You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR is requires rapid7/metasploit-payloads#679
The change to client_core.rb is necessary to support encrypted stdapi libraries.
Other changes were made to support encrypted file contents being added to zip/jar/archive files by using ::MetasploitPayloads.read which will handle encrypted/plain-text payloads as #add_files cannot take in a buffer, and we have to resort to calling #add_file for each file with the contents instead.
Verification
Start msfconsole
Use a payload, for example use payload/python/meterpreter/reverse_tcp
Ensure you can get get a session as usual
When in irb, check that the payload being read is stored as an encrypted file on disk
The title was a bit of a misnomer. We're just adding at rest encryption for the Meterpreter payloads on disk, the changes should be transparent for the average user
Pesky AVs not appreciating users having the files on their machines?
Might be interesting to have runtime decryption on the other side for conditional loading/clearing of extensions when not in use to an encrypted read-only "inert code cave" (or just from remote again) for reloading on-demand. Might help reduce our runtime fingerprints in-memory.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
adfoster-r7
changed the title
sjanusz-r7
force-pushed
the
add-encrypted-payloads-support
branch
from
This PR is requires rapid7/metasploit-payloads#679
The change to
client_core.rbis necessary to support encrypted stdapi libraries.Other changes were made to support encrypted file contents being added to zip/jar/archive files by using
::MetasploitPayloads.readwhich will handle encrypted/plain-text payloads as#add_filescannot take in a buffer, and we have to resort to calling#add_filefor each file with the contents instead.Verification
msfconsoleuse payload/python/meterpreter/reverse_tcpirb, check that the payload being read is stored as an encrypted file on diskpath = ::MetasploitPayloads.path('meterpreter', 'meterpreter.py')raw_contents = ::File.binread(path); nilraw_contents[0..5] == "msf\x01\x01\x01"decrypted_contents = ::MetasploitPayloads.read('meterpreter', 'meterpreter.py')