Add backwards compatability support for old obfuscation methods needed by older exploits

git-svn-id: file:///home/svn/framework3/trunk@13674 4d416f70-5f16-0410-b530-b9f4589650da
unstable
David Rude 2011-09-01 08:58:18 +00:00
parent 4e92190fa8
commit 1e37649a4d
1 changed files with 55 additions and 5 deletions

View File

@ -15,11 +15,48 @@ class HeapLib
#
JavascriptFile = File.join(File.dirname(__FILE__), "heaplib.js.b64")
#
# The list of symbols found in the file. This is used to dynamically
# replace contents.
#
SymbolNames =
{
"Methods" =>
[
"vtable",
"lookasideAddr",
"lookaside",
"freeList",
"gc",
"flushOleaut32",
"freeOleaut32",
"allocOleaut32",
"free",
"alloc",
"addr",
"hex",
"round",
"paddingStr",
"padding",
"debugBreak",
"debugHeap",
"debug",
],
"Classes" =>
[
{ 'Namespace' => "heapLib", 'Class' => "ie" }
],
"Namespaces" =>
[
"heapLib"
]
}
#
# Initializes the heap library javascript
#
def initialize(custom_js = '')
load_js(custom_js)
def initialize(custom_js = '', opts = {})
load_js(custom_js, opts)
end
#
@ -34,18 +71,31 @@ protected
#
# Loads the raw javascript from the source file and strips out comments
#
def load_js(custom_js)
def load_js(custom_js, opts = {})
# Grab the complete javascript
File.open(JavascriptFile) { |f|
File.open(JavascriptFile) do |f|
@js = f.read
}
end
# Decode the text
@js = Rex::Text.decode_base64(@js)
# Append the real code
@js += "\n" + custom_js
if opts[:newobfu]
# Obfuscate the javascript using the new lexer method
@js = JSObfu.new(@js)
return @js.obfuscate
elsif opts[:noobfu]
# Do not obfuscate, let the exploit do the work (useful to avoid double obfuscation)
return @js
end
# Default to the old method
# Obfuscate the javascript using the old method
@js = ObfuscateJS.obfuscate(@js, 'Symbols' => SymbolNames)
end
end