update linux and windows meterpreters to use metasploit-payloads

Author: Brent Cook

Gemfile.lock

@@ -9,7 +9,7 @@ PATH
       json
       metasploit-concern (= 0.4.0)
       metasploit-model (~> 0.29.0)
-      meterpreter_bins (= 0.0.22)
+      metasploit-payloads (= 0.0.2)
       msgpack
       nokogiri
       packetfu (= 1.1.9)
@@ -123,6 +123,7 @@ GEM
     metasploit-model (0.29.2)
       activesupport
       railties (< 4.0.0)
+    metasploit-payloads (0.0.2)
     metasploit_data_models (0.24.0)
       activerecord (>= 3.2.13, < 4.0.0)
       activesupport
@@ -132,7 +133,6 @@ GEM
       pg
       railties (< 4.0.0)
       recog (~> 1.0)
-    meterpreter_bins (0.0.22)
     method_source (0.8.2)
     mime-types (1.25.1)
     mini_portile (0.6.2)

lib/msf/core/payload/windows/stageless_meterpreter.rb

@@ -52,7 +52,7 @@ def asm_invoke_metsrv(opts={})
   end
 
   def generate_stageless_x86(url = nil)
-    dll, offset = load_rdi_dll(MeterpreterBinaries.path('metsrv', 'x86.dll'))
+    dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x86.dll'))
 
     conf = {
       :rdi_offset => offset,
@@ -104,7 +104,7 @@ def generate_stageless_x86(url = nil)
     unless datastore['EXTENSIONS'].nil?
       datastore['EXTENSIONS'].split(',').each do |e|
         e = e.strip.downcase
-        ext, o = load_rdi_dll(MeterpreterBinaries.path("ext_server_#{e}", 'x86.dll'))
+        ext, o = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{e}", 'x86.dll'))
 
         # append the size, offset to RDI and the payload itself
         dll << [ext.length].pack('V') + ext

lib/msf/core/payload/windows/x64/stageless_meterpreter.rb

@@ -52,7 +52,7 @@ def asm_invoke_metsrv(opts={})
   end
 
   def generate_stageless_x64(url = nil)
-    dll, offset = load_rdi_dll(MeterpreterBinaries.path('metsrv', 'x64.dll'))
+    dll, offset = load_rdi_dll(MetasploitPayloads.meterpreter_path('metsrv', 'x64.dll'))
 
     conf = {
       :rdi_offset => offset,
@@ -104,7 +104,7 @@ def generate_stageless_x64(url = nil)
     unless datastore['EXTENSIONS'].nil?
       datastore['EXTENSIONS'].split(',').each do |e|
         e = e.strip.downcase
-        ext, o = load_rdi_dll(MeterpreterBinaries.path("ext_server_#{e}", 'x64.dll'))
+        ext, o = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{e}", 'x64.dll'))
 
         # append the size, offset to RDI and the payload itself
         dll << [ext.length].pack('V') + ext

lib/rex/post/meterpreter.rb

@@ -1,5 +1,5 @@
 # -*- coding: binary -*-
 
-require 'meterpreter_bins'
+require 'metasploit-payloads'
 require 'rex/post/meterpreter/client'
 require 'rex/post/meterpreter/ui/console'

lib/rex/post/meterpreter/client_core.rb

@@ -249,7 +249,7 @@ def use(mod, opts = { })
       # Get us to the installation root and then into data/meterpreter, where
       # the file is expected to be
       modname = "ext_server_#{mod.downcase}"
-      path = MeterpreterBinaries.path(modname, client.binary_suffix)
+      path = MetasploitPayloads.meterpreter_path(modname, client.binary_suffix)
 
       if opts['ExtensionPath']
         path = ::File.expand_path(opts['ExtensionPath'])
@@ -633,7 +633,7 @@ def generate_windows_stub(process)
     # Create the migrate stager
     migrate_stager = c.new()
 
-    dll = MeterpreterBinaries.path('metsrv',binary_suffix)
+    dll = MetasploitPayloads.meterpreter_path('metsrv', binary_suffix)
     if dll.nil?
       raise RuntimeError, "metsrv.#{binary_suffix} not found", caller
     end
@@ -669,10 +669,7 @@ def generate_windows_stub(process)
   end
 
   def generate_linux_stub
-    file = ::File.join(Msf::Config.data_directory, "meterpreter", "msflinker_linux_x86.bin")
-    blob = ::File.open(file, "rb") {|f|
-      f.read(f.stat.size)
-    }
+    blob = MetasploitPayloads.read('meterpreter', 'msflinker_linux_x86.bin')
 
     Rex::Payloads::Meterpreter::Patch.patch_timeouts!(blob,
       :expiration   => self.client.expiration,

lib/rex/post/meterpreter/extensions/priv/priv.rb

@@ -45,7 +45,7 @@ def getsystem( technique=0 )
 
     elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
 
-    elevator_path = MeterpreterBinaries.path('elevator', client.binary_suffix)
+    elevator_path = MetasploitPayloads.meterpreter_path('elevator', client.binary_suffix)
     if elevator_path.nil?
       raise RuntimeError, "elevator.#{binary_suffix} not found", caller
     end

lib/rex/post/meterpreter/extensions/stdapi/ui.rb

@@ -157,7 +157,7 @@ def screenshot( quality=50 )
 
     # include the x64 screenshot dll if the host OS is x64
     if( client.sys.config.sysinfo['Architecture'] =~ /^\S*x64\S*/ )
-      screenshot_path = MeterpreterBinaries.path('screenshot','x64.dll')
+      screenshot_path = MetasploitPayloads.meterpreter_path('screenshot','x64.dll')
       if screenshot_path.nil?
         raise RuntimeError, "screenshot.x64.dll not found", caller
       end
@@ -172,7 +172,7 @@ def screenshot( quality=50 )
     end
 
     # but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
-    screenshot_path = MeterpreterBinaries.path('screenshot','x86.dll')
+    screenshot_path = MetasploitPayloads.meterpreter_path('screenshot','x86.dll')
     if screenshot_path.nil?
       raise RuntimeError, "screenshot.x86.dll not found", caller
     end

lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb

@@ -689,8 +689,8 @@ def cmd_load(*args)
       case opt
       when "-l"
         exts = SortedSet.new
-        msf_path = MeterpreterBinaries.metasploit_data_dir
-        gem_path = MeterpreterBinaries.local_dir
+        msf_path = MetasploitPayloads.msf_meterpreter_dir
+        gem_path = MetasploitPayloads.local_meterpreter_dir
         [msf_path, gem_path].each do |path|
           ::Dir.entries(path).each { |f|
             if (::File.file?(::File.join(path, f)) && f =~ /ext_server_(.*)\.#{client.binary_suffix}/ )
@@ -737,8 +737,8 @@ def cmd_load(*args)
 
   def cmd_load_tabs(str, words)
     tabs = SortedSet.new
-    msf_path = MeterpreterBinaries.metasploit_data_dir
-    gem_path = MeterpreterBinaries.local_dir
+    msf_path = MetasploitPayloads.msf_meterpreter_dir
+    gem_path = MetasploitPayloads.local_meterpreter_dir
     [msf_path, gem_path].each do |path|
     ::Dir.entries(path).each { |f|
       if (::File.file?(::File.join(path, f)) && f =~ /ext_server_(.*)\.#{client.binary_suffix}/ )

metasploit-framework.gemspec

@@ -64,7 +64,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model', '~> 0.29.0'
   # Needed for Meterpreter on Windows, soon others.
-  spec.add_runtime_dependency 'meterpreter_bins', '0.0.22'
+  spec.add_runtime_dependency 'metasploit-payloads', '0.0.2'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # Needed by anemone crawler

modules/payloads/stages/linux/x86/meterpreter.rb

@@ -100,19 +100,14 @@ def handle_intermediate_stage(conn, payload)
   end
 
   def generate_stage
-    #file = File.join(Msf::Config.data_directory, "msflinker_linux_x86.elf")
-    file = File.join(Msf::Config.data_directory, "meterpreter", "msflinker_linux_x86.bin")
-
-    blob = File.open(file, "rb") {|f|
-      f.read(f.stat.size)
-    }
+    blob = MetasploitPayloads.read('meterpreter', 'msflinker_linux_x86.bin')
 
     Rex::Payloads::Meterpreter::Patch.patch_timeouts!(blob,
       :expiration    => datastore['SessionExpirationTimeout'].to_i,
       :comm_timeout  => datastore['SessionCommunicationTimeout'].to_i,
       :retry_total   => datastore['SessionRetryTotal'].to_i,
       :retry_wait    => datastore['SessionRetryWait'].to_i)
 
-    return blob
+    blob
   end
 end