Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add udpsockedi, tag compatible payloads #11968

Merged
merged 5 commits into from Jun 29, 2019

Conversation

Projects
None yet
2 participants
@busterb
Copy link
Member

commented Jun 11, 2019

Not all payloads compatible with TCP stagers are compatible with UDP stagers, so assuming sockedi is not sufficient to ensure compatibility. This adds a udpsockedi which pairs compatible payloads together.

Fixes #10336 (probably)

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • Rebuild the module cache (outside of the scope here, but suffice to say you should only be able to use two modules:
msf5 auxiliary(gather/shodan_search) > search reverse_udp

Matching Modules
================

   #  Name                               Disclosure Date  Rank    Check  Description
   -  ----                               ---------------  ----    -----  -----------
   0  payload/python/shell_reverse_udp                    normal  No     Command Shell, Reverse UDP (via python)
   1  payload/windows/shell/reverse_udp                   normal  No     Windows Command Shell, Reverse UDP Stager with UUID Support

  • Verify the existing reverse_udp modules actually work (I tested with wine, YMMV)
add udpsockedi, tag compatible payloads
Not all payloads compatible with TCP stagers are compatible with UDP
stagers, so assuming sockedi is not sufficient to ensure compatibility.
This adds a udpsockedi which pairs compatible payloads together.

busterb added some commits Jun 11, 2019

@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 12, 2019

Looks like this has an issue with modules/stages/windows/patchupdllinject.rb not actually being a UDP payload. Since it doesn't look like the module knows how to do UDP I think it can be removed?

@busterb

This comment has been minimized.

Copy link
Member Author

commented Jun 12, 2019

Thanks, I had already removed that payload, just needed to remove it from the rspec tests. That is done now too.

@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 13, 2019

Where did you remove it? I see it in master:https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/windows/patchupdllinject.rb and I don't see it removed as part of this PR.

@busterb

This comment has been minimized.

Copy link
Member Author

commented Jun 19, 2019

windows/patchupdllinject/reverse_udp

This payload no longer exists as of this PR.

@busterb

This comment has been minimized.

Copy link
Member Author

commented Jun 19, 2019

Note that due to quirks in the module search cache, you still need to update the cache to make it completely go away in search (see my other PR making this easier to do).

@acammack-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 21, 2019

Ah got it. I was misreading the purpose of the stage itself, this looks GTG.

@busterb busterb self-assigned this Jun 29, 2019

@busterb busterb merged commit f11a205 into rapid7:master Jun 29, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Jun 29, 2019

@busterb

This comment has been minimized.

Copy link
Member Author

commented Jun 29, 2019

Release Notes

This enables UDP support only where there are compatible payloads, removing some broken stager/stage combinations from the payload module list.

msjenkins-r7 added a commit that referenced this pull request Jun 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.