raw = (session_guid || SESSION_NULL_GUID).dup
806808
tlv_data = GroupTlv.instance_method(:to_r).bind(self).call
807809

808810
if key && key[:key] && key[:type] == ENC_FLAG_AES256

lib/rex/post/meterpreter/packet_dispatcher.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ def receive_packet
464464
packet = parser.recv(self.sock)
465465
if packet
466466
packet.parse_header!
467-
if self.session_guid == "\x00" * 16
467+
if self.session_guid == NULL_GUID
468468
self.session_guid = packet.session_guid.dup
469469
end
470470
end

0 commit comments

Comments
 (0)