infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix odd indentation and style issues

bug/bundler_fix
Brent Cook 2016-05-13 22:06:18 -05:00
parent 901b793406
commit 7cfc4d4523
1 changed files with 51 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
tools/exploit/pattern_offset.rb
View File

@ -5,8 +5,8 @@ while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib'))) $LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB'] $LOAD_PATH.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'msfenv' require 'msfenv'
require 'msf/core' require 'msf/core'
@ -22,16 +22,17 @@ module PatternOffset
opt.banner = "Usage: #{__FILE__} [options]\nExample: #{__FILE__} -q Aa3A|0x39634138|0xFFFF4138\n[*] Exact match at offset 9" opt.banner = "Usage: #{__FILE__} [options]\nExample: #{__FILE__} -q Aa3A|0x39634138|0xFFFF4138\n[*] Exact match at offset 9"
opt.separator '' opt.separator ''
opt.separator 'Options:' opt.separator 'Options:'
opt.on('-q', '--query Aa0A', String, "Query to Locate") do |query|
options[:query] = query opt.on('-q', '--query Aa0A', String, "Query to Locate") do |query|
options[:query] = query
end end
opt.on('-l', '--length <length>', Integer, "The length of the pattern") do |len| opt.on('-l', '--length <length>', Integer, "The length of the pattern") do |len|
options[:length] = len options[:length] = len
end end
opt.on('-s', '--sets <ABC,def,123>', Array, "Custom Pattern Sets") do |sets| opt.on('-s', '--sets <ABC,def,123>', Array, "Custom Pattern Sets") do |sets|
options[:sets] = sets options[:sets] = sets
end end
opt.on_tail('-h', '--help', 'Show this message') do opt.on_tail('-h', '--help', 'Show this message') do
@ -57,7 +58,7 @@ module PatternOffset
end end
end end
class Driver class Driver
def initialize def initialize
begin begin
@opts = OptsConsole.parse(ARGV) @opts = OptsConsole.parse(ARGV)
@ -69,69 +70,66 @@ class Driver
def run def run
query = (@opts[:query]) query = (@opts[:query])
pattern = Rex::Text.pattern_create(@opts[:length], @opts[:sets])
if query.length >= 8 && query.hex > 0
if (query.length >= 8 and query.hex > 0)
query = query.hex query = query.hex
# However, you can also specify a four-byte string # However, you can also specify a four-byte string
elsif (query.length == 4) elsif query.length == 4
query = query.unpack("V").first query = query.unpack("V").first
else else
# Or even a hex query that isn't 8 bytes long # Or even a hex query that isn't 8 bytes long
query = query.to_i(16) query = query.to_i(16)
end end
buffer = Rex::Text.pattern_create(@opts[:length], @opts[:sets]) buffer = Rex::Text.pattern_create(@opts[:length], @opts[:sets])
offset = Rex::Text.pattern_offset(buffer, query) offset = Rex::Text.pattern_offset(buffer, query)
# Handle cases where there is no match by looking for "close" matches # Handle cases where there is no match by looking for "close" matches
unless offset unless offset
found = false found = false
$stderr.puts "[*] No exact matches, looking for likely candidates..." $stderr.puts "[*] No exact matches, looking for likely candidates..."
# Look for shifts by a single byte # Look for shifts by a single byte
0.upto(3) do |idx| 0.upto(3) do |idx|
0.upto(255) do |c| 0.upto(255) do |c|
nvb = [query].pack("V") nvb = [query].pack("V")
nvb[idx, 1] = [c].pack("C") nvb[idx, 1] = [c].pack("C")
nvi = nvb.unpack("V").first nvi = nvb.unpack("V").first
off = Rex::Text.pattern_offset(buffer, nvi) off = Rex::Text.pattern_offset(buffer, nvi)
if off if off
mle = query - buffer[off,4].unpack("V").first mle = query - buffer[off, 4].unpack("V").first
mbe = query - buffer[off,4].unpack("N").first mbe = query - buffer[off, 4].unpack("N").first
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] ) byte offset #{idx}" puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] ) byte offset #{idx}"
found = true found = true
end end
end end
end end
exit! if found exit! if found
# Look for 16-bit offsets # Look for 16-bit offsets
[0, 2].each do |idx| [0, 2].each do |idx|
0.upto(65535) do |c| 0.upto(65535) do |c|
nvb = [query].pack("V") nvb = [query].pack("V")
nvb[idx, 2] = [c].pack("v") nvb[idx, 2] = [c].pack("v")
nvi = nvb.unpack("V").first nvi = nvb.unpack("V").first
off = Rex::Text.pattern_offset(buffer, nvi) off = Rex::Text.pattern_offset(buffer, nvi)
if off if off
mle = query - buffer[off,4].unpack("V").first mle = query - buffer[off, 4].unpack("V").first
mbe = query - buffer[off,4].unpack("N").first mbe = query - buffer[off, 4].unpack("N").first
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] )" puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] )"
found = true found = true
end end
end end
end end
end
while offset
puts "[*] Exact match at offset #{offset}"
offset = Rex::Text.pattern_offset(buffer, query, offset + 1)
end end
while offset
puts "[*] Exact match at offset #{offset}"
offset = Rex::Text.pattern_offset(buffer, query, offset + 1)
end
end end
end end
end end
@ -140,7 +138,7 @@ if __FILE__ == $PROGRAM_NAME
driver = PatternOffset::Driver.new driver = PatternOffset::Driver.new
begin begin
driver.run driver.run
rescue ::Exception => e rescue ::StandardError => e
elog("#{e.class}: #{e.message}\n#{e.backtrace * "\n"}") elog("#{e.class}: #{e.message}\n#{e.backtrace * "\n"}")
$stderr.puts "[x] #{e.class}: #{e.message}" $stderr.puts "[x] #{e.class}: #{e.message}"
$stderr.puts "[*] If necessary, please refer to framework.log for more details." $stderr.puts "[*] If necessary, please refer to framework.log for more details."