Refactor arch/platform, refactor TLV XOR, add UUID to each packet, fix payload uuid/arch/platform tracking, and update everything to match

Gemfile.lock

@@ -33,7 +33,7 @@ PATH
       rb-readline-r7
       recog
       redcarpet
-      rex-arch
+      rex-arch (= 0.1.2)
       rex-bin_tools
       rex-core
       rex-encoder
@@ -235,7 +235,7 @@ GEM
     recog (2.0.22)
       nokogiri
     redcarpet (3.3.4)
-    rex-arch (0.1.1)
+    rex-arch (0.1.2)
       rex-text
     rex-bin_tools (0.1.1)
       metasm

lib/msf/base/serializer/readable_text.rb

@@ -546,7 +546,11 @@ def self.dump_sessions(framework, opts={})
       row = []
       row << session.sid.to_s
       row << session.type.to_s
-      row[-1] << (" " + session.platform) if session.respond_to?(:platform)
+      if session.respond_to?(:session_type)
+        row[-1] << (" " + session.session_type)
+      elsif session.respond_to?(:platform)
+        row[-1] << (" " + session.platform)
+      end
 
       if show_extended
         if session.respond_to?(:last_checkin) && session.last_checkin

lib/msf/base/sessions/command_shell_options.rb

@@ -34,7 +34,15 @@ def on_session(session)
     if self.platform and self.platform.kind_of? Msf::Module::Platform
       session.platform = self.platform.realname.downcase
     end
-    session.arch     = self.arch if self.arch
+
+    if self.arch
+      if self.arch.kind_of?(Array)
+        session.arch = self.arch.join('')
+      else
+        session.arch = self.arch
+      end
+    end
+
   end
 
 end

lib/msf/base/sessions/mainframe_shell.rb

@@ -32,8 +32,8 @@ class MainframeShell < Msf::Sessions::CommandShell
   # initialize as mf shell session
   #
   def initialize(*args)
-    self.platform = "mainframe"
-    self.arch = "zarch"
+    self.platform = 'mainframe'
+    self.arch = ARCH_ZARCH
     self.translate_1047 = true
     super
   end

lib/msf/base/sessions/meterpreter.rb

@@ -284,7 +284,7 @@ def run_cmd(cmd)
   #
   # Load the stdapi extension.
   #
-  def load_stdapi()
+  def load_stdapi
     original = console.disable_output
     console.disable_output = true
     console.run_single('load stdapi')
@@ -294,9 +294,8 @@ def load_stdapi()
   #
   # Load the priv extension.
   #
-  def load_priv()
+  def load_priv
     original = console.disable_output
-
     console.disable_output = true
     console.run_single('load priv')
     console.disable_output = original
@@ -310,7 +309,6 @@ def is_valid_session?(timeout=10)
 
     begin
       self.machine_id = self.core.machine_id(timeout)
-      self.payload_uuid ||= self.core.uuid(timeout)
 
       return true
     rescue ::Rex::Post::Meterpreter::RequestError
@@ -325,41 +323,18 @@ def is_valid_session?(timeout=10)
   def update_session_info
     username = self.sys.config.getuid
     sysinfo  = self.sys.config.sysinfo
-    tuple = self.platform.split('/')
 
-    #
-    # Windows meterpreter currently needs 'win32' or 'win64' to be in the
-    # second half of the platform tuple, in order for various modules and
-    # library code match on that specific string.
-    #
-    if self.platform !~ /win32|win64/
-
-      platform = case self.sys.config.sysinfo['OS']
-        when /windows/i
-          Msf::Module::Platform::Windows
-        when /darwin/i
-          Msf::Module::Platform::OSX
-        when /freebsd/i
-          Msf::Module::Platform::FreeBSD
-        when /netbsd/i
-          Msf::Module::Platform::NetBSD
-        when /openbsd/i
-          Msf::Module::Platform::OpenBSD
-        when /sunos/i
-          Msf::Module::Platform::Solaris
-        when /android/i
-          Msf::Module::Platform::Android
-        else
-          Msf::Module::Platform::Linux
-      end.realname.downcase
-
-      #
-      # This normalizes the platform from 'python/python' to 'python/linux'
-      #
-      self.platform = "#{tuple[0]}/#{platform}"
+    # when updating session information, we need to make sure we update the platform
+    # in the UUID to match what the target is actually running on, but only for a
+    # subset of platforms.
+    if ['java', 'python', 'php'].include?(self.platform)
+      new_platform = guess_target_platform(sysinfo['OS'])
+      if self.platform != new_platform
+        self.payload_uuid.platform = new_platform
+        self.core.set_uuid(self.payload_uuid)
+      end
     end
 
-
     safe_info = "#{username} @ #{sysinfo['Computer']}"
     safe_info.force_encoding("ASCII-8BIT") if safe_info.respond_to?(:force_encoding)
     # Should probably be using Rex::Text.ascii_safe_hex but leave
@@ -369,6 +344,24 @@ def update_session_info
     self.info = safe_info
   end
 
+  def guess_target_platform(os)
+    case os
+    when /windows/i
+      Msf::Module::Platform::Windows.realname.downcase
+    when /darwin/i
+      Msf::Module::Platform::OSX.realname.downcase
+    when /mac os ?x/i
+      # this happens with java on OSX (for real!)
+      Msf::Module::Platform::OSX.realname.downcase
+    when /freebsd/i
+      Msf::Module::Platform::FreeBSD.realname.downcase
+    when /openbsd/i, /netbsd/i
+      Msf::Module::Platform::BSD.realname.downcase
+    else
+      Msf::Module::Platform::Linux.realname.downcase
+    end
+  end
+
   #
   # Populate the session information.
   #
@@ -493,20 +486,79 @@ def create(param)
 
     sock = net.socket.create(param)
 
-    # sf: unsure if we should raise an exception or just return nil. returning nil for now.
-    #if( sock == nil )
-    #  raise Rex::UnsupportedProtocol.new(param.proto), caller
-    #end
-
     # Notify now that we've created the socket
     notify_socket_created(self, sock, param)
 
     # Return the socket to the caller
     sock
   end
 
-  attr_accessor :platform
-  attr_accessor :binary_suffix
+  #
+  # Get a string representation of the current session platform
+  #
+  def platform
+    if self.payload_uuid
+      # return the actual platform of the current session if it's there
+      self.payload_uuid.platform
+    else
+      # otherwise just use the base for the session type tied to this handler.
+      # If we don't do this, storage of sessions in the DB dies
+      self.base_platform
+    end
+  end
+
+  #
+  # Get a string representation of the current session architecture
+  #
+  def arch
+    if self.payload_uuid
+      # return the actual arch of the current session if it's there
+      self.payload_uuid.arch
+    else
+      # otherwise just use the base for the session type tied to this handler.
+      # If we don't do this, storage of sessions in the DB dies
+      self.base_arch
+    end
+  end
+
+  #
+  # Generate a binary suffix based on arch
+  #
+  def binary_suffix
+    # generate a file/binary suffix based on the current arch and platform.
+    # Platform-agnostic archs go first
+    case self.arch
+    when 'java'
+      'jar'
+    when 'php'
+      'php'
+    when 'python'
+      'py'
+    else
+      # otherwise we fall back to the platform
+      case self.platform
+      when 'windows'
+        "#{self.arch}.dll"
+      when 'linux' , 'aix' , 'hpux' , 'irix' , 'unix'
+        'lso'
+      when 'android', 'java'
+        'jar'
+      when 'php'
+        'php'
+      when 'python'
+        'py'
+      else
+        nil
+      end
+    end
+  end
+
+  # These are the base arch/platform for the original payload, required for when the
+  # session is first created thanks to the fact that the DB session recording
+  # happens before the session is even established.
+  attr_accessor :base_arch
+  attr_accessor :base_platform
+
   attr_accessor :console # :nodoc:
   attr_accessor :skip_ssl
   attr_accessor :skip_cleanup

lib/msf/base/sessions/meterpreter_android.rb

@@ -16,7 +16,8 @@ class Meterpreter_Java_Android < Msf::Sessions::Meterpreter_Java_Java
 
   def initialize(rstream, opts={})
     super
-    self.platform = 'java/android'
+    self.base_platform = 'android'
+    self.base_arch = ARCH_JAVA
   end
 
   def load_android

lib/msf/base/sessions/meterpreter_armle_linux.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'armle/linux'
-    self.binary_suffix = 'lso'
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_ARMLE
   end
 end
 

lib/msf/base/sessions/meterpreter_java.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'java/java'
-    self.binary_suffix = 'jar'
+    self.base_platform = 'java'
+    self.base_arch = ARCH_JAVA
   end
 end
 

lib/msf/base/sessions/meterpreter_mipsbe_linux.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'mipsbe/linux'
-    self.binary_suffix = 'lso'
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_MIPSBE
   end
 end
 

lib/msf/base/sessions/meterpreter_mipsle_linux.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'mipsle/linux'
-    self.binary_suffix = 'lso'
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_MIPSLE
   end
 end
 

lib/msf/base/sessions/meterpreter_options.rb

@@ -60,12 +60,13 @@ def on_session(session)
           session.load_session_info
         end
 
-        if session.platform =~ /win32|win64/i
+        # only load priv on native windows
+        if session.platform == 'windows' && [ARCH_X86, ARCH_X64].include?(session.arch)
           session.load_priv rescue nil
         end
       end
 
-      if session.platform =~ /android/i
+      if session.platform == 'android'
         if datastore['AutoLoadAndroid']
           session.load_android
         end

lib/msf/base/sessions/meterpreter_php.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'php/php'
-    self.binary_suffix = 'php'
+    self.base_platform = 'php'
+    self.base_arch = ARCH_PHP
   end
 end
 

lib/msf/base/sessions/meterpreter_python.rb

@@ -86,8 +86,8 @@ class Meterpreter_Python_Python < Msf::Sessions::Meterpreter
 
   def initialize(rstream, opts={})
     super
-    self.platform      = 'python/python'
-    self.binary_suffix = 'py'
+    self.base_platform = 'python'
+    self.base_arch = ARCH_PYTHON
   end
 
   def lookup_error(error_code)
@@ -116,5 +116,6 @@ def supports_zlib?
     false
   end
 end
+
 end
 end

lib/msf/base/sessions/meterpreter_x64_mettle_linux.rb

@@ -19,8 +19,8 @@ def supports_zlib?
   end
   def initialize(rstream, opts={})
     super
-    self.platform      = 'x64/linux'
-    self.binary_suffix = 'lso'
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_X64
   end
 end
 

lib/msf/base/sessions/meterpreter_x64_win.rb

@@ -14,8 +14,8 @@ module Sessions
 class Meterpreter_x64_Win < Msf::Sessions::Meterpreter
   def initialize(rstream, opts={})
     super
-    self.platform      = 'x64/win64'
-    self.binary_suffix = 'x64.dll'
+    self.base_platform = 'windows'
+    self.base_arch = ARCH_X64
   end
 
   def lookup_error(code)

lib/msf/base/sessions/meterpreter_x86_bsd.rb

@@ -13,8 +13,8 @@ module Sessions
 class Meterpreter_x86_BSD < Msf::Sessions::Meterpreter
   def initialize(rstream, opts={})
     super
-    self.platform      = 'x86/bsd'
-    self.binary_suffix = 'bso'
+    self.base_platform = 'bsd'
+    self.base_arch = ARCH_X86
   end
 end
 

lib/msf/base/sessions/meterpreter_x86_linux.rb

@@ -13,8 +13,8 @@ module Sessions
 class Meterpreter_x86_Linux < Msf::Sessions::Meterpreter
   def initialize(rstream, opts={})
     super
-    self.platform      = 'x86/linux'
-    self.binary_suffix = 'lso'
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_X86
   end
 end