sempervictus
diff --git a/‎Gemfile.lock
Lines changed: 2 additions & 2 deletions b/‎Gemfile.lock
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/msf/base/serializer/readable_text.rb
Lines changed: 3 additions & 3 deletions b/‎lib/msf/base/serializer/readable_text.rb
Lines changed: 3 additions & 3 deletions
diff --git a/‎lib/msf/base/sessions/meterpreter.rb
Lines changed: 84 additions & 2 deletions b/‎lib/msf/base/sessions/meterpreter.rb
Lines changed: 84 additions & 2 deletions
diff --git a/‎lib/msf/base/sessions/meterpreter_options.rb
Lines changed: 0 additions & 69 deletions b/‎lib/msf/base/sessions/meterpreter_options.rb
Lines changed: 0 additions & 69 deletions
diff --git a/‎lib/msf/core/handler.rb
Lines changed: 4 additions & 5 deletions b/‎lib/msf/core/handler.rb
Lines changed: 4 additions & 5 deletions
diff --git a/‎lib/msf/core/handler/reverse_named_pipe.rb
Lines changed: 76 additions & 0 deletions b/‎lib/msf/core/handler/reverse_named_pipe.rb
Lines changed: 76 additions & 0 deletions
diff --git a/‎lib/msf/core/payload/stager.rb
Lines changed: 0 additions & 2 deletions b/‎lib/msf/core/payload/stager.rb
Lines changed: 0 additions & 2 deletions
@@ -17,7 +17,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.3.1)
+      metasploit-payloads (= 1.3.4)
       metasploit_data_models
       metasploit_payloads-mettle (= 0.2.2)
       msgpack
@@ -150,7 +150,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.3.1)
+    metasploit-payloads (1.3.4)
     metasploit_data_models (2.0.15)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
 
@@ -582,7 +582,7 @@ def self.dump_sessions(framework, opts={})
           row << 'N'
         end
 
-        if session.exploit_datastore.has_key?('LURI') && !session.exploit_datastore['LURI'].empty?
+        if session.exploit_datastore && session.exploit_datastore.has_key?('LURI') && !session.exploit_datastore['LURI'].empty?
           row << " (#{session.exploit_datastore['LURI']})"
         else
           row << '?'
@@ -622,7 +622,7 @@ def self.dump_sessions_verbose(framework, opts={})
       sess_type    = session.type.to_s
       sess_uuid    = session.payload_uuid.to_s
       sess_puid    = session.payload_uuid.respond_to?(:puid_hex) ? session.payload_uuid.puid_hex : nil
-      sess_luri    = session.exploit_datastore['LURI'] || ""
+      sess_luri    = session.exploit_datastore['LURI'] || "" if session.exploit_datastore
       sess_enc     = false
       if session.respond_to?(:tlv_enc_key) && session.tlv_enc_key && session.tlv_enc_key[:key]
         sess_enc   = true
@@ -655,7 +655,7 @@ def self.dump_sessions_verbose(framework, opts={})
       out << "        UUID: #{sess_uuid}\n"
       out << "     CheckIn: #{sess_checkin}\n"
       out << "  Registered: #{sess_registration}\n"
-      unless sess_luri.empty?
+      unless (sess_luri || '').empty?
         out << "        LURI: #{sess_luri}\n"
       end
 
 
@@ -40,6 +40,14 @@ def supports_zlib?
     true
   end
 
+  def tunnel_to_s
+    if self.pivot_session
+      "Pivot via [#{self.pivot_session.tunnel_to_s}]"
+    else
+      super
+    end
+  end
+
   #
   # Initializes a meterpreter session instance using the supplied rstream
   # that is to be used as the client's connection to the server.
@@ -112,6 +120,80 @@ def shell_init
 
   end
 
+  def bootstrap(datastore = {}, handler = nil)
+    session = self
+
+    init_session = Proc.new do
+      # Configure unicode encoding before loading stdapi
+      session.encode_unicode = datastore['EnableUnicodeEncoding']
+
+      session.init_ui(self.user_input, self.user_output)
+
+      session.tlv_enc_key = session.core.negotiate_tlv_encryption
+
+      unless datastore['AutoVerifySession'] == false
+        unless session.is_valid_session?(datastore['AutoVerifySessionTimeout'].to_i)
+          print_error("Meterpreter session #{session.sid} is not valid and will be closed")
+          # Terminate the session without cleanup if it did not validate
+          session.skip_cleanup = true
+          session.kill
+          return nil
+        end
+      end
+
+      # always make sure that the new session has a new guid if it's not already known
+      guid = session.session_guid
+      if guid == "\x00" * 16
+        guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
+        session.core.set_session_guid(guid)
+        session.session_guid = guid
+        # TODO: New statgeless session, do some account in the DB so we can track it later.
+      else
+        # TODO: This session was either staged or previously known, and so we shold do some accounting here!
+      end
+
+      unless datastore['AutoLoadStdapi'] == false
+
+        session.load_stdapi
+
+        unless datastore['AutoSystemInfo'] == false
+          session.load_session_info
+        end
+
+        # only load priv on native windows
+        # TODO: abastrct this too, to remove windows stuff
+        if session.platform == 'windows' && [ARCH_X86, ARCH_X64].include?(session.arch)
+          session.load_priv rescue nil
+        end
+      end
+
+      # TODO: abstract this a little, perhaps a "post load" function that removes
+      # platform-specific stuff?
+      if session.platform == 'android'
+        session.load_android
+      end
+
+      ['InitialAutoRunScript', 'AutoRunScript'].each do |key|
+        unless datastore[key].nil? || datastore[key].empty?
+          args = Shellwords.shellwords(datastore[key])
+          print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'")
+          session.execute_script(args.shift, *args)
+        end
+      end
+
+      # Process the auto-run scripts for this session
+      if self.respond_to?(:process_autoruns)
+        self.process_autoruns(datastore)
+      end
+
+      # Tell the handler that we have a session
+      handler.on_session(self) if handler
+    end
+
+    # Defer the session initialization to the Session Manager scheduler
+    framework.sessions.schedule init_session
+  end
+
   ##
   # :category: Msf::Session::Provider::SingleCommandShell implementors
   #
@@ -255,14 +337,14 @@ def reset_ui
   #
   # Terminates the session
   #
-  def kill
+  def kill(reason='')
     begin
       cleanup_meterpreter
       self.sock.close if self.sock
     rescue ::Exception
     end
     # deregister will actually trigger another cleanup
-    framework.sessions.deregister(self)
+    framework.sessions.deregister(self, reason)
   end
 
   #
 
@@ -26,75 +26,6 @@ def initialize(info = {})
       ], self.class)
   end
 
-  #
-  # Once a session is created, automatically load the stdapi extension if the
-  # advanced option is set to true.
-  #
-  def on_session(session)
-    init_session = Proc.new do
-      # Configure unicode encoding before loading stdapi
-      session.encode_unicode = datastore['EnableUnicodeEncoding']
-
-      session.init_ui(self.user_input, self.user_output)
-
-      print_good("negotiating tlv encryption")
-      session.tlv_enc_key = session.core.negotiate_tlv_encryption
-      print_good("negotiated tlv encryption")
-
-      if datastore['AutoVerifySession']
-        if !session.is_valid_session?(datastore['AutoVerifySessionTimeout'].to_i)
-          print_error("Meterpreter session #{session.sid} is not valid and will be closed")
-          # Terminate the session without cleanup if it did not validate
-          session.skip_cleanup = true
-          session.kill
-          return nil
-        end
-      end
-      print_good("negotiated tlv encryption")
-
-      # always make sure that the new session has a new guid if it's not already known
-      guid = session.session_guid
-      if guid == '00000000-0000-0000-0000-000000000000'
-        guid = SecureRandom.uuid
-        session.core.set_session_guid(guid)
-        session.session_guid = guid
-        # TODO: New stageless session, do some account in the DB so we can track it later.
-      else
-        # TODO: This session was either staged or previously known, and so we shold do some accounting here!
-      end
-
-      # Call registered on_session callbacks
-      super
-
-      if datastore['AutoLoadStdapi']
-        session.load_stdapi
-
-        if datastore['AutoSystemInfo']
-          session.load_session_info
-        end
-
-        # only load priv on native windows
-        if session.platform == 'windows' && [ARCH_X86, ARCH_X64].include?(session.arch)
-          session.load_priv rescue nil
-        end
-      end
-
-      if session.platform == 'android'
-        session.load_android
-      end
-
-      [ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key|
-        unless datastore[key].empty?
-          args = Shellwords.shellwords( datastore[key] )
-          print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'")
-          session.execute_script(args.shift, *args)
-        end
-      end
-    end
-
-    # Defer the session initialization to the Session Manager scheduler
-    framework.sessions.schedule init_session
-  end
 end
 end
 end
 
@@ -244,11 +244,10 @@ def register_session(session)
     framework.sessions.register(session)
 
     # Call the handler's on_session() method
-    on_session(session)
-
-    # Process the auto-run scripts for this session
-    if session.respond_to?('process_autoruns')
-      session.process_autoruns(datastore)
+    if session.respond_to?(:bootstrap)
+      session.bootstrap(datastore, self)
+    else
+      on_session(session)
     end
 
     # If there is an exploit associated with this payload, then let's notify
 
@@ -0,0 +1,76 @@
+# -*- coding: binary -*-
+require 'thread'
+require 'msf/core/post_mixin'
+
+module Msf
+module Handler
+###
+#
+# TODO: docs
+#
+###
+module ReverseNamedPipe
+
+  include Msf::Handler
+
+  #
+  # Returns the string representation of the handler type, in this case
+  # 'reverse_named_pipe'.
+  #
+  def self.handler_type
+    "reverse_named_pipe"
+  end
+
+  #
+  # Returns the connection-described general handler type, in this case
+  # 'reverse'.
+  #
+  def self.general_handler_type
+    "reverse"
+  end
+
+  #
+  # Initializes the reverse handler and ads the options that are required
+  # for reverse named pipe payloads.
+  #
+  def initialize(info={})
+    super
+
+    register_options([
+      OptString.new('PIPENAME', [true, 'Name of the pipe to listen on', 'msf-pipe']),
+      OptString.new('PIPEHOST', [true, 'Host of the pipe to connect to', '.'])
+    ], Msf::Handler::ReverseNamedPipe)
+  end
+
+  #
+  # Closes the listener socket if one was created.
+  #
+  def cleanup_handler
+    # we're just pretending to be a handler
+  end
+
+  # A string suitable for displaying to the user
+  #
+  # @return [String]
+  def human_name
+    "reverse named pipe"
+  end
+
+  #
+  # Starts monitoring for an inbound connection.
+  #
+  def start_handler
+    # we're just pretending to be a handler
+  end
+
+  #
+  # Stops monitoring for an inbound connection.
+  #
+  def stop_handler
+    # we're just pretending to be a handler
+  end
+
+end
+end
+end
+
@@ -165,8 +165,6 @@ def handle_connection(conn, opts={})
     # If the stage should be sent over the client connection that is
     # established (which is the default), then go ahead and transmit it.
     if (stage_over_connection?)
-      opts = {}
-
       if respond_to? :include_send_uuid
         if include_send_uuid
           uuid_raw = conn.get_once(16, 1)