Module: Rex::Payloads::Meterpreter::Patch
- Defined in:
- lib/rex/payloads/meterpreter/patch.rb
Overview
Provides methods to patch options into metsrv stagers
Class Method Summary collapse
-
.patch_comm_timeout!(blob, comm_timeout) ⇒ Object
Replace the session communication timeout.
-
.patch_expiration!(blob, expiration) ⇒ Object
Replace the session expiration timeout.
-
.patch_passive_service!(blob, options) ⇒ Object
Patch options into metsrv for reverse HTTP payloads.
-
.patch_proxy!(blob, proxyhost, proxyport, proxy_type) ⇒ Object
Activate a custom proxy.
-
.patch_proxy_auth!(blob, proxy_username, proxy_password, proxy_type) ⇒ Object
Proxy authentification.
-
.patch_transport!(blob, ssl) ⇒ Object
Replace the transport string.
-
.patch_ua!(blob, ua) ⇒ Object
Replace the user agent string with our option.
-
.patch_url!(blob, url) ⇒ Object
Replace the URL.
Class Method Details
.patch_comm_timeout!(blob, comm_timeout) ⇒ Object
Replace the session communication timeout
47 48 49 50 51 52 53 54 55 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 47 def self.patch_comm_timeout! blob, comm_timeout i = blob.index([0xaf79257f].pack("V")) if i str = [ comm_timeout ].pack("V") blob[i, str.length] = str end end |
.patch_expiration!(blob, expiration) ⇒ Object
Replace the session expiration timeout
36 37 38 39 40 41 42 43 44 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 36 def self.patch_expiration! blob, expiration i = blob.index([0xb64be661].pack("V")) if i str = [ expiration ].pack("V") blob[i, str.length] = str end end |
.patch_passive_service!(blob, options) ⇒ Object
Patch options into metsrv for reverse HTTP payloads
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 113 def self.patch_passive_service! blob, patch_transport! blob, [:ssl] patch_url! blob, [:url] patch_expiration! blob, [:expiration] patch_comm_timeout! blob, [:comm_timeout] patch_ua! blob, [:ua] patch_proxy!(blob, [:proxyhost], [:proxyport], [:proxy_type] ) patch_proxy_auth!(blob, [:proxy_username], [:proxy_password], [:proxy_type] ) end |
.patch_proxy!(blob, proxyhost, proxyport, proxy_type) ⇒ Object
Activate a custom proxy
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 69 def self.patch_proxy! blob, proxyhost, proxyport, proxy_type i = blob.index("METERPRETER_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") if i if proxyhost if proxyhost.to_s != "" proxyhost = proxyhost.to_s proxyport = proxyport.to_s || "8080" = proxyhost + ":" + proxyport if proxyport == "80" = proxyhost end if proxy_type.to_s == 'HTTP' = 'http://' + else #socks = 'socks=' + end << "\x00" blob[i, .length] = end end end end |
.patch_proxy_auth!(blob, proxy_username, proxy_password, proxy_type) ⇒ Object
Proxy authentification
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 95 def self.patch_proxy_auth! blob, proxy_username, proxy_password, proxy_type unless (proxy_username.nil? or proxy_username.empty?) or (proxy_password.nil? or proxy_password.empty?) or proxy_type == 'SOCKS' proxy_username_loc = blob.index("METERPRETER_USERNAME_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") proxy_username = proxy_username << "\x00" blob[proxy_username_loc, proxy_username.length] = proxy_username proxy_password_loc = blob.index("METERPRETER_PASSWORD_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") proxy_password = proxy_password << "\x00" blob[proxy_password_loc, proxy_password.length] = proxy_password end end |
.patch_transport!(blob, ssl) ⇒ Object
Replace the transport string
14 15 16 17 18 19 20 21 22 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 14 def self.patch_transport! blob, ssl i = blob.index("METERPRETER_TRANSPORT_SSL") if i str = ssl ? "METERPRETER_TRANSPORT_HTTPS\x00" : "METERPRETER_TRANSPORT_HTTP\x00" blob[i, str.length] = str end end |
.patch_ua!(blob, ua) ⇒ Object
Replace the user agent string with our option
58 59 60 61 62 63 64 65 66 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 58 def self.patch_ua! blob, ua ua = ua[0,255] + "\x00" i = blob.index("METERPRETER_UA\x00") if i blob[i, ua.length] = ua end end |
.patch_url!(blob, url) ⇒ Object
Replace the URL
25 26 27 28 29 30 31 32 33 |
# File 'lib/rex/payloads/meterpreter/patch.rb', line 25 def self.patch_url! blob, url i = blob.index("https://" + ("X" * 256)) if i str = url blob[i, str.length] = str end end |