Land rapid7#19259, warn on weak meterpreter keys

Fixing meterpreter to support is_weak_key byte flag from mettle

Author: smcintyre-r7

Gemfile.lock

@@ -42,7 +42,7 @@ PATH
       metasploit-model
       metasploit-payloads (= 2.0.166)
       metasploit_data_models
-      metasploit_payloads-mettle (= 1.0.26)
+      metasploit_payloads-mettle (= 1.0.28)
       mqtt
       msgpack (~> 1.6.0)
       mutex_m
@@ -304,7 +304,7 @@ GEM
       railties (~> 7.0)
       recog
       webrick
-    metasploit_payloads-mettle (1.0.26)
+    metasploit_payloads-mettle (1.0.28)
     method_source (1.1.0)
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)

LICENSE_GEMS

@@ -90,7 +90,7 @@ metasploit-framework, 6.4.15, "New BSD"
 metasploit-model, 5.0.2, "New BSD"
 metasploit-payloads, 2.0.166, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.3, "New BSD"
-metasploit_payloads-mettle, 1.0.26, "3-clause (or ""modified"") BSD"
+metasploit_payloads-mettle, 1.0.28, "3-clause (or ""modified"") BSD"
 method_source, 1.1.0, MIT
 mime-types, 3.5.2, MIT
 mime-types-data, 3.2024.0604, MIT

lib/msf/base/sessions/meterpreter.rb

@@ -175,7 +175,11 @@ def bootstrap(datastore = {}, handler = nil)
     end
 
     session.commands.concat(session.core.get_loaded_extension_commands('core'))
-
+    if session.tlv_enc_key[:weak_key?]
+      print_warning("Meterpreter session #{session.sid} is using a weak encryption key.")
+      print_warning('Meterpreter start up operations have been aborted. Use the session at your own risk.')
+      return nil
+    end
     # Unhook the process prior to loading stdapi to reduce logging/inspection by any AV/PSP
     if datastore['AutoUnhookProcess'] == true
       console.run_single('load unhook')

lib/rex/post/meterpreter/client_core.rb

@@ -25,7 +25,7 @@ module Meterpreter
 #
 ###
 class ClientCore < Extension
-
+  
   METERPRETER_TRANSPORT_TCP   = 0
   METERPRETER_TRANSPORT_HTTP  = 1
   METERPRETER_TRANSPORT_HTTPS = 2
@@ -710,7 +710,7 @@ def migrate(target_pid, writable_dir = nil, opts = {})
 
     # Renegotiate TLV encryption on the migrated session
     secure
-
+  
     # Load all the extensions that were loaded in the previous instance (using the correct platform/binary_suffix)
     client.ext.aliases.keys.each { |e|
       client.core.use(e)
@@ -758,19 +758,32 @@ def valid_transport?(transport)
   #
   def negotiate_tlv_encryption(timeout: client.comm_timeout)
     sym_key = nil
+    is_weak_key = nil
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     rsa_pub_key = rsa_key.public_key
 
-    request  = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
+    request = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
     request.add_tlv(TLV_TYPE_RSA_PUB_KEY, rsa_pub_key.to_der)
 
     begin
       response = client.send_request(request, timeout)
       key_enc = response.get_tlv_value(TLV_TYPE_ENC_SYM_KEY)
       key_type = response.get_tlv_value(TLV_TYPE_SYM_KEY_TYPE)
-
+      key_length = { Packet::ENC_FLAG_AES128 => 16, Packet::ENC_FLAG_AES256 => 32 }[key_type]
       if key_enc
-        sym_key = rsa_key.private_decrypt(key_enc, OpenSSL::PKey::RSA::PKCS1_PADDING)
+        key_dec_data = rsa_key.private_decrypt(key_enc, OpenSSL::PKey::RSA::PKCS1_PADDING)
+        if !key_dec_data
+          raise Rex::Post::Meterpreter::RequestError
+        end
+        sym_key = key_dec_data[0..key_length - 1]
+        is_weak_key = false
+        if key_dec_data.length > key_length
+          key_dec_data = key_dec_data[key_length...]
+          if key_dec_data.length > 0
+            key_strength = key_dec_data[0]
+            is_weak_key = key_strength != "\x00"
+          end
+        end
       else
         sym_key = response.get_tlv_value(TLV_TYPE_SYM_KEY)
       end
@@ -781,7 +794,8 @@ def negotiate_tlv_encryption(timeout: client.comm_timeout)
 
     {
       key:  sym_key,
-      type: key_type
+      type: key_type,
+      weak_key?: is_weak_key
     }
   end
 

metasploit-framework.gemspec

@@ -76,7 +76,7 @@ Gem::Specification.new do |spec|
   # Needed for Meterpreter
   spec.add_runtime_dependency 'metasploit-payloads', '2.0.166'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.26'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.28'
   # Needed by msfgui and other rpc components
   # Locked until build env can handle newer version. See: https://github.com/msgpack/msgpack-ruby/issues/334
   spec.add_runtime_dependency 'msgpack', '~> 1.6.0'

modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_http.rb

@@ -7,7 +7,7 @@
 # Module generated by tools/modules/generate_mettle_payloads.rb
 module MetasploitModule
 
-  CachedSize = 796620
+  CachedSize = 796948
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_https.rb

@@ -7,7 +7,7 @@
 # Module generated by tools/modules/generate_mettle_payloads.rb
 module MetasploitModule
 
-  CachedSize = 796620
+  CachedSize = 796948
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb

@@ -7,7 +7,7 @@
 # Module generated by tools/modules/generate_mettle_payloads.rb
 module MetasploitModule
 
-  CachedSize = 796620
+  CachedSize = 796948
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/apple_ios/armle/meterpreter_reverse_http.rb

@@ -7,7 +7,7 @@
 # Module generated by tools/modules/generate_mettle_payloads.rb
 module MetasploitModule
 
-  CachedSize = 643568
+  CachedSize = 643872
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/apple_ios/armle/meterpreter_reverse_https.rb

@@ -7,7 +7,7 @@
 # Module generated by tools/modules/generate_mettle_payloads.rb
 module MetasploitModule
 
-  CachedSize = 643568
+  CachedSize = 643872
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions