2010-09-21 00:13:30 +00:00
|
|
|
##
|
|
|
|
|
# $Id$
|
|
|
|
|
##
|
|
|
|
|
|
2011-05-12 20:03:55 +00:00
|
|
|
require 'rex/parser/arguments'
|
2005-07-10 10:08:10 +00:00
|
|
|
|
2005-07-10 07:15:20 +00:00
|
|
|
module Msf
|
|
|
|
|
module Ui
|
|
|
|
|
module Console
|
|
|
|
|
module CommandDispatcher
|
|
|
|
|
|
2005-11-15 15:11:43 +00:00
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# Payload module command dispatcher.
|
|
|
|
|
#
|
|
|
|
|
###
|
2005-07-10 07:15:20 +00:00
|
|
|
class Payload
|
|
|
|
|
|
2005-07-14 20:36:34 +00:00
|
|
|
include Msf::Ui::Console::ModuleCommandDispatcher
|
|
|
|
|
|
2010-09-21 00:13:30 +00:00
|
|
|
# Load supported formats
|
|
|
|
|
supported_formats = Msf::Simple::Buffer.transform_formats + Msf::Util::EXE.to_executable_fmt_formats
|
|
|
|
|
|
2005-07-10 10:08:10 +00:00
|
|
|
@@generate_opts = Rex::Parser::Arguments.new(
|
2005-07-14 06:34:58 +00:00
|
|
|
"-b" => [ true, "The list of characters to avoid: '\\x00\\xff'" ],
|
2010-07-23 20:22:36 +00:00
|
|
|
"-E" => [ false, "Force encoding." ],
|
2005-07-10 19:21:40 +00:00
|
|
|
"-e" => [ true, "The name of the encoder module to use." ],
|
2005-07-14 06:34:58 +00:00
|
|
|
"-h" => [ false, "Help banner." ],
|
|
|
|
|
"-o" => [ true, "A comma separated list of options in VAR=VAL format." ],
|
2005-07-13 21:09:07 +00:00
|
|
|
"-s" => [ true, "NOP sled length." ],
|
2008-01-25 23:24:06 +00:00
|
|
|
"-f" => [ true, "The output file name (otherwise stdout)" ],
|
2010-09-21 00:13:30 +00:00
|
|
|
"-t" => [ true, "The output format: #{supported_formats.join(',')}" ],
|
2010-07-23 20:22:36 +00:00
|
|
|
"-p" => [ true, "The Platform for output." ],
|
|
|
|
|
"-k" => [ false, "Keep the template executable functional" ],
|
|
|
|
|
"-x" => [ true, "The executable template to use" ],
|
|
|
|
|
"-i" => [ true, "the number of encoding iterations." ])
|
2005-07-10 10:08:10 +00:00
|
|
|
|
2005-11-15 15:11:43 +00:00
|
|
|
#
|
|
|
|
|
# Returns the hash of commands specific to payload modules.
|
|
|
|
|
#
|
2005-07-10 10:08:10 +00:00
|
|
|
def commands
|
2011-01-28 03:29:20 +00:00
|
|
|
super.update({
|
2011-11-20 01:32:06 +00:00
|
|
|
"generate" => "Generates a payload",
|
2011-01-28 03:29:20 +00:00
|
|
|
})
|
2005-07-10 10:08:10 +00:00
|
|
|
end
|
|
|
|
|
|
2005-11-15 15:11:43 +00:00
|
|
|
#
|
|
|
|
|
# Returns the command dispatcher name.
|
|
|
|
|
#
|
2005-07-14 20:18:36 +00:00
|
|
|
def name
|
|
|
|
|
return "Payload"
|
|
|
|
|
end
|
|
|
|
|
|
2005-07-10 10:08:10 +00:00
|
|
|
#
|
2005-11-15 15:11:43 +00:00
|
|
|
# Generates a payload.
|
2005-07-10 10:08:10 +00:00
|
|
|
#
|
2005-07-14 06:34:58 +00:00
|
|
|
def cmd_generate(*args)
|
2005-07-10 10:08:10 +00:00
|
|
|
|
|
|
|
|
# Parse the arguments
|
|
|
|
|
encoder_name = nil
|
2005-07-13 21:09:07 +00:00
|
|
|
sled_size = nil
|
2005-07-10 19:21:40 +00:00
|
|
|
option_str = nil
|
2005-07-10 10:08:10 +00:00
|
|
|
badchars = nil
|
|
|
|
|
type = "ruby"
|
2008-01-25 23:24:06 +00:00
|
|
|
ofile = nil
|
2010-07-23 20:22:36 +00:00
|
|
|
iter = 1
|
|
|
|
|
force = nil
|
|
|
|
|
template = nil
|
|
|
|
|
plat = nil
|
|
|
|
|
keep = false
|
2011-11-20 01:32:06 +00:00
|
|
|
|
2005-07-10 10:08:10 +00:00
|
|
|
@@generate_opts.parse(args) { |opt, idx, val|
|
|
|
|
|
case opt
|
|
|
|
|
when '-b'
|
2005-07-13 23:01:34 +00:00
|
|
|
badchars = Rex::Text.hex_to_raw(val)
|
2005-07-10 10:08:10 +00:00
|
|
|
when '-e'
|
|
|
|
|
encoder_name = val
|
2010-07-23 20:22:36 +00:00
|
|
|
when '-E'
|
|
|
|
|
force = true
|
2005-07-10 19:21:40 +00:00
|
|
|
when '-o'
|
|
|
|
|
option_str = val
|
2005-07-13 21:09:07 +00:00
|
|
|
when '-s'
|
|
|
|
|
sled_size = val.to_i
|
2005-07-14 22:45:10 +00:00
|
|
|
when '-t'
|
|
|
|
|
type = val
|
2008-01-25 23:24:06 +00:00
|
|
|
when '-f'
|
|
|
|
|
ofile = val
|
2010-07-23 20:22:36 +00:00
|
|
|
when '-i'
|
|
|
|
|
iter = val
|
|
|
|
|
when '-k'
|
|
|
|
|
keep = true
|
|
|
|
|
when '-p'
|
|
|
|
|
plat = val
|
|
|
|
|
when '-x'
|
|
|
|
|
template = val
|
2005-07-10 10:08:10 +00:00
|
|
|
when '-h'
|
2005-07-10 19:21:40 +00:00
|
|
|
print(
|
|
|
|
|
"Usage: generate [options]\n\n" +
|
|
|
|
|
"Generates a payload.\n" +
|
|
|
|
|
@@generate_opts.usage)
|
2005-07-10 10:08:10 +00:00
|
|
|
return true
|
|
|
|
|
end
|
|
|
|
|
}
|
2008-05-19 23:56:17 +00:00
|
|
|
if (encoder_name.nil? and mod.datastore['ENCODER'])
|
|
|
|
|
encoder_name = mod.datastore['ENCODER']
|
|
|
|
|
end
|
|
|
|
|
|
2005-07-10 10:08:10 +00:00
|
|
|
|
2005-07-10 10:41:11 +00:00
|
|
|
# Generate the payload
|
2005-07-10 10:08:10 +00:00
|
|
|
begin
|
2005-07-14 06:34:58 +00:00
|
|
|
buf = mod.generate_simple(
|
2005-07-13 21:09:07 +00:00
|
|
|
'BadChars' => badchars,
|
|
|
|
|
'Encoder' => encoder_name,
|
|
|
|
|
'Format' => type,
|
|
|
|
|
'NopSledSize' => sled_size,
|
2010-07-23 20:22:36 +00:00
|
|
|
'OptionStr' => option_str,
|
|
|
|
|
'ForceEncode' => force,
|
|
|
|
|
'Template' => template,
|
|
|
|
|
'Platform' => plat,
|
|
|
|
|
'KeepTemplateWorking' => keep,
|
|
|
|
|
'Iterations' => iter)
|
2005-07-10 10:08:10 +00:00
|
|
|
rescue
|
2005-07-14 07:32:11 +00:00
|
|
|
log_error("Payload generation failed: #{$!}")
|
2005-07-10 10:08:10 +00:00
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
2008-01-25 23:24:06 +00:00
|
|
|
if(not ofile)
|
|
|
|
|
# Display generated payload
|
|
|
|
|
print(buf)
|
|
|
|
|
else
|
|
|
|
|
print_status("Writing #{buf.length} bytes to #{ofile}...")
|
|
|
|
|
fd = File.open(ofile, "wb")
|
|
|
|
|
fd.write(buf)
|
|
|
|
|
fd.close
|
|
|
|
|
end
|
2005-07-10 10:08:10 +00:00
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
2005-07-10 07:15:20 +00:00
|
|
|
end
|
|
|
|
|
|
2010-07-23 20:22:36 +00:00
|
|
|
end end end end
|
