2010-08-23 17:35:41 +00:00
|
|
|
# $Id$
|
|
|
|
|
|
|
|
require 'rex/exploitation/omelet'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This mixin provides an interface to generating eggs-to-omelet hunters for win/x86
|
|
|
|
# platforms using the Rex::Exploitation::Omelet class.
|
|
|
|
#
|
|
|
|
# written by corelanc0d3r <peter.ve [at] corelan.be>
|
|
|
|
#
|
|
|
|
# Version: $Revision$
|
|
|
|
#
|
|
|
|
###
|
|
|
|
module Exploit::Omelet
|
|
|
|
|
|
|
|
#
|
|
|
|
# Creates an instance of an exploit that uses an Omelet overwrite.
|
|
|
|
#
|
|
|
|
def initialize(info = {})
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Generates an omelet hunter stub and eggs
|
|
|
|
#
|
2010-08-25 20:54:20 +00:00
|
|
|
def generate_omelet(payload, badchars = nil, opts = {})
|
2010-08-23 17:35:41 +00:00
|
|
|
# Prefer the target's platform/architecture information, but use
|
|
|
|
# the module's if no target specific information exists
|
|
|
|
los = target_platform
|
|
|
|
larch = target_arch || ARCH_X86
|
|
|
|
|
|
|
|
# If we found a platform list, then take the first platform
|
|
|
|
los = los.names[0] if (los.kind_of?(Msf::Module::PlatformList))
|
|
|
|
|
|
|
|
# Use the first architecture if one was specified
|
|
|
|
larch = larch[0] if (larch.kind_of?(Array))
|
|
|
|
|
|
|
|
if los.nil?
|
2010-08-23 21:03:00 +00:00
|
|
|
raise RuntimeError, "No platform restrictions were specified -- cannot select omelet hunter"
|
2010-08-23 17:35:41 +00:00
|
|
|
end
|
|
|
|
|
2010-08-25 20:54:20 +00:00
|
|
|
badchars ||= payload_badchars
|
|
|
|
|
2010-08-23 17:35:41 +00:00
|
|
|
omelet = Rex::Exploitation::Omelet.new(los, larch)
|
2010-08-25 01:21:12 +00:00
|
|
|
scrambledeggs = omelet.generate(payload, badchars, opts)
|
2010-08-23 17:35:41 +00:00
|
|
|
|
|
|
|
if (scrambledeggs.nil?)
|
|
|
|
print_error("The omelet hunter could not be generated")
|
|
|
|
raise ArgumentError
|
|
|
|
end
|
|
|
|
|
2010-08-23 19:53:15 +00:00
|
|
|
return scrambledeggs
|
2010-08-23 17:35:41 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|