experimental: stages encoded by default, set DisableStageEncoding 1 to disable
git-svn-id: file:///home/svn/framework3/trunk@5511 4d416f70-5f16-0410-b530-b9f4589650daunstable
Matt Miller
parent
d94bfaf373
commit
30ae3af6fb
|
|
@ -16,11 +16,11 @@ class EncodedPayload
|
|||
# This method creates an encoded payload instance and returns it to the
|
||||
# caller.
|
||||
#
|
||||
def self.create(pinst, reqs)
|
||||
def self.create(pinst, reqs = {})
|
||||
# Create the encoded payload instance
|
||||
p = EncodedPayload.new(pinst.framework, pinst, reqs)
|
||||
|
||||
p.generate
|
||||
p.generate(reqs['Raw'])
|
||||
|
||||
return p
|
||||
end
|
||||
|
|
@ -38,8 +38,8 @@ class EncodedPayload
|
|||
# This method enerates the full encoded payload and returns the encoded
|
||||
# payload buffer.
|
||||
#
|
||||
def generate
|
||||
self.raw = nil
|
||||
def generate(raw = nil)
|
||||
self.raw = raw
|
||||
self.encoded = nil
|
||||
self.nop_sled_size = 0
|
||||
self.nop_sled = nil
|
||||
|
|
@ -60,7 +60,7 @@ class EncodedPayload
|
|||
pinst.validate()
|
||||
|
||||
# Generate the raw version of the payload first
|
||||
generate_raw()
|
||||
generate_raw() if self.raw.nil?
|
||||
|
||||
# Encode the payload
|
||||
encode()
|
||||
|
|
@ -100,7 +100,7 @@ class EncodedPayload
|
|||
def encode
|
||||
# If the exploit has bad characters, we need to run the list of encoders
|
||||
# in ranked precedence and try to encode without them.
|
||||
if (reqs['BadChars'] or reqs['Encoder'])
|
||||
if reqs['BadChars'] or reqs['Encoder'] or reqs['ForceEncode']
|
||||
encoders = pinst.compatible_encoders
|
||||
|
||||
# If the caller had a preferred encoder, try to find it and prefix it
|
||||
|
|
|
|||
|
|
@ -74,6 +74,9 @@ module Msf::Payload::Stager
|
|||
# Substitute variables in the stage
|
||||
substitute_vars(p, stage_offsets) if (stage_offsets)
|
||||
|
||||
# Encode the stage of stage encoding is enabled
|
||||
p = encode_stage(p)
|
||||
|
||||
return p
|
||||
end
|
||||
|
||||
|
|
@ -133,6 +136,25 @@ module Msf::Payload::Stager
|
|||
false
|
||||
end
|
||||
|
||||
# Encodes the stage prior to transmission
|
||||
def encode_stage(stg)
|
||||
|
||||
# If DisableStageEncoding is set, we do not encode the stage
|
||||
return stg if datastore['DisableStageEncoding'] =~ /^(y|1|t)/i
|
||||
|
||||
# Generate an encoded version of the stage. We tell the encoding system
|
||||
# to save edi to ensure that it does not get clobbered.
|
||||
encp = Msf::EncodedPayload.create(
|
||||
self,
|
||||
'Raw' => stg,
|
||||
'SaveRegisters' => ['edi'],
|
||||
'ForceEncode' => true)
|
||||
|
||||
# If the encoding succeeded, use the encoded buffer. Otherwise, fall
|
||||
# back to using the non-encoded stage
|
||||
encp.encoded || stg
|
||||
end
|
||||
|
||||
# Aliases
|
||||
alias stager_payload payload
|
||||
alias stager_offsets offsets
|
||||
|
|
|
|||
Loading…
Reference in New Issue