New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MIPS64 Linux Fetch Payloads #18044
Conversation
The size requriement is used when the adapted payload is executed from the command line but that's not the case for the fetch payloads which execute a command to fetch the payload from a URL. The payload size doesn't matter because it's included in the executable file hosted at the URL.
def compatible?(mod) | ||
if mod.type == Msf::MODULE_PAYLOAD && (mod.class.const_defined?(:CachedSize) && mod.class::CachedSize != :dynamic) && (mod.class::CachedSize >= 120_000) # echo does not have an unlimited amount of space | ||
return false | ||
end | ||
super | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This size restriction was carried over from some of the other adapters. The adapters prior to the fetch payloads executed the payload in the command instead of fetching it from a server. For that reason, the command could grow quite large depending on the payload that was selected. The fetch payloads place the adapted payload into an executable binary and request it from a server, so the executed command does not contain it and this the size doesn't matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to add the new payloads to the specs.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specs have been added!
Release NotesAdd MIPS64 Linux Fetch Payloads |
This adds MIPS64 fetch based payloads to the existing x64 ones we originally added.
I was able to test the
cmd/linux/http/mips64/meterpreter_reverse_tcp
with a Ubiquiti USG. This is related to #18016 and my comment here.Testing
cmd/linux/http/mips64/*
payloads