Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Pingback Payloads #12129
Re-PR from #11903
A few of the Metasploit elves have been working in private on a new set of payloads that demonstrate risk without creating it. This is the public introduction to something we call pingback payloads.
What is a Pingback Payload?
Pingback payloads are designed to provide a limited-functionality payload to verify an exploit has worked. It does not provide a shell of any kind. A pingback payload creates a "random" UUID value (separate from the payload UUID) that is written to the Metasploit database along with other data. When executed on target, the payload sends back that UUID to verify that the exploit worked, but nothing else. When Framework receives that UUID, we verify the target is vulnerable to the exploit without loading an interactive shell.
This prevents traditional [W/M]ITM attacks or someone sniffing the traffic for information, as the UUID itself means nothing to a listener, and without further execution, the session itself is not particularly valuable to an attacker.
This payload should not work with any exploit that includes file dropper or that requires post-exploit cleanup.
acammack-r7 left a comment •
Looks like the Ruby payloads grew a bit. I don't mind using the multi-line self-concatenating string literals for them since the finished payload need not have any newlines in it (unlike the Python ones).
Formatting like this looks is fine for strings that don't need newlines:
return "....." \ "......" \ "......."
EDITED TO ADD: After thinking about it, trading the semicolons for newlines isn't too bad, but the payloads still picked up some extra spaces inside their expressions.
Jul 30, 2019
This adds a new payload type designed only to report that code execution was possible on the target, instead of creating a controllable remote shell itself. This is useful for verifying susceptibility to exploitation, in addition to opening the possibility for discrete one-way communication with a the remote target rather than creating more obvious networking fingerprints via the payload as evidence of exploitation.