Issue #6637: Adds msfvenom option --sec-name to specify custom new section header name

GSoC/Meterpreter_Web_Console
Patrick 2018-10-30 23:39:21 -05:00 committed by 7043mcgeep
parent c131b21af4
commit 484329f6a0
5 changed files with 29 additions and 7 deletions

View File

@ -32,7 +32,12 @@ module Exe
# Create a new section # Create a new section
s = Metasm::PE::Section.new s = Metasm::PE::Section.new
if @secname.blank?
s.name = '.' + Rex::Text.rand_text_alpha_lower(4) s.name = '.' + Rex::Text.rand_text_alpha_lower(4)
else
s.name = '.' + @secname
$stderr.puts "Created custom section \".#{secname}\""
end
s.encoded = payload_stub prefix s.encoded = payload_stub prefix
s.characteristics = %w[MEM_READ MEM_WRITE MEM_EXECUTE] s.characteristics = %w[MEM_READ MEM_WRITE MEM_EXECUTE]

View File

@ -10,13 +10,14 @@ module Exe
attr_accessor :template attr_accessor :template
attr_accessor :arch attr_accessor :arch
attr_accessor :buffer_register attr_accessor :buffer_register
attr_accessor :secname
def initialize(opts = {}) def initialize(opts = {})
@payload = opts[:payload] @payload = opts[:payload]
@template = opts[:template] @template = opts[:template]
@arch = opts[:arch] || :x86 @arch = opts[:arch] || :x86
@buffer_register = opts[:buffer_register] @buffer_register = opts[:buffer_register]
@secname = opts[:secname]
x86_regs = %w{eax ecx edx ebx edi esi} x86_regs = %w{eax ecx edx ebx edi esi}
x64_regs = %w{rax rcx rdx rbx rdi rsi} + (8..15).map{|n| "r#{n}" } x64_regs = %w{rax rcx rdx rbx rdi rsi} + (8..15).map{|n| "r#{n}" }

View File

@ -44,6 +44,9 @@ module Msf
# @!attribute encoder # @!attribute encoder
# @return [String] The encoder(s) you want applied to the payload # @return [String] The encoder(s) you want applied to the payload
attr_accessor :encoder attr_accessor :encoder
# @!attribute secname
# @return [String] The name of the new section within the generated Windows binary
attr_accessor :secname
# @!attribute format # @!attribute format
# @return [String] The format you want the payload returned in # @return [String] The format you want the payload returned in
attr_accessor :format attr_accessor :format
@ -101,6 +104,7 @@ module Msf
# @option opts [String] :payload (see #payload) # @option opts [String] :payload (see #payload)
# @option opts [String] :format (see #format) # @option opts [String] :format (see #format)
# @option opts [String] :encoder (see #encoder) # @option opts [String] :encoder (see #encoder)
# @option opts [String] :secname (see #secname)
# @option opts [Integer] :iterations (see #iterations) # @option opts [Integer] :iterations (see #iterations)
# @option opts [String] :arch (see #arch) # @option opts [String] :arch (see #arch)
# @option opts [String] :platform (see #platform) # @option opts [String] :platform (see #platform)
@ -124,6 +128,7 @@ module Msf
@cli = opts.fetch(:cli, false) @cli = opts.fetch(:cli, false)
@datastore = opts.fetch(:datastore, {}) @datastore = opts.fetch(:datastore, {})
@encoder = opts.fetch(:encoder, '') @encoder = opts.fetch(:encoder, '')
@secname = opts.fetch(:secname, '')
@format = opts.fetch(:format, 'raw') @format = opts.fetch(:format, 'raw')
@iterations = opts.fetch(:iterations, 1) @iterations = opts.fetch(:iterations, 1)
@keep = opts.fetch(:keep, false) @keep = opts.fetch(:keep, false)
@ -285,6 +290,9 @@ module Msf
opts[:template_path] = File.dirname(template) opts[:template_path] = File.dirname(template)
opts[:template] = File.basename(template) opts[:template] = File.basename(template)
end end
unless secname.blank?
opts[:secname] = @secname
end
opts opts
end end

View File

@ -249,7 +249,8 @@ require 'msf/core/exe/segment_appender'
injector = Msf::Exe::SegmentInjector.new({ injector = Msf::Exe::SegmentInjector.new({
:payload => code, :payload => code,
:template => opts[:template], :template => opts[:template],
:arch => :x86 :arch => :x86,
:secname => opts[:secname]
}) })
return injector.generate_pe return injector.generate_pe
end end
@ -270,7 +271,8 @@ require 'msf/core/exe/segment_appender'
appender = Msf::Exe::SegmentAppender.new({ appender = Msf::Exe::SegmentAppender.new({
:payload => code, :payload => code,
:template => opts[:template], :template => opts[:template],
:arch => :x86 :arch => :x86,
:secname => opts[:secname]
}) })
return appender.generate_pe return appender.generate_pe
end end
@ -603,7 +605,8 @@ require 'msf/core/exe/segment_appender'
injector = Msf::Exe::SegmentInjector.new({ injector = Msf::Exe::SegmentInjector.new({
:payload => code, :payload => code,
:template => opts[:template], :template => opts[:template],
:arch => :x64 :arch => :x64,
:secname => opts[:secname]
}) })
return injector.generate_pe return injector.generate_pe
end end
@ -612,7 +615,8 @@ require 'msf/core/exe/segment_appender'
appender = Msf::Exe::SegmentAppender.new({ appender = Msf::Exe::SegmentAppender.new({
:payload => code, :payload => code,
:template => opts[:template], :template => opts[:template],
:arch => :x64 :arch => :x64,
:secname => opts[:secname]
}) })
return appender.generate_pe return appender.generate_pe
end end

View File

@ -97,6 +97,10 @@ def parse_args(args)
opts[:encoder] = e opts[:encoder] = e
end end
opt.on('--sec-name <value>', String, 'The new section name to use when generating Windows binaries. Default: random 4-character alpha string') do |s|
opts[:secname] = s
end
opt.on('--smallest', 'Generate the smallest possible payload using all available encoders') do opt.on('--smallest', 'Generate the smallest possible payload using all available encoders') do
opts[:smallest] = true opts[:smallest] = true
end end