Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lwp-request CmdStager #12795

Merged
merged 1 commit into from
Jan 16, 2020
Merged

Add lwp-request CmdStager #12795

merged 1 commit into from
Jan 16, 2020

Conversation

bcoles
Copy link
Contributor

@bcoles bcoles commented Jan 6, 2020

@wvu wvu self-assigned this Jan 14, 2020
@wvu
Copy link
Contributor

wvu commented Jan 14, 2020

There's also these, but if you have the symlink, you should have lwp-request!

wvu@csv5:~$ ll /usr/bin/{GET,POST}
lrwxrwxrwx 1 root root 11 Dec  5  2015 /usr/bin/GET -> lwp-request
lrwxrwxrwx 1 root root 11 Dec  5  2015 /usr/bin/POST -> lwp-request
wvu@csv5:~$

@bcoles
Copy link
Contributor Author

bcoles commented Jan 14, 2020

There's also these, but if you have the symlink, you should have lwp-request!

wvu@csv5:~$ ll /usr/bin/{GET,POST}
lrwxrwxrwx 1 root root 11 Dec  5  2015 /usr/bin/GET -> lwp-request
lrwxrwxrwx 1 root root 11 Dec  5  2015 /usr/bin/POST -> lwp-request
wvu@csv5:~$

You would hope so. I initially wrote this with the intention of using GET.

@wvu
Copy link
Contributor

wvu commented Jan 14, 2020
edited
Loading

My OS X box doesn't have the links. Also, it uses LWP-REQUESTS as the default method: rapid7/rex-exploitation#22 (comment). So maybe specifying -m GET will get us through most cases.

@wvu
Copy link
Contributor

wvu commented Jan 16, 2020

I'm updating Gemfile.lock and LICENSE_GEMS while landing.

wvu added a commit that referenced this pull request Jan 16, 2020
@wvu
Land #12795, lwp-request CmdStager
c53e770
@wvu wvu merged commit c2a1294 into rapid7:master Jan 16, 2020
@wvu
Copy link
Contributor

wvu commented Jan 16, 2020

2a3f7d8

@wvu
Copy link
Contributor

wvu commented Jan 16, 2020
edited by tperry-r7
Loading

Release Notes

This adds a command stager for binary payloads that utilizes the lwp-request (-m GET) command to fetch a payload over HTTP.

msjenkins-r7 pushed a commit that referenced this pull request Jan 16, 2020
@wvu @msjenkins-r7
Land #12795, lwp-request CmdStager
e671a5d
@bcoles bcoles deleted the cmdstager-lwprequest branch January 16, 2020 23:34
@tperry-r7 tperry-r7 added the rn-enhancement release notes enhancement label Feb 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu approved these changes

Assignees

@wvu wvu

Labels
enhancement feature rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bcoles @wvu @tperry-r7