2005-12-17 06:46:23 +00:00
|
|
|
#!/usr/bin/env ruby
|
2010-05-03 17:13:09 +00:00
|
|
|
#
|
|
|
|
# $Id$
|
|
|
|
# $Revision$
|
|
|
|
#
|
2005-10-01 09:10:41 +00:00
|
|
|
|
2009-01-30 06:27:10 +00:00
|
|
|
msfbase = __FILE__
|
|
|
|
while File.symlink?(msfbase)
|
|
|
|
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
|
|
|
|
end
|
|
|
|
|
2006-07-31 15:36:08 +00:00
|
|
|
$:.unshift(File.join(File.dirname(msfbase), 'lib'))
|
2008-02-02 21:29:46 +00:00
|
|
|
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
|
2005-10-01 09:10:41 +00:00
|
|
|
|
|
|
|
require 'rex'
|
|
|
|
require 'msf/ui'
|
|
|
|
require 'msf/base'
|
|
|
|
|
|
|
|
#
|
|
|
|
# Dump the list of payloads
|
|
|
|
#
|
|
|
|
def dump_payloads
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Indent' => 4,
|
2005-10-12 05:44:15 +00:00
|
|
|
'Header' => "Framework Payloads (#{$framework.stats.num_payloads} total)",
|
2010-02-18 03:27:29 +00:00
|
|
|
'Columns' =>
|
2005-10-01 09:10:41 +00:00
|
|
|
[
|
|
|
|
"Name",
|
|
|
|
"Description"
|
|
|
|
])
|
|
|
|
|
|
|
|
$framework.payloads.each_module { |name, mod|
|
|
|
|
tbl << [ name, mod.new.description ]
|
|
|
|
}
|
|
|
|
|
|
|
|
"\n" + tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
2005-10-01 21:26:17 +00:00
|
|
|
# Initialize the simplified framework instance.
|
2009-01-02 07:29:56 +00:00
|
|
|
$framework = Msf::Simple::Framework.create(
|
2010-09-18 06:47:59 +00:00
|
|
|
:module_types => [ Msf::MODULE_PAYLOAD, Msf::MODULE_ENCODER, Msf::MODULE_NOP ],
|
|
|
|
'DisableDatabase' => true
|
2009-01-02 07:29:56 +00:00
|
|
|
)
|
|
|
|
|
2005-10-01 09:10:41 +00:00
|
|
|
|
|
|
|
if (ARGV.length <= 1)
|
2010-08-19 18:31:33 +00:00
|
|
|
puts "\n" + " Usage: #{$0} <payload> [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecutable|[D]ll|[V]BA|[W]ar>\n"
|
2005-10-01 09:10:41 +00:00
|
|
|
puts dump_payloads
|
|
|
|
exit
|
|
|
|
end
|
|
|
|
|
|
|
|
# Get the payload name we'll be using
|
|
|
|
payload_name = ARGV.shift
|
2007-02-18 12:27:17 +00:00
|
|
|
|
|
|
|
# Process special var/val pairs...
|
|
|
|
Msf::Ui::Common.process_cli_arguments($framework, ARGV)
|
|
|
|
|
|
|
|
# Create the payload instance
|
|
|
|
payload = $framework.payloads.create(payload_name)
|
2005-10-01 09:10:41 +00:00
|
|
|
|
|
|
|
if (payload == nil)
|
|
|
|
puts "Invalid payload: #{payload_name}"
|
|
|
|
exit
|
|
|
|
end
|
|
|
|
|
|
|
|
# Evalulate the command
|
|
|
|
cmd = ARGV.pop.downcase
|
|
|
|
|
|
|
|
# Populate the framework datastore
|
|
|
|
options = ARGV.join(',')
|
|
|
|
|
2010-09-07 08:29:42 +00:00
|
|
|
if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w)/)
|
2006-07-31 04:05:20 +00:00
|
|
|
fmt = 'perl' if (cmd =~ /^p/)
|
2008-03-05 19:23:01 +00:00
|
|
|
fmt = 'ruby' if (cmd =~ /^y/)
|
2010-08-19 18:31:33 +00:00
|
|
|
fmt = 'raw' if (cmd =~ /^(r|x|d)/)
|
2008-11-12 19:15:24 +00:00
|
|
|
fmt = 'raw' if (cmd =~ /^v/)
|
2006-09-25 11:34:04 +00:00
|
|
|
fmt = 'c' if (cmd == 'c')
|
2006-07-31 04:05:20 +00:00
|
|
|
fmt = 'js_be' if (cmd =~ /^j/ and Rex::Arch.endian(payload.arch) == ENDIAN_BIG)
|
|
|
|
fmt = 'js_le' if (cmd =~ /^j/ and ! fmt)
|
2007-05-07 04:42:11 +00:00
|
|
|
fmt = 'java' if (cmd =~ /^b/)
|
2010-01-14 18:15:15 +00:00
|
|
|
fmt = 'raw' if (cmd =~ /^w/)
|
2007-06-01 20:29:52 +00:00
|
|
|
enc = options['ENCODER']
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2005-10-01 09:10:41 +00:00
|
|
|
begin
|
|
|
|
buf = payload.generate_simple(
|
2006-07-31 04:05:20 +00:00
|
|
|
'Format' => fmt,
|
2007-06-01 20:29:52 +00:00
|
|
|
'OptionStr' => options,
|
|
|
|
'Encoder' => enc)
|
2005-10-01 09:10:41 +00:00
|
|
|
rescue
|
|
|
|
puts "Error generating payload: #{$!}"
|
|
|
|
exit
|
|
|
|
end
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2007-06-16 05:16:13 +00:00
|
|
|
$stdout.binmode
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2006-07-31 04:05:20 +00:00
|
|
|
if (cmd =~ /^x/)
|
2010-02-18 03:27:29 +00:00
|
|
|
note =
|
2006-07-31 04:05:20 +00:00
|
|
|
"Created by msfpayload (http://www.metasploit.com).\n" +
|
|
|
|
"Payload: " + payload.refname + "\n" +
|
|
|
|
" Length: " + buf.length.to_s + "\n" +
|
|
|
|
"Options: " + options + "\n"
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2006-07-31 04:05:20 +00:00
|
|
|
arch = payload.arch
|
|
|
|
plat = payload.platform.platforms
|
2006-11-15 22:04:36 +00:00
|
|
|
|
2009-06-21 15:53:48 +00:00
|
|
|
exe = Msf::Util::EXE.to_executable($framework, arch, plat, buf)
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2011-02-01 16:26:17 +00:00
|
|
|
if(!exe and plat.index(Msf::Module::Platform::Java))
|
|
|
|
exe = payload.generate_jar.pack
|
|
|
|
end
|
|
|
|
|
2009-05-27 13:37:41 +00:00
|
|
|
if(exe)
|
|
|
|
$stderr.puts(note)
|
|
|
|
$stdout.write(exe)
|
|
|
|
exit(0)
|
2007-09-25 01:50:05 +00:00
|
|
|
end
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2006-07-31 04:05:20 +00:00
|
|
|
$stderr.puts "No executable format support for this arch/platform"
|
|
|
|
exit(-1)
|
|
|
|
end
|
2008-11-12 19:15:24 +00:00
|
|
|
|
|
|
|
if(cmd =~ /^v/)
|
2009-06-21 15:53:48 +00:00
|
|
|
exe = Msf::Util::EXE.to_win32pe($framework, buf)
|
2010-02-18 03:27:29 +00:00
|
|
|
note =
|
2008-11-12 19:15:24 +00:00
|
|
|
"'Created by msfpayload (http://www.metasploit.com).\r\n" +
|
|
|
|
"'Payload: " + payload.refname + "\r\n" +
|
|
|
|
"' Length: " + buf.length.to_s + "\r\n" +
|
|
|
|
"'Options: " + options + "\r\n"
|
|
|
|
|
2009-06-30 21:43:44 +00:00
|
|
|
vba = note + "\r\n" + Msf::Util::EXE.to_exe_vba(exe)
|
2008-11-12 19:15:24 +00:00
|
|
|
$stdout.write(vba)
|
|
|
|
exit(0)
|
|
|
|
end
|
|
|
|
|
2010-08-19 18:31:33 +00:00
|
|
|
if(cmd =~ /^d/)
|
|
|
|
dll = Msf::Util::EXE.to_win32pe_dll($framework, buf)
|
|
|
|
note =
|
2010-08-19 18:44:45 +00:00
|
|
|
"Created by msfpayload (http://www.metasploit.com).\r\n" +
|
|
|
|
"Payload: " + payload.refname + "\r\n" +
|
|
|
|
" Length: " + buf.length.to_s + "\r\n" +
|
|
|
|
"Options: " + options + "\r\n"
|
2010-08-19 18:31:33 +00:00
|
|
|
|
|
|
|
if(dll)
|
|
|
|
$stderr.puts(note)
|
|
|
|
$stdout.write(dll)
|
|
|
|
exit(0)
|
|
|
|
end
|
|
|
|
|
2010-08-19 18:44:45 +00:00
|
|
|
$stderr.puts "Failed to build dll"
|
|
|
|
exit(-1)
|
2010-08-19 18:31:33 +00:00
|
|
|
end
|
|
|
|
|
2010-01-14 18:15:15 +00:00
|
|
|
if(cmd =~ /^w/)
|
|
|
|
note =
|
|
|
|
"Created by msfpayload (http://www.metasploit.com).\n" +
|
|
|
|
"Payload: " + payload.refname + "\n" +
|
|
|
|
" Length: " + buf.length.to_s + "\n" +
|
|
|
|
"Options: " + options + "\n"
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2010-01-14 18:15:15 +00:00
|
|
|
arch = payload.arch
|
|
|
|
plat = payload.platform.platforms
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2010-09-20 15:59:46 +00:00
|
|
|
exe = Msf::Util::EXE.to_executable($framework, arch, plat, buf)
|
|
|
|
exe = Msf::Util::EXE.to_jsp_war(exe)
|
2008-11-12 19:15:24 +00:00
|
|
|
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2010-01-14 18:15:15 +00:00
|
|
|
if(exe)
|
|
|
|
$stderr.puts(note)
|
|
|
|
$stdout.write(exe)
|
|
|
|
exit(0)
|
|
|
|
end
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2010-01-14 18:15:15 +00:00
|
|
|
$stderr.puts "No executable format support for this arch/platform"
|
|
|
|
exit(-1)
|
|
|
|
end
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2011-01-22 02:26:07 +00:00
|
|
|
$stdout.write(buf)
|
2010-02-18 03:27:29 +00:00
|
|
|
|
2007-04-28 18:34:33 +00:00
|
|
|
elsif (cmd =~ /^(s|o)/)
|
2008-11-08 19:44:35 +00:00
|
|
|
payload.datastore.import_options_from_s(ARGV.join('_|_'), '_|_')
|
2005-10-01 09:10:41 +00:00
|
|
|
puts Msf::Serializer::ReadableText.dump_module(payload)
|
2008-11-08 19:44:35 +00:00
|
|
|
end
|