infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent the dcerpc NDR string functions from modifying their argument directly 

git-svn-id: file:///home/svn/framework3/trunk@8102 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2010-01-12 23:15:07 +00:00
parent a2b883ff3d
commit 540beed83e
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/rex/encoder/ndr.rb
View File

@ -15,14 +15,14 @@ module NDR
def NDR.long(string) def NDR.long(string)
return [string].pack('V') return [string].pack('V')
end end
# Encode a 2 byte short # Encode a 2 byte short
# use to encode: # use to encode:
# short element_1; # short element_1;
def NDR.short(string) def NDR.short(string)
return [string].pack('v') return [string].pack('v')
end end
# Encode a single byte # Encode a single byte
# use to encode: # use to encode:
# byte element_1; # byte element_1;
@ -44,20 +44,20 @@ module NDR
string << "\x00" # null pad string << "\x00" # null pad
return long(string.length) + long(0) + long(string.length) + string + align(string) return long(string.length) + long(0) + long(string.length) + string + align(string)
end end
# Encode a string # Encode a string
# use to encode: # use to encode:
# w_char *element_1; # w_char *element_1;
def NDR.wstring(string) def NDR.wstring(string)
string << "\x00" # null pad string = string + "\x00" # null pad
return long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) return long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string))
end end
# Encode a string and make it unique # Encode a string and make it unique
# use to encode: # use to encode:
# [unique] w_char *element_1; # [unique] w_char *element_1;
def NDR.uwstring(string) def NDR.uwstring(string)
string << "\x00" # null pad string = string + "\x00" # null pad
return long(rand(0xffffffff))+long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) return long(rand(0xffffffff))+long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string))
end end
@ -67,7 +67,7 @@ module NDR
def NDR.wstring_prebuilt(string) def NDR.wstring_prebuilt(string)
# if the string len is odd, thats bad! # if the string len is odd, thats bad!
if string.length % 2 > 0 if string.length % 2 > 0
string << "\x00" string = string + "\x00"
end end
len = string.length / 2; len = string.length / 2;
return long(len) + long(0) + long(len) + string + align(string) return long(len) + long(0) + long(len) + string + align(string)
@ -86,3 +86,4 @@ module NDR
end end
end end
end end