From b4ff3b544ff7e3ddc8d40afb9691109cfe175515 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Fri, 21 Dec 2018 14:32:59 -0600
Subject: [PATCH] Add CMDSTAGER::SSL datastore option

It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.

The CmdStager options hash takes precedence over any datastore options.
---
 lib/msf/core/exploit/cmdstager.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/exploit/cmdstager.rb b/lib/msf/core/exploit/cmdstager.rb
index 4a2e870be5d8..0219d354ba49 100644
--- a/lib/msf/core/exploit/cmdstager.rb
+++ b/lib/msf/core/exploit/cmdstager.rb
@@ -56,7 +56,8 @@ def initialize(info = {})
     register_advanced_options(
       [
         OptEnum.new('CMDSTAGER::FLAVOR', [false, 'The CMD Stager to use.', 'auto', flavors]),
-        OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.'])
+        OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.']),
+        OptBool.new('CMDSTAGER::SSL', [false, 'Use SSL/TLS for supported stagers', false])
       ], self.class)
   end
 
@@ -129,6 +130,7 @@ def generate_cmdstager(opts = {}, pl = nil)
     self.stager_instance = create_stager
 
     if stager_instance.respond_to?(:http?) && stager_instance.http?
+      opts[:ssl] = datastore['CMDSTAGER::SSL'] unless opts.key?(:ssl)
       opts[:payload_uri] = start_service(opts)
     end