-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python reverse HTTPS stager #4978
Conversation
Odd test note. If I use python/meterpreter/reverse_http and exploit/multi/handler with |
The payload stack traces when an invalid SSL listener is used. Maybe this should try harder or catch the exception?
|
Something is causing the reverse_http handler to close the listener after the first connection, even in This issue seems specific to the Python payload session handling, as the Windows payloads aren't exhibiting this problem. |
This is as far as I got so far, switching gears to another project, but maybe it will help track things down. Handing off to @bcook-r7 since he was the least person to dive into the HTTP handler issues and might have a better idea. A few requests into the process, the cleanup() method is being called on the listener:
|
@bcook-r7 If nothing jumps out, feel free to send this back to me to dig into. |
it seemed to work differently for me - I get a traceback, but its sort of expected (though we would probably want certification to be configurable like the winhttp stager/meterpreter): urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)> |
Apparently in Python 2.7.9 they started to validate the SSL certificate information by default. I had been testing with 2.7.8 as my 2.7 target. I'll need to check if / when certificate checking was added into the 3.x versions as well. I could make it configurable for the user to select whether the certificate should be validated or not, but only the newest versions would support it (2.7.9 was released Dec 10th, 2014), while older versions would ignore the option. |
I was testing 2.7.9 - let me try an older revision. |
The option you would want it to follow is 'StagerVerifySSLCert', which would make it work like the reverse_winhttps stager. I tried it with an earlier python version and it worked without failing during verification. You hit the nail on the head @hmoore-r7 with regard to the service handler stopping too early. Certainly something wrong there. |
Worked around the SSL certificate validation issue. The latest versions of Python (2.7.9 and 3.4.3) add the After speaking to @bcook-r7 regarding the I updated the list of Python versions I have tested this on in the original PR information. |
The |
reverse_tcp
reverse_http
reverse_https
|
A funny thing to note, pymet crashes both system python interpreters (a 2.6 and a 2.7 one) on OS X 10.10. It works fine with the homebrew version though. |
reverse_https via tinyproxy
reverse_http with tinyproxy
|
There was a refcount issue with python http/s sessions, I fixed that here as well. |
Thanks @zeroSteiner! |
This adds a reverse HTTPS stager for Python to complement the existing HTTP one. Payload specs have been updated with the new stager.
This also addresses a small issue with the unicode type check. It looks like
__builtins__
is a dictionary when using the HTTP / HTTPS stagers, this works around that with a more strict check.Tested on:
Testing Steps: