From da91209fb219d14e2f85863a95fdfafe3d3b4ea3 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Wed, 3 Dec 2025 17:04:16 -0500 Subject: [PATCH 1/4] Update metasploit-payloads gem to 2.0.238 Includes changes from: * rapid7/metasploit-payloads#786 --- Gemfile.lock | 4 ++-- LICENSE_GEMS | 2 +- metasploit-framework.gemspec | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index da2ab98c10a39..c2d36b1dd6752 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -46,7 +46,7 @@ PATH metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.237) + metasploit-payloads (= 2.0.238) metasploit_data_models (>= 6.0.7) metasploit_payloads-mettle (= 1.0.45) mqtt @@ -352,7 +352,7 @@ GEM drb mutex_m railties (~> 7.0) - metasploit-payloads (2.0.237) + metasploit-payloads (2.0.238) metasploit_data_models (6.0.9) activerecord (~> 7.0) activesupport (~> 7.0) diff --git a/LICENSE_GEMS b/LICENSE_GEMS index 8c906a9452365..b3239bce497d0 100644 --- a/LICENSE_GEMS +++ b/LICENSE_GEMS @@ -99,7 +99,7 @@ metasploit-concern, 5.0.5, "New BSD" metasploit-credential, 6.0.19, "New BSD" metasploit-framework, 6.4.101, "New BSD" metasploit-model, 5.0.4, "New BSD" -metasploit-payloads, 2.0.237, "3-clause (or ""modified"") BSD" +metasploit-payloads, 2.0.238, "3-clause (or ""modified"") BSD" metasploit_data_models, 6.0.9, "New BSD" metasploit_payloads-mettle, 1.0.45, "3-clause (or ""modified"") BSD" method_source, 1.1.0, MIT diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index d4e9c79feebf9..dd86fdd11f55e 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -74,7 +74,7 @@ Gem::Specification.new do |spec| # are needed when there's no database spec.add_runtime_dependency 'metasploit-model' # Needed for Meterpreter - spec.add_runtime_dependency 'metasploit-payloads', '2.0.237' + spec.add_runtime_dependency 'metasploit-payloads', '2.0.238' # Needed for the next-generation POSIX Meterpreter spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.45' # Needed by msfgui and other rpc components From bd29915a453f3fff18a8aac12c46719f5b28f105 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Thu, 4 Dec 2025 10:44:10 -0500 Subject: [PATCH 2/4] Add the socket extension for PHP --- .github/workflows/shared_meterpreter_acceptance.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/shared_meterpreter_acceptance.yml b/.github/workflows/shared_meterpreter_acceptance.yml index 956d5fd4b0728..03da93ad3247c 100644 --- a/.github/workflows/shared_meterpreter_acceptance.yml +++ b/.github/workflows/shared_meterpreter_acceptance.yml @@ -117,6 +117,7 @@ jobs: with: php-version: ${{ matrix.meterpreter.runtime_version }} tools: none + extensions: sockets - name: Set up Python if: ${{ matrix.meterpreter.name == 'python' }} From 205bb0f7f67e6abf77253d600ea60030d24c1629 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Thu, 4 Dec 2025 14:54:45 -0500 Subject: [PATCH 3/4] Point to my payload fork for testing --- .github/workflows/shared_meterpreter_acceptance.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/shared_meterpreter_acceptance.yml b/.github/workflows/shared_meterpreter_acceptance.yml index 03da93ad3247c..25af48baf2f5e 100644 --- a/.github/workflows/shared_meterpreter_acceptance.yml +++ b/.github/workflows/shared_meterpreter_acceptance.yml @@ -42,9 +42,9 @@ jobs: - name: Checkout metasploit-payloads uses: actions/checkout@v4 with: - repository: rapid7/metasploit-payloads + repository: zeroSteiner/metasploit-payloads path: metasploit-payloads - ref: ${{ inputs.metasploit_payloads_commit }} + ref: fix/met/php-udp-sockets-2 - name: Build Meterpreter payloads run: | @@ -256,9 +256,9 @@ jobs: if: ${{ inputs.build_metasploit_payloads && matrix.meterpreter.name != 'mettle' }} uses: actions/checkout@v4 with: - repository: rapid7/metasploit-payloads + repository: zeroSteiner/metasploit-payloads path: metasploit-payloads - ref: ${{ inputs.metasploit_payloads_commit }} + ref: fix/met/php-udp-sockets-2 - name: Build Windows payloads via Visual Studio 2019 Build (Windows) shell: cmd From 8fa1c945d92f4eb033e45dc79efd07012a45706f Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 5 Dec 2025 14:35:04 -0500 Subject: [PATCH 4/4] Update PHP testing setup --- .github/workflows/shared_meterpreter_acceptance.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/shared_meterpreter_acceptance.yml b/.github/workflows/shared_meterpreter_acceptance.yml index 25af48baf2f5e..cfa4bc5cb68a1 100644 --- a/.github/workflows/shared_meterpreter_acceptance.yml +++ b/.github/workflows/shared_meterpreter_acceptance.yml @@ -67,7 +67,7 @@ jobs: fail-fast: false matrix: os: - - macos-13 + - macos-14 - windows-2022 - ubuntu-latest ruby: @@ -112,7 +112,7 @@ jobs: if: runner.os == 'Linux' run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz - - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 + - uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 if: ${{ matrix.meterpreter.name == 'php' }} with: php-version: ${{ matrix.meterpreter.runtime_version }} @@ -193,10 +193,14 @@ jobs: ref: ${{ inputs.metasploit_framework_commit }} # https://github.com/orgs/community/discussions/26952 - - name: Support longpaths + - name: Support longpaths when running on Windows if: runner.os == 'Windows' run: git config --system core.longpaths true + - name: Install PostgreSQL client libraries when running on MacOS + if: runner.os == 'macos' + run: brew install postgresql + - name: Setup Ruby env: # Introduces flakiness when downloading zlib etc: https://github.com/sparklemotion/nokogiri/issues/3521