Land rapid7#7126, mettle 0.0.6 updates

wvu · wvu · commit c3635e090325 · 2016-07-27T10:10:21.000-05:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -16,7 +16,7 @@ PATH
       metasploit-model
       metasploit-payloads (= 1.1.13)
       metasploit_data_models
-      metasploit_payloads-mettle
+      metasploit_payloads-mettle (= 0.0.6)
       msgpack
       net-ssh
       network_interface
@@ -166,7 +166,7 @@ GEM
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.0.5)
+    metasploit_payloads-mettle (0.0.6)
     method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
@@ -87,16 +87,19 @@ def getenv(var_name)
   #
   def sysinfo
     request  = Packet.create_request('stdapi_sys_config_sysinfo')
-    response = client.send_request(request)
-
-    {
-      'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
-      'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
-      'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
-      'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
-      'Domain'          => response.get_tlv_value(TLV_TYPE_DOMAIN),
-      'Logged On Users' => response.get_tlv_value(TLV_TYPE_LOGGED_ON_USER_COUNT)
-    }
+    if @sysinfo.nil?
+      response = client.send_request(request)
+
+      @sysinfo = {
+        'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
+        'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
+        'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
+        'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
+        'Domain'          => response.get_tlv_value(TLV_TYPE_DOMAIN),
+        'Logged On Users' => response.get_tlv_value(TLV_TYPE_LOGGED_ON_USER_COUNT)
+      }
+    end
+    @sysinfo
   end
 
   #
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb
@@ -224,13 +224,15 @@ def Process.get_processes
     response.each(TLV_TYPE_PROCESS_GROUP) { |p|
     arch = ""
 
-    pa = p.get_tlv_value( TLV_TYPE_PROCESS_ARCH )
-    if( pa != nil )
+    pa = p.get_tlv_value(TLV_TYPE_PROCESS_ARCH)
+    if !pa.nil?
       if pa == 1 # PROCESS_ARCH_X86
         arch = ARCH_X86
       elsif pa == 2 # PROCESS_ARCH_X64
         arch = ARCH_X86_64
       end
+    else
+      arch = p.get_tlv_value(TLV_TYPE_PROCESS_ARCH_NAME)
     end
 
     processes <<
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -156,6 +156,7 @@ module Stdapi
 TLV_TYPE_PROCESS_ARCH       = TLV_META_TYPE_UINT    | 2306
 TLV_TYPE_PARENT_PID         = TLV_META_TYPE_UINT    | 2307
 TLV_TYPE_PROCESS_SESSION    = TLV_META_TYPE_UINT    | 2308
+TLV_TYPE_PROCESS_ARCH_NAME  = TLV_META_TYPE_STRING  | 2309
 
 TLV_TYPE_IMAGE_FILE         = TLV_META_TYPE_STRING  | 2400
 TLV_TYPE_IMAGE_FILE_PATH    = TLV_META_TYPE_STRING  | 2401
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -63,11 +63,11 @@ class Console::CommandDispatcher::Stdapi::Sys
   # Options for the 'ps' command.
   #
   @@ps_opts = Rex::Parser::Arguments.new(
-    "-S" => [ true,  "String to search for (converts to regex)"                ],
-    "-h" => [ false, "Help menu."                                              ],
-    "-A" => [ true,  "Filters processes on architecture (x86 or x86_64)"	   ],
-    "-s" => [ false, "Show only SYSTEM processes"				   ],
-    "-U" => [ true,  "Filters processes on the user using the supplied RegEx"  ])
+    "-S" => [ true,  "String to search for (converts to regex)" ],
+    "-h" => [ false, "Help menu." ],
+    "-A" => [ true,  "Filters processes on architecture" ],
+    "-s" => [ false, "Show only SYSTEM processes" ],
+    "-U" => [ true,  "Filters processes on the user using the supplied RegEx"])
 
   #
   # Options for the 'suspend' command.
@@ -445,8 +445,7 @@ def cmd_ps(*args)
         searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
         processes.each do |proc|
           next if proc['arch'].nil? or proc['arch'].empty?
-          if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
-            print_line "You must select either x86 or x86_64"
+          if val.nil? or val.empty?
             return false
           end
           searched_procs << proc if proc["arch"] == val
diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec
@@ -72,7 +72,7 @@ Gem::Specification.new do |spec|
   # Needed for Meterpreter
   spec.add_runtime_dependency 'metasploit-payloads', '1.1.13'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.0.6'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.
diff --git a/modules/payloads/stages/linux/armle/mettle.rb b/modules/payloads/stages/linux/armle/mettle.rb
@@ -5,6 +5,7 @@
 
 require 'msf/core'
 require 'msf/base/sessions/meterpreter_armle_linux'
+require 'msf/base/sessions/meterpreter_options'
 require 'rex/elfparsey'
 
 module MetasploitModule
@@ -79,6 +80,6 @@ def handle_intermediate_stage(conn, payload)
   end
 
   def generate_stage(_opts = {})
-    MetasploitPayloads::Mettle.read('arm-linux-musleabi', 'mettle.bin')
+    MetasploitPayloads::Mettle.read('armv5l-linux-musleabi', 'mettle.bin')
   end
 end
