rapid7 · cgranleese-r7 · Oct 18, 2023 · Jan 9, 2025
diff --git a/.github/workflows/shared_meterpreter_acceptance.yml b/.github/workflows/shared_meterpreter_acceptance.yml
@@ -30,37 +30,38 @@ on:
         type: boolean
 
 jobs:
-  # Compile Java Meterpreter via docker if required, we can't always do this on the
+  # Compile the Meterpreter payloads via docker if required, we can't always do this on the
   # host environment (i.e. for macos). So it instead gets compiled first on a linux
   # host, then the artifacts are copied back to the host later
-  java_meterpreter_compilation:
-    name: Compile Java Meterpreter
+  meterpreter_compilation:
+    name: Compile Meterpreter
     runs-on: ubuntu-latest
     if: ${{ inputs.build_metasploit_payloads }}
 
     steps:
       - name: Checkout metasploit-payloads
         uses: actions/checkout@v4
         with:
-          repository: rapid7/metasploit-payloads
+          repository: cgranleese-r7/metasploit-payloads
           path: metasploit-payloads
-          ref: ${{ inputs.metasploit_payloads_commit }}
+          ref: meterpreter-resolve-multiple-hosts
 
-      - name: Build Java and Android payloads
+      - name: Build Meterpreter payloads
         run: |
-          mkdir $(pwd)/java-artifacts
-          docker run --rm -w "$(pwd)" -v "$(pwd):$(pwd)" rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "set -x && cd metasploit-payloads/java && mvn package -Dandroid.sdk.path=/usr/local/android-sdk -Dandroid.release=true -Ddeploy.path=../../java-artifacts -Dmaven.test.skip=true -P deploy && mvn -Dmaven.test.skip=true -Ddeploy.path=../../java-artifacts -P deploy package"
+          mkdir $(pwd)/meterpreter-artifacts
+          docker run --rm -w $(pwd) -v $(pwd):$(pwd) rapid7/msf-ubuntu-x64-meterpreter:latest /bin/bash -c "cd metasploit-payloads/gem && rake create_dir && rake win_copy && rake php_prep && rake java_prep && rake python_prep && rake create_manifest && rake build"
+          cp $(pwd)/metasploit-payloads/gem/pkg/metasploit-payloads-* $(pwd)/meterpreter-artifacts
 
-      - name: Store Java artifacts
+      - name: Store Meterpreter artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: java-artifacts
-          path: java-artifacts
+          name: meterpreter-artifacts
+          path: meterpreter-artifacts
 
   # Run all test individually, note there is a separate final job for aggregating the test results
   test:
-    needs: java_meterpreter_compilation
-    if: always() && (needs.java_meterpreter_compilation.result == 'success' || needs.java_meterpreter_compilation.result == 'skipped')
+    needs: meterpreter_compilation
+    if: always() && (needs.meterpreter_compilation.result == 'success' || needs.meterpreter_compilation.result == 'skipped')
 
     strategy:
       fail-fast: false
@@ -185,9 +186,9 @@ jobs:
       - name: Checkout metasploit-framework commit
         uses: actions/checkout@v4
         with:
-          repository: rapid7/metasploit-framework
+          repository: cgranleese-r7/metasploit-framework
           path: metasploit-framework
-          ref: ${{ inputs.metasploit_framework_commit }}
+          ref: meterpreter-resolve-multiple-hosts
 
       - name: Setup Ruby
         env:
@@ -208,28 +209,28 @@ jobs:
         working-directory: metasploit-framework
 
       - uses: actions/download-artifact@v4
-        name: Download Java meterpreter
-        id: download_java_meterpreter
-        if: ${{ matrix.meterpreter.name == 'java' && inputs.build_metasploit_payloads }}
+        name: Download Meterpreter
+        id: download_meterpreter
+        if: ${{ matrix.meterpreter.name != 'mettle' && inputs.build_metasploit_payloads }}
         with:
           # Note: Not specifying a name will download all artifacts from the previous workflow jobs
           path: raw-data
 
-      - name: Extract Java Meterpreter (Unix)
-        if: ${{ matrix.meterpreter.name == 'java' && runner.os != 'Windows' && inputs.build_metasploit_payloads }}
+      - name: Extract Meterpreter (Unix)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os != 'Windows' && inputs.build_metasploit_payloads }}
         shell: bash
         run: |
           set -x
-          download_path=${{steps.download_java_meterpreter.outputs.download-path}}
-          cp -r  $download_path/java-artifacts/data/* ./metasploit-framework/data
+          download_path=${{steps.download_meterpreter.outputs.download-path}}
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework
 
-      - name: Extract Java Meterpreter (Windows)
-        if: ${{ matrix.meterpreter.name == 'java' && runner.os == 'Windows' && inputs.build_metasploit_payloads }}
+      - name: Extract Meterpreter (Windows)
+        if: ${{ matrix.meterpreter.name != 'mettle' && runner.os == 'Windows' && inputs.build_metasploit_payloads }}
         shell: bash
         run: |
           set -x
-          download_path=$(cygpath -u '${{steps.download_java_meterpreter.outputs.download-path}}')
-          cp -r  $download_path/java-artifacts/data/* ./metasploit-framework/data
+          download_path=$(cygpath -u '${{steps.download_meterpreter.outputs.download-path}}')
+          cp -r  $download_path/meterpreter-artifacts/* ./metasploit-framework
 
       - name: Install mettle gem
         if: ${{ matrix.meterpreter.name == 'mettle' && inputs.build_mettle }}
@@ -246,60 +247,26 @@ jobs:
         if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
         uses: actions/checkout@v4
         with:
-          repository: rapid7/metasploit-payloads
+          repository: cgranleese-r7/metasploit-payloads
           path: metasploit-payloads
-          ref: ${{ inputs.metasploit_payloads_commit }}
+          ref: meterpreter-resolve-multiple-hosts
 
       - name: Get metasploit-payloads version
         if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
         shell: bash
         run: echo "METASPLOIT_PAYLOADS_VERSION=$(ruby -ne "puts Regexp.last_match(1) if /VERSION\s+=\s+'([^']+)'/" gem/lib/metasploit-payloads/version.rb)" | tee -a $GITHUB_ENV
         working-directory: metasploit-payloads
 
-      - name: Build metasploit-payloads gem
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        run: gem build ./gem/metasploit-payloads.gemspec
-        working-directory: metasploit-payloads
-
-      - name: Copy metasploit-payloads gem into metasploit-framework
-        if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
-        shell: bash
-        run: cp ../metasploit-payloads/metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem .
-        working-directory: metasploit-framework
-
       - name: Install metasploit-payloads gem
         if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }}
         run: |
           bundle exec gem install metasploit-payloads-${{ env.METASPLOIT_PAYLOADS_VERSION }}.gem
+          ruby -pi.bak -e "gsub(/'metasploit-payloads', '.*'/, '\'metasploit-payloads\'')" metasploit-framework.gemspec
           bundle config unset deployment
           bundle update metasploit-payloads
           bundle install
         working-directory: metasploit-framework
 
-      - name: Build Windows payloads via Visual Studio 2019 Build (Windows)
-        shell: cmd
-        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2019' && inputs.build_metasploit_payloads }}
-        run: |
-          cd c/meterpreter
-          git submodule init && git submodule update
-          "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" && make.bat
-        working-directory: metasploit-payloads
-
-      - name: Build Windows payloads via Visual Studio 2022 Build (Windows)
-        shell: cmd
-        if: ${{ matrix.meterpreter.name == 'windows_meterpreter' && matrix.os == 'windows-2022' && inputs.build_metasploit_payloads }}
-        run: |
-          cd c/meterpreter
-          git submodule init && git submodule update
-          make.bat
-        working-directory: metasploit-payloads
-
-      - name: Build PHP, Python and Windows payloads
-        if: ${{ (matrix.meterpreter.name == 'php' || matrix.meterpreter.name == 'python' || runner.os == 'Windows') && inputs.build_metasploit_payloads }}
-        run: |
-          make install-php install-python install-windows
-        working-directory: metasploit-payloads
-
       - name: Acceptance
         env:
           SPEC_HELPER_LOAD_METASPLOIT: false

diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb
@@ -31,19 +31,30 @@ def initialize(client)
     self.client = client
   end
 
-  def resolve_host(hostname, family=AF_INET)
+  def resolve_host(hostname, family = AF_INET)
     request = Packet.create_request(COMMAND_ID_STDAPI_NET_RESOLVE_HOST)
     request.add_tlv(TLV_TYPE_HOST_NAME, hostname)
     request.add_tlv(TLV_TYPE_ADDR_TYPE, family)
 
     response = client.send_request(request)
 
-    raw = response.get_tlv_value(TLV_TYPE_IP)
+    ips = []
+    if response.has_tlv?(TLV_TYPE_RESOLVE_HOST_ENTRY)
+      response.each(TLV_TYPE_RESOLVE_HOST_ENTRY) do |tlv|
+        tlv.each(TLV_TYPE_IP) do |ip|
+          ips << raw_to_host_ip_pair(hostname, ip.value)[:ip]
+        end
+      end
+    elsif response.has_tlv?(TLV_TYPE_IP)
+      ip = response.get_tlv_value(TLV_TYPE_IP)
+      ips << raw_to_host_ip_pair(hostname, ip)[:ip]
+    end
 
-    return raw_to_host_ip_pair(hostname, raw)
+    { hostname: hostname, ip: ips.first, ips: ips }
   end
 
-  def resolve_hosts(hostnames, family=AF_INET)
+  def resolve_hosts(hostnames, family = AF_INET)
+    result = []
     request = Packet.create_request(COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS)
     request.add_tlv(TLV_TYPE_ADDR_TYPE, family)
 
@@ -53,21 +64,22 @@ def resolve_hosts(hostnames, family=AF_INET)
 
     response = client.send_request(request)
 
-    hosts = []
-    raws = []
-
-    response.each(TLV_TYPE_IP) do |raw|
-      raws << raw
-    end
-
-    0.upto(hostnames.length - 1) do |i|
-      raw = raws[i]
-      host = hostnames[i]
-
-      hosts << raw_to_host_ip_pair(host, raw&.value)
+    if response.has_tlv?(TLV_TYPE_RESOLVE_HOST_ENTRY)
+      response.each_with_index(TLV_TYPE_RESOLVE_HOST_ENTRY) do |tlv, index|
+        ips = []
+        tlv.each(TLV_TYPE_IP) do |ip|
+          ips << raw_to_host_ip_pair(hostnames[index], ip.value)[:ip]
+        end
+        result << { hostname: hostnames[index], ip: ips.first, ips: ips }
+      end
+    elsif response.has_tlv?(TLV_TYPE_IP)
+      response.each_with_index(TLV_TYPE_IP) do |tlv, index|
+        ips = [raw_to_host_ip_pair(hostnames[index], tlv.value)[:ip]]
+        result << { hostname: hostnames[index], ip: ips.first, ips: ips }
+      end
     end
 
-    return hosts
+    result
   end
 
   def raw_to_host_ip_pair(host, raw)

diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -105,6 +105,9 @@ module Stdapi
 
 TLV_TYPE_SHUTDOWN_HOW       = TLV_META_TYPE_UINT    | 1530
 
+# Resolve hosts/host
+TLV_TYPE_RESOLVE_HOST_ENTRY = TLV_META_TYPE_GROUP   | 1550
+
 ##
 #
 # Sys
@@ -293,4 +296,3 @@ module Stdapi
 TLV_TYPE_AUDIO_INTERFACE_NAME = TLV_META_TYPE_STRING  | (TLV_EXTENSIONS + 13)
 
 end; end; end; end; end
-