Inconsistencies among mettle arches/stage values and prepend/output types.

[bwatters-r7]

This all started because I wanted to enable prepend values on stageless meterpreter payloads and other architecture payloads.
Prepends for Linux payloads are established here: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/linux.rb

That provides the advanced options and logic for prepending the shellcode to the payload before it is elf-ified by utils.

Unfortunately, that works by prepending the values to the buffer, and not all architectures are supported. Unfortunately, AARCH_64 has different stager logic, so simply adding the shellcode in like the other archetectures is not an option.
Further, in the case of stageless mettle like reverse_tcp, the generate method just requests the full elf file from mettle:

metasploit-framework/modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb

Line 41 in d75ed35

MetasploitPayloads::Mettle.new('x86_64-linux-musl', generate_config(opts)).to_binary :exec

When we use a staged mettle payload, we're implementing a midstager that just copies up the full elf file and calculates the entry point, then just jumps: https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/linux/x64/meterpreter.rb

Also, I don't believe that we get any sort of usable shellcode when we request a raw stageless payload in venom.

There are a couple of things here:

• Fix the delivery of shellcode so that a RAW stageless payload works.
• Add parity for prepends of other architectures
• Maybe add a way to determine if a prepend (or any option) is supported programmatically. Right now, you can set PrependSetuid on any payload and it may or may not work, with no warning if it does not. Further, since all the options are in the msf::payload::linux mixin are added to every payload without checking the payload arch, the datatastore is being properly populated by important options we're offering the user and developer that that will simply be ignored.
• Maybe let's not upload the whole elf file for the mettle midstager?
• Correct the implementation of AARCH_64 to take prepends like the other stagers.

Thanks to my partners in crime in tracking a lot of this down, @smcintyre-r7 and @dledda-r7

[bwatters-r7]

Related: #19670

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.