2007-09-24 03:13:08 +00:00
|
|
|
##
|
2007-09-24 03:13:50 +00:00
|
|
|
# $Id$
|
2007-09-24 03:13:08 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
##
|
2010-04-30 08:40:19 +00:00
|
|
|
# This file is part of the Metasploit Framework and may be subject to
|
2007-09-24 03:13:08 +00:00
|
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
|
|
# Framework web site for more information on licensing and terms of use.
|
2009-04-13 14:33:26 +00:00
|
|
|
# http://metasploit.com/framework/
|
2007-09-24 03:13:08 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# SingleByte
|
|
|
|
# ----------
|
|
|
|
#
|
|
|
|
# This class implements simple NOP generator for ARM (little endian)
|
|
|
|
#
|
|
|
|
###
|
2008-10-02 05:23:59 +00:00
|
|
|
class Metasploit3 < Msf::Nop
|
2007-09-24 03:13:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
def initialize
|
|
|
|
super(
|
|
|
|
'Name' => 'Simple',
|
|
|
|
'Alias' => 'armle_simple',
|
2007-09-24 03:13:50 +00:00
|
|
|
'Version' => '$Revision$',
|
2007-09-24 03:13:08 +00:00
|
|
|
'Description' => 'Simple NOP generator',
|
|
|
|
'Author' => 'hdm',
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
'Arch' => ARCH_ARMLE)
|
|
|
|
|
|
|
|
register_advanced_options(
|
|
|
|
[
|
|
|
|
OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
|
|
|
|
], self.class)
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def generate_sled(length, opts)
|
2010-04-30 08:40:19 +00:00
|
|
|
|
2007-09-24 03:13:08 +00:00
|
|
|
badchars = opts['BadChars'] || ''
|
|
|
|
random = opts['Random'] || datastore['RandomNops']
|
|
|
|
|
2010-04-30 08:40:19 +00:00
|
|
|
nops = [
|
2007-09-24 03:13:08 +00:00
|
|
|
0xe1a01001,
|
|
|
|
0xe1a02002,
|
|
|
|
0xe1a03003,
|
|
|
|
0xe1a04004,
|
|
|
|
0xe1a05005,
|
|
|
|
0xe1a06006,
|
|
|
|
0xe1a07007,
|
|
|
|
0xe1a08008,
|
|
|
|
0xe1a09009,
|
|
|
|
0xe1a0a00a,
|
|
|
|
0xe1a0b00b
|
|
|
|
]
|
2010-04-30 08:40:19 +00:00
|
|
|
|
2007-09-24 03:13:08 +00:00
|
|
|
if( random and random.match(/^(t|y|1)/i) )
|
|
|
|
return ([nops[rand(nops.length)]].pack("V*") * (length/4))
|
|
|
|
end
|
|
|
|
|
2009-07-19 16:07:59 +00:00
|
|
|
return ([nops[0]].pack("V*") * (length/4))
|
2007-09-24 03:13:08 +00:00
|
|
|
end
|
|
|
|
|
2009-07-19 16:07:59 +00:00
|
|
|
end
|