Land #680, Correctly encrypt Java & Android files in Rake task

rapid7 · Oct 16, 2023 · 5894466 · 5894466
2 parents d280877 + dddb65e
commit 5894466
Showing 1 changed file with 35 additions and 9 deletions.
diff --git a/gem/Rakefile b/gem/Rakefile
@@ -8,6 +8,8 @@ php_source = "../php/meterpreter/"
 python_source = "../python/meterpreter/"
 dest = "./data"
 meterpreter_dest = "./data/meterpreter"
+android_dest = "./data/android"
+java_dest = "./data/java"
 manifest_file = './manifest'
 manifest_uuid_file = './manifest.uuid'
 manifest_hash_type = 'SHA3-256'
@@ -21,14 +23,33 @@ platform_config = {
       "dll"
     ]
   },
-  :java => {
+  :java_meterpreter => {
     :sources => [
       "../java/output/data/meterpreter"
     ],
     :extensions => [
       "jar"
     ],
   },
+  :java_output => {
+    :sources => [
+      "../java/output/data/java"
+    ],
+    :extensions => [
+      "class"
+    ]
+  },
+  :android => {
+    :sources => [
+      "../java/output/data/android"
+    ],
+    :extensions => [
+      "jar",
+      "dex",
+      "xml",
+      "arsc"
+    ]
+  },
   :php => {
     :sources => [
       php_source
@@ -50,12 +71,16 @@ platform_config = {
 def copy_files(cnf, meterpreter_dest)
   cnf[:sources].each do |f|
     cnf[:extensions].each do |ext|
-      Dir.glob("#{f}/*.#{ext}").each do |bin|
-        target = File.join(meterpreter_dest, File.basename(bin))
+      Dir.glob("#{f}/**/*.#{ext}").each do |bin|
+        f_path = ::Pathname.new(f)
+        bin_path = ::Pathname.new(bin)
+        target = File.join(meterpreter_dest, bin_path.relative_path_from(f_path))
         print("Copying: #{bin} -> #{target}\n")
-        contents = ::File.binread(::File.expand_path(bin))
+        contents = ::File.binread(bin_path)
         encrypted_contents = ::MetasploitPayloads::Crypto.encrypt(plaintext: contents)
-        ::File.binwrite(::File.expand_path(target), encrypted_contents)
+        output = ::Pathname.new(::File.expand_path(target))
+        ::FileUtils.mkdir_p(output.dirname) unless output.dirname.exist?
+        ::File.binwrite(output, encrypted_contents)
       end
     end
   end
@@ -64,6 +89,8 @@ end
 task :create_dir do
   Dir.mkdir(dest) unless Dir.exist?(dest)
   Dir.mkdir(meterpreter_dest) unless Dir.exist?(meterpreter_dest)
+  Dir.mkdir(java_dest) unless Dir.exist?(java_dest)
+  Dir.mkdir(android_dest) unless Dir.exist?(android_dest)
 end
 
 task :win_compile do
@@ -83,10 +110,9 @@ task :win_copy do
 end
 
 task :java_copy do
-  copy_files(platform_config[:java], meterpreter_dest)
-  FileUtils.remove_entry_secure('./java', :force => true)
-  FileUtils.cp_r('../java/output/data/android', dest)
-  FileUtils.cp_r('../java/output/data/java', dest)
+  copy_files(platform_config[:java_meterpreter], meterpreter_dest)
+  copy_files(platform_config[:java_output], java_dest)
+  copy_files(platform_config[:android], android_dest)
 end
 
 task :php_copy do