Implement sec-name and pad-nops for command dispatcher
Patrick
7043mcgeep
parent
a5ae7c491d
commit
5151473e09
|
|
@ -53,6 +53,7 @@ module Payload
|
||||||
e = EncodedPayload.create(payload,
|
e = EncodedPayload.create(payload,
|
||||||
'BadChars' => opts['BadChars'],
|
'BadChars' => opts['BadChars'],
|
||||||
'MinNops' => opts['NopSledSize'],
|
'MinNops' => opts['NopSledSize'],
|
||||||
|
'PadNops' => opts['PadNops'],
|
||||||
'Encoder' => opts['Encoder'],
|
'Encoder' => opts['Encoder'],
|
||||||
'Iterations' => opts['Iterations'],
|
'Iterations' => opts['Iterations'],
|
||||||
'ForceEncode' => opts['ForceEncode'],
|
'ForceEncode' => opts['ForceEncode'],
|
||||||
|
|
@ -64,7 +65,8 @@ module Payload
|
||||||
exeopts = {
|
exeopts = {
|
||||||
:inject => opts['KeepTemplateWorking'],
|
:inject => opts['KeepTemplateWorking'],
|
||||||
:template => opts['Template'],
|
:template => opts['Template'],
|
||||||
:template_path => opts['ExeDir']
|
:template_path => opts['ExeDir'],
|
||||||
|
:secname => opts['SecName']
|
||||||
}
|
}
|
||||||
|
|
||||||
arch = payload.arch
|
arch = payload.arch
|
||||||
|
|
|
||||||
|
|
@ -290,6 +290,7 @@ class EncodedPayload
|
||||||
def generate_sled
|
def generate_sled
|
||||||
min = reqs['MinNops'] || 0
|
min = reqs['MinNops'] || 0
|
||||||
space = reqs['Space']
|
space = reqs['Space']
|
||||||
|
pad_nops = reqs['PadNops']
|
||||||
|
|
||||||
self.nop_sled_size = min
|
self.nop_sled_size = min
|
||||||
|
|
||||||
|
|
@ -310,6 +311,9 @@ class EncodedPayload
|
||||||
# Check for the DisableNops setting
|
# Check for the DisableNops setting
|
||||||
self.nop_sled_size = 0 if reqs['DisableNops']
|
self.nop_sled_size = 0 if reqs['DisableNops']
|
||||||
|
|
||||||
|
# Check for the PadNops setting
|
||||||
|
self.nop_sled_size = (pad_nops - self.encoded.length) if reqs['PadNops']
|
||||||
|
|
||||||
# Now construct the actual sled
|
# Now construct the actual sled
|
||||||
if (self.nop_sled_size > 0)
|
if (self.nop_sled_size > 0)
|
||||||
nops = pinst.compatible_nops
|
nops = pinst.compatible_nops
|
||||||
|
|
@ -338,7 +342,6 @@ class EncodedPayload
|
||||||
|
|
||||||
begin
|
begin
|
||||||
nop.copy_ui(pinst)
|
nop.copy_ui(pinst)
|
||||||
|
|
||||||
self.nop_sled = nop.generate_sled(self.nop_sled_size,
|
self.nop_sled = nop.generate_sled(self.nop_sled_size,
|
||||||
'BadChars' => reqs['BadChars'],
|
'BadChars' => reqs['BadChars'],
|
||||||
'SaveRegisters' => save_regs)
|
'SaveRegisters' => save_regs)
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ module Exe
|
||||||
s.name = '.' + Rex::Text.rand_text_alpha_lower(4)
|
s.name = '.' + Rex::Text.rand_text_alpha_lower(4)
|
||||||
else
|
else
|
||||||
s.name = '.' + secname.downcase
|
s.name = '.' + secname.downcase
|
||||||
$stderr.puts "Created custom section \"#{s.name}\""
|
|
||||||
end
|
end
|
||||||
s.encoded = payload_stub prefix
|
s.encoded = payload_stub prefix
|
||||||
s.characteristics = %w[MEM_READ MEM_WRITE MEM_EXECUTE]
|
s.characteristics = %w[MEM_READ MEM_WRITE MEM_EXECUTE]
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,8 @@ module Msf
|
||||||
"-E" => [ false, "Force encoding" ],
|
"-E" => [ false, "Force encoding" ],
|
||||||
"-e" => [ true, "The encoder to use" ],
|
"-e" => [ true, "The encoder to use" ],
|
||||||
"-s" => [ true, "NOP sled length." ],
|
"-s" => [ true, "NOP sled length." ],
|
||||||
|
"-P" => [ true, "Total desired payload size, auto-produce approproate NOPsled length"],
|
||||||
|
"-S" => [ true, "The new section name to use when generating (large) Windows binaries"],
|
||||||
"-b" => [ true, "The list of characters to avoid example: '\\x00\\xff'" ],
|
"-b" => [ true, "The list of characters to avoid example: '\\x00\\xff'" ],
|
||||||
"-i" => [ true, "The number of times to encode the payload" ],
|
"-i" => [ true, "The number of times to encode the payload" ],
|
||||||
"-x" => [ true, "Specify a custom executable file to use as a template" ],
|
"-x" => [ true, "Specify a custom executable file to use as a template" ],
|
||||||
|
|
@ -82,6 +84,8 @@ module Msf
|
||||||
# Parse the arguments
|
# Parse the arguments
|
||||||
encoder_name = nil
|
encoder_name = nil
|
||||||
sled_size = nil
|
sled_size = nil
|
||||||
|
pad_nops = nil
|
||||||
|
sec_name = nil
|
||||||
option_str = nil
|
option_str = nil
|
||||||
badchars = nil
|
badchars = nil
|
||||||
format = "ruby"
|
format = "ruby"
|
||||||
|
|
@ -102,6 +106,10 @@ module Msf
|
||||||
force = true
|
force = true
|
||||||
when '-n'
|
when '-n'
|
||||||
sled_size = val.to_i
|
sled_size = val.to_i
|
||||||
|
when '-P'
|
||||||
|
pad_nops = val.to_i
|
||||||
|
when '-S'
|
||||||
|
sec_name = val
|
||||||
when '-f'
|
when '-f'
|
||||||
format = val
|
format = val
|
||||||
when '-o'
|
when '-o'
|
||||||
|
|
@ -146,6 +154,8 @@ module Msf
|
||||||
'Encoder' => encoder_name,
|
'Encoder' => encoder_name,
|
||||||
'Format' => format,
|
'Format' => format,
|
||||||
'NopSledSize' => sled_size,
|
'NopSledSize' => sled_size,
|
||||||
|
'PadNops' => pad_nops,
|
||||||
|
'SecName' => sec_name,
|
||||||
'OptionStr' => option_str,
|
'OptionStr' => option_str,
|
||||||
'ForceEncode' => force,
|
'ForceEncode' => force,
|
||||||
'Template' => template,
|
'Template' => template,
|
||||||
|
|
@ -178,6 +188,8 @@ module Msf
|
||||||
'-h' => [ nil ],
|
'-h' => [ nil ],
|
||||||
'-o' => [ true ],
|
'-o' => [ true ],
|
||||||
'-s' => [ true ],
|
'-s' => [ true ],
|
||||||
|
'-P' => [ true ],
|
||||||
|
'-S' => [ true ],
|
||||||
'-f' => [ :file ],
|
'-f' => [ :file ],
|
||||||
'-t' => [ @@supported_formats ],
|
'-t' => [ @@supported_formats ],
|
||||||
'-p' => [ true ],
|
'-p' => [ true ],
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue