2012-10-01 22:09:01 +00:00
|
|
|
# -*- coding: binary -*-
|
|
|
|
require 'rex/exploitation/ropdb'
|
|
|
|
|
|
|
|
##
|
|
|
|
#
|
|
|
|
# This mixin provides an interface to selecting a ROP chain, or creating a payload with
|
|
|
|
# ROP using the Rex::Exploitation::RopDb class.
|
|
|
|
#
|
|
|
|
##
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
module Exploit::RopDb
|
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
def initialize(info = {})
|
|
|
|
@rop_db = Rex::Exploitation::RopDb.new
|
|
|
|
super
|
|
|
|
end
|
2012-10-01 22:09:01 +00:00
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
def has_rop?(rop)
|
|
|
|
@rop_db.has_rop?(rop)
|
|
|
|
end
|
2012-10-01 22:09:01 +00:00
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
def select_rop(rop, opts={})
|
|
|
|
rop = @rop_db.select_rop(rop, opts)
|
|
|
|
return rop
|
|
|
|
end
|
2012-10-01 22:09:01 +00:00
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
def generate_rop_payload(rop, payload, opts={})
|
|
|
|
opts['badchars'] ||= payload_badchars
|
|
|
|
rop_payload = @rop_db.generate_rop_payload(rop, payload, opts)
|
|
|
|
return rop_payload
|
|
|
|
end
|
2012-10-01 22:09:01 +00:00
|
|
|
|
2013-11-06 07:04:33 +00:00
|
|
|
def rop_junk
|
|
|
|
rand_text_alpha(4).unpack("V")[0].to_i
|
|
|
|
end
|
|
|
|
|
|
|
|
def rop_nop
|
|
|
|
make_nops(4).unpack("V")[0].to_i
|
|
|
|
end
|
|
|
|
|
2012-10-01 22:27:00 +00:00
|
|
|
end
|
2012-10-01 22:09:01 +00:00
|
|
|
end
|