2012-06-29 05:18:28 +00:00
|
|
|
# -*- coding: binary -*-
|
2010-08-25 20:55:37 +00:00
|
|
|
|
2011-05-12 20:03:55 +00:00
|
|
|
require 'rex/exploitation/egghunter'
|
2005-11-26 02:34:39 +00:00
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
2010-08-25 20:55:37 +00:00
|
|
|
#
|
2010-05-26 15:38:13 +00:00
|
|
|
# This mixin provides an interface to generating egghunters for various
|
2005-11-26 02:34:39 +00:00
|
|
|
# platforms using the Rex::Exploitation::Egghunter class.
|
|
|
|
#
|
2010-08-25 20:55:37 +00:00
|
|
|
# Originally written by skape
|
|
|
|
# BadChar support added by David Rude
|
|
|
|
# Updated to take the payload and options by Joshua J. Drake
|
|
|
|
#
|
2005-11-26 02:34:39 +00:00
|
|
|
###
|
|
|
|
module Exploit::Egghunter
|
|
|
|
|
|
|
|
#
|
|
|
|
# Creates an instance of an exploit that uses an Egghunter overwrite.
|
|
|
|
#
|
|
|
|
def initialize(info = {})
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
|
2010-08-25 20:55:37 +00:00
|
|
|
#
|
2005-11-26 02:34:39 +00:00
|
|
|
# Generates an egghunter stub based on the current target's architecture
|
|
|
|
# and operating system.
|
|
|
|
#
|
2010-08-25 20:55:37 +00:00
|
|
|
def generate_egghunter(payload, badchars = nil, opts = {})
|
2007-02-18 12:08:11 +00:00
|
|
|
# Prefer the target's platform/architecture information, but use
|
|
|
|
# the module's if no target specific information exists
|
|
|
|
los = target_platform
|
|
|
|
larch = target_arch || ARCH_X86
|
2006-06-23 06:20:52 +00:00
|
|
|
|
2007-02-18 12:08:11 +00:00
|
|
|
# If we found a platform list, then take the first platform
|
|
|
|
los = los.names[0] if (los.kind_of?(Msf::Module::PlatformList))
|
|
|
|
|
2007-10-02 03:24:21 +00:00
|
|
|
# Use the first architecture if one was specified
|
|
|
|
larch = larch[0] if (larch.kind_of?(Array))
|
|
|
|
|
2007-02-18 12:08:11 +00:00
|
|
|
if los.nil?
|
|
|
|
raise RuntimeError, "No platform restrictions were specified -- cannot select egghunter"
|
|
|
|
end
|
2010-08-25 20:55:37 +00:00
|
|
|
|
|
|
|
badchars ||= payload_badchars
|
|
|
|
|
2007-02-18 12:08:11 +00:00
|
|
|
egg = Rex::Exploitation::Egghunter.new(los, larch)
|
2010-08-25 20:55:37 +00:00
|
|
|
bunny = egg.generate(payload, payload_badchars, opts)
|
|
|
|
|
2005-11-26 02:34:39 +00:00
|
|
|
if (bunny.nil?)
|
|
|
|
print_error("The egghunter could not be generated")
|
|
|
|
raise ArgumentError
|
|
|
|
end
|
2010-08-25 20:55:37 +00:00
|
|
|
|
2005-11-26 02:34:39 +00:00
|
|
|
return bunny
|
|
|
|
end
|
|
|
|
|
2010-08-25 20:55:37 +00:00
|
|
|
#
|
|
|
|
# Set the wfs_delay setting for all exploits using the Egghunter
|
|
|
|
#
|
|
|
|
def wfs_delay
|
|
|
|
30
|
|
|
|
end
|
|
|
|
|
2005-11-26 02:34:39 +00:00
|
|
|
end
|
|
|
|
|
2010-08-22 20:19:19 +00:00
|
|
|
end
|