infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #4717 - Change AllowWin32SEH's default to false 

This is patch to change AllowWin32SEH to false.

Root cause:

The truely intended behavior is that if the user doesn't set a
BufferRegister and the encoder is for Windows, the AllowWin32SEH
code should kick in.

The problem here is that msfencode and msfvenom handle the platform
information differently, so we get different results.

With msfencode, the platform information isn't passed when alpha_mixed
is used, so even if you're using the encoder for Win32, the encoder
doesn't actually know about this. But everything works out just fine
anyway because people don't actually rely on AllowWin32SEH.

With msfvenom, the platform information is passed, so the encoder
actually knows it's for Windows. The two conditions are met (regster
and platform), so AllowWin32SEH kicks in. However, the AllowWin32SEH
technique enforces the BufferRegister to ECX, and that there's no
GetPC, so by default this isn't going to work.

The solution:

We are actually better off with setting AllowWin32SEH to false, mainly
because the SEH technique is pretty much dead (congrats MSFT!). And we
want the GetPC routine by default.

If people want to use AllowWin32SEH routine, they can simply set
AllowWin32SEH to true to bring it right back. For example:

e = framework.encoders.create('x86/alpha_mixed')
e.datastore.import_options_from_hash({'AllowWin32SEH'=>true})
buf = e.encode("AAAA", nil, nil, ::Msf::Module::PlatformList.win32)

Or in msfvenom:

msfvenom -p windows/meterpreter/bind_tcp -e x86/alpha_mixed
AllowWin32SEH=true -f raw

Fix #4717
bug/bundler_fix
sinn3r 2015-02-06 12:38:04 -06:00
parent 036cb77dd0
commit a543d957d4
2 changed files with 0 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/encoders/x86/alpha_mixed.rb
View File

@ -55,15 +55,6 @@ class Metasploit3 < Msf::Encoder::Alphanum
buf + Rex::Encoder::Alpha2::AlphaMixed::gen_decoder(reg, off) buf + Rex::Encoder::Alpha2::AlphaMixed::gen_decoder(reg, off)
end end
#
# Configure SEH getpc code on Windows
#
def init_platform(platform)
if(platform.supports?(::Msf::Module::PlatformList.win32))
datastore['AllowWin32SEH'] = true
end
end
# #
# Encodes a one byte block with the current index of the length of the # Encodes a one byte block with the current index of the length of the
# payload. # payload.

10
modules/encoders/x86/alpha_upper.rb
View File

@ -58,16 +58,6 @@ class Metasploit3 < Msf::Encoder::Alphanum
buf + Rex::Encoder::Alpha2::AlphaUpper::gen_decoder(reg, off) buf + Rex::Encoder::Alpha2::AlphaUpper::gen_decoder(reg, off)
end end
#
# Configure SEH getpc code on Windows
#
def init_platform(platform)
if(platform.supports?(::Msf::Module::PlatformList.win32))
datastore['AllowWin32SEH'] = true
end
end
# #
# Encodes a one byte block with the current index of the length of the # Encodes a one byte block with the current index of the length of the
# payload. # payload.