Move the crypto code into the Python Meterpreter by zeroSteiner · Pull Request #775 · rapid7/metasploit-payloads

zeroSteiner · 2025-10-06T21:28:49Z

This ensures that the crypto functionality is present without needing to be patched in by framework. This should also ensure that line numbers are correct for uncaught stack traces that occur early in the init process because multiple lines are no longer being patched in.

Once this is in place, the Framework side of things can have its code removed because it'll all live here in the payloads directory.

Testing

Test that a session can be initialized with each of the supported Python versions:

This ensures that the crypto functionality is present without needing to be patched in by framework. It also means that line numbers are correct in the debugging output.

dledda-r7 · 2025-10-07T19:58:30Z

python 2.6

[*] Starting interaction with 3...

meterpreter > sysinfo
Computer     : 83638ad302f3
OS           : Linux 6.12.38+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.12.38-1kali1 (2025-08-12)
Architecture : x64
Meterpreter  : python/linux
meterpreter > ls
Listing: /
==========

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
100755/rwxr-xr-x  0      fil   2025-10-07 15:56:05 -0400  .dockerenv
040755/rwxr-xr-x  12288  dir   2025-10-03 17:33:13 -0400  bin
040755/rwxr-xr-x  4096   dir   2024-04-22 09:08:03 -0400  boot
040755/rwxr-xr-x  360    dir   2025-10-07 15:56:05 -0400  dev
040755/rwxr-xr-x  4096   dir   2025-10-07 15:56:05 -0400  etc
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:29 -0400  home
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:13 -0400  lib
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:14 -0400  lib64
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  media
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  mnt
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  opt
040555/r-xr-xr-x  0      dir   2025-10-07 15:56:05 -0400  proc
040700/rwx------  4096   dir   2025-10-06 15:57:53 -0400  root
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:12 -0400  run
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:48 -0400  sbin
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  srv
040555/r-xr-xr-x  0      dir   2025-10-07 15:56:05 -0400  sys
041777/rwxrwxrwx  4096   dir   2025-10-06 15:59:41 -0400  tmp
040755/rwxr-xr-x  4096   dir   2025-10-03 17:36:58 -0400  usr
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:21 -0400  var

meterpreter >

python 2.7

msf payload(python/meterpreter/reverse_tcp) > sessions -i -1WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/meterpreter.py is being used

[*] Sending stage (23404 bytes) to 172.17.0.2
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 4 opened (192.168.136.136:4444 -> 172.17.0.2:55380) at 2025-10-07 15:59:54 -0400

[*] Starting interaction with 4...

meterpreter > sysinfo
Computer     : 83638ad302f3
OS           : Linux 6.12.38+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.12.38-1kali1 (2025-08-12)
Architecture : x64
Meterpreter  : python/linux
meterpreter > ls
Listing: /
==========

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
100755/rwxr-xr-x  0      fil   2025-10-07 15:56:05 -0400  .dockerenv
040755/rwxr-xr-x  12288  dir   2025-10-03 17:33:13 -0400  bin
040755/rwxr-xr-x  4096   dir   2024-04-22 09:08:03 -0400  boot
040755/rwxr-xr-x  360    dir   2025-10-07 15:56:05 -0400  dev
040755/rwxr-xr-x  4096   dir   2025-10-07 15:56:05 -0400  etc
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:29 -0400  home
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:13 -0400  lib
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:14 -0400  lib64
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  media
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  mnt
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  opt
040555/r-xr-xr-x  0      dir   2025-10-07 15:56:05 -0400  proc
040700/rwx------  4096   dir   2025-10-06 15:57:53 -0400  root
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:12 -0400  run
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:48 -0400  sbin
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  srv
040555/r-xr-xr-x  0      dir   2025-10-07 15:56:05 -0400  sys
041777/rwxrwxrwx  4096   dir   2025-10-06 15:59:41 -0400  tmp
040755/rwxr-xr-x  4096   dir   2025-10-03 17:36:58 -0400  usr
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:21 -0400  var

meterpreter >

python 3.1

msf payload(python/meterpreter/reverse_tcp) > WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/meterpreter.py is being used

[*] Sending stage (23404 bytes) to 172.17.0.2
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 5 opened (192.168.136.136:4444 -> 172.17.0.2:59568) at 2025-10-07 16:02:19 -0400

msf payload(python/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 5...

meterpreter > sysinfo
Computer     : 723a3a33b27a
OS           : Linux 6.12.38+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.12.38-1kali1 (2025-08-12)
Architecture : x64
Meterpreter  : python/linux
meterpreter > ls
Listing: /
==========

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
100755/rwxr-xr-x  0      fil   2025-10-07 16:01:39 -0400  .dockerenv
040755/rwxr-xr-x  12288  dir   2025-10-03 17:33:13 -0400  bin
040755/rwxr-xr-x  4096   dir   2024-04-22 09:08:03 -0400  boot
040755/rwxr-xr-x  360    dir   2025-10-07 16:01:39 -0400  dev
040755/rwxr-xr-x  4096   dir   2025-10-07 16:01:39 -0400  etc
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:29 -0400  home
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:13 -0400  lib
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:14 -0400  lib64
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  media
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  mnt
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  opt
040555/r-xr-xr-x  0      dir   2025-10-07 16:01:39 -0400  proc
040700/rwx------  4096   dir   2025-10-06 15:57:53 -0400  root
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:12 -0400  run
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:48 -0400  sbin
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  srv
040555/r-xr-xr-x  0      dir   2025-10-07 16:01:39 -0400  sys
041777/rwxrwxrwx  4096   dir   2025-10-06 15:59:41 -0400  tmp
040755/rwxr-xr-x  4096   dir   2025-10-03 17:36:58 -0400  usr
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:21 -0400  var

meterpreter >

python 3.13.7

msf payload(python/meterpreter/reverse_tcp) > WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/meterpreter.py is being used

[*] Sending stage (23404 bytes) to 172.17.0.2
WARNING: Local file /home/kali/Documents/github/metasploit-framework/data/meterpreter/ext_server_stdapi.py is being used
[*] Meterpreter session 6 opened (192.168.136.136:4444 -> 172.17.0.2:58498) at 2025-10-07 16:04:16 -0400

msf payload(python/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 6...

meterpreter > sysinfo
Computer     : cdf130680bf8
OS           : Linux 6.12.38+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.12.38-1kali1 (2025-08-12)
Architecture : x64
Meterpreter  : python/linux
meterpreter > ls
Listing: /
==========

Mode              Size   Type  Last modified              Name
----              ----   ----  -------------              ----
100755/rwxr-xr-x  0      fil   2025-10-07 16:03:24 -0400  .dockerenv
040755/rwxr-xr-x  12288  dir   2025-10-03 17:33:13 -0400  bin
040755/rwxr-xr-x  4096   dir   2024-04-22 09:08:03 -0400  boot
040755/rwxr-xr-x  360    dir   2025-10-07 16:03:24 -0400  dev
040755/rwxr-xr-x  4096   dir   2025-10-07 16:03:24 -0400  etc
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:29 -0400  home
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:13 -0400  lib
040755/rwxr-xr-x  4096   dir   2025-09-24 22:14:14 -0400  lib64
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  media
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  mnt
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  opt
040555/r-xr-xr-x  0      dir   2025-10-07 16:03:24 -0400  proc
040700/rwx------  4096   dir   2025-10-06 15:57:53 -0400  root
040755/rwxr-xr-x  4096   dir   2025-10-03 17:33:12 -0400  run
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:48 -0400  sbin
040755/rwxr-xr-x  4096   dir   2025-09-24 22:07:53 -0400  srv
040555/r-xr-xr-x  0      dir   2025-10-07 16:03:24 -0400  sys
041777/rwxrwxrwx  4096   dir   2025-10-06 15:59:41 -0400  tmp
040755/rwxr-xr-x  4096   dir   2025-10-03 17:36:58 -0400  usr
040755/rwxr-xr-x  4096   dir   2025-10-03 17:32:21 -0400  var

meterpreter >

zeroSteiner changed the title ~~Move the crypto code into Meterpreter~~ Move the crypto code into the Python Meterpreter Oct 6, 2025

zeroSteiner marked this pull request as ready for review October 6, 2025 21:32

dledda-r7 self-assigned this Oct 7, 2025

zeroSteiner added 2 commits October 7, 2025 15:37

Move the crypto code into Meterpreter

fded9ae

This ensures that the crypto functionality is present without needing to be patched in by framework. It also means that line numbers are correct in the debugging output.

Fix the test

cc628e0

dledda-r7 force-pushed the fix/met/py-embed-crypto branch from b185229 to cc628e0 Compare October 7, 2025 19:38

dledda-r7 merged commit e9db944 into rapid7:master Oct 7, 2025
53 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Move the crypto code into the Python Meterpreter#775

Move the crypto code into the Python Meterpreter#775
dledda-r7 merged 2 commits intorapid7:masterfrom
zeroSteiner:fix/met/py-embed-crypto

zeroSteiner commented Oct 6, 2025 •

edited by dledda-r7

Loading

Uh oh!

dledda-r7 commented Oct 7, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

zeroSteiner commented Oct 6, 2025 • edited by dledda-r7 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Testing

Uh oh!

dledda-r7 commented Oct 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

python 2.6

python 2.7

python 3.1

python 3.13.7

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

zeroSteiner commented Oct 6, 2025 •

edited by dledda-r7

Loading

dledda-r7 commented Oct 7, 2025 •

edited

Loading