Add #arch method to Msf::EncodedPayload.
This allows exploits with few one automatic target to support many different architectures.bug/bundler_fix
parent
88f626184c
commit
6313b29b7a
|
@ -404,6 +404,15 @@ class EncodedPayload
|
|||
Msf::Util::EXE.to_jsp_war(encoded_exe(opts), opts)
|
||||
end
|
||||
|
||||
#
|
||||
# An array containing the architecture(s) that this payload was made to run on
|
||||
#
|
||||
def arch
|
||||
if pinst
|
||||
pinst.arch
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# The raw version of the payload
|
||||
#
|
||||
|
|
|
@ -21,7 +21,8 @@ module Exploit::Remote::Gdb
|
|||
# Maps arch -> index of register in GDB that holds $PC
|
||||
PC_REGISTERS = {
|
||||
ARCH_X86 => '08',
|
||||
ARCH_X64 => '10'
|
||||
ARCH_X64 => '10',
|
||||
ARCH_X86_64 => '10'
|
||||
}
|
||||
|
||||
# Send an ACK packet
|
||||
|
@ -88,10 +89,10 @@ module Exploit::Remote::Gdb
|
|||
# @return [String] containing the hex-encoded address stored in EIP
|
||||
def get_pc
|
||||
# on x64 it is the register under the key "10"
|
||||
idx = pc_reg_index(target.arch)
|
||||
idx = pc_reg_index(payload.arch)
|
||||
pc = step.split(';').map { |r| r =~ /#{idx}:([a-f0-9]*)/ and $1 }.compact.first
|
||||
# convert to desired endian/ptr size for a given arch
|
||||
addr = Rex::Arch.pack_addr(target.arch, Integer(pc, 16))
|
||||
addr = Rex::Arch.pack_addr(payload.arch, Integer(pc, 16))
|
||||
Rex::Text.to_hex(addr, '')
|
||||
end
|
||||
|
||||
|
@ -128,14 +129,11 @@ module Exploit::Remote::Gdb
|
|||
read_response # lots of flags, nothing interesting
|
||||
end
|
||||
|
||||
# @param arch [String, Array] the current system architecture
|
||||
# @param my_arch [String, Array] the current system architecture
|
||||
# @return [String] hex index of the register that contains $PC for the current arch
|
||||
def pc_reg_index(arch)
|
||||
if arch.is_a?(Array)
|
||||
arch = arch[0]
|
||||
end
|
||||
|
||||
PC_REGISTERS[arch]
|
||||
def pc_reg_index(my_arch)
|
||||
if my_arch.is_a?(Array) then my_arch = my_arch[0] end
|
||||
PC_REGISTERS[my_arch]
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -12,16 +12,14 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'GDB Server Remote Payload Execution',
|
||||
'Description' => %q{
|
||||
'Name' => 'GDB Server Remote Payload Execution',
|
||||
'Description' => %q{
|
||||
This module attempts to execute an arbitrary payload on a gdbserver service.
|
||||
},
|
||||
'Author' => [ 'joev' ],
|
||||
'Targets' => [
|
||||
[ 'x86 (32-bit)', { 'Arch' => ARCH_X86 } ],
|
||||
[ 'x64 (64-bit)', { 'Arch' => ARCH_X64 } ]
|
||||
],
|
||||
'Platform' => %w(linux unix osx windows),
|
||||
'Author' => [ 'joev' ],
|
||||
'Targets' => [ [ 'Automatic', {} ] ],
|
||||
'Arch' => [ ARCH_X86, ARCH_X64 ],
|
||||
'Platform' => %w(linux unix osx windows),
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
end
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
require 'spec_helper'
|
||||
require 'msf/core/encoded_payload'
|
||||
|
||||
describe Msf::EncodedPayload do
|
||||
PAYLOAD_FRAMEWORK = Msf::Simple::Framework.create(
|
||||
:module_types => [::Msf::MODULE_PAYLOAD, ::Msf::MODULE_ENCODER, ::Msf::MODULE_NOP],
|
||||
'DisableDatabase' => true,
|
||||
'DisableLogging' => true
|
||||
)
|
||||
|
||||
let(:framework) { PAYLOAD_FRAMEWORK }
|
||||
let(:payload) { 'linux/x86/shell_reverse_tcp' }
|
||||
let(:pinst) { framework.payloads.create(payload) }
|
||||
|
||||
subject(:encoded_payload) do
|
||||
described_class.new(framework, pinst, {})
|
||||
end
|
||||
|
||||
describe '#arch' do
|
||||
context 'when payload is linux/x86 reverse tcp' do
|
||||
let(:payload) { 'linux/x86/shell_reverse_tcp' }
|
||||
|
||||
it 'returns ["X86"]' do
|
||||
expect(encoded_payload.arch).to eq [ARCH_X86]
|
||||
end
|
||||
end
|
||||
|
||||
context 'when payload is linux/x64 reverse tcp' do
|
||||
let(:payload) { 'linux/x64/shell_reverse_tcp' }
|
||||
|
||||
it 'returns ["X86_64"]' do
|
||||
expect(encoded_payload.arch).to eq [ARCH_X86_64]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue