infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13 from wvu-r7/pr/3691 

Add verify_checksum and use it
bug/bundler_fix
jvennix-r7 2014-09-08 11:41:54 -05:00
parent 671c7f1095 5c1d95812c
commit b48aa8f2ca
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/msf/core/exploit/gdb.rb
View File

@ -21,6 +21,9 @@ module Exploit::Remote::Gdb
# thrown when a response is incorrect
class BadResponseError < RuntimeError; end
# thrown when a checksum is invalid
class BadChecksumError < RuntimeError; end
# Default list of supported GDB features to send the to the target
GDB_FEATURES = 'qSupported:multiprocess+;qRelocInsn+;qvCont+;'
@ -58,12 +61,15 @@ module Exploit::Remote::Gdb
# Reads (and possibly decodes) from the socket and sends an ACK to verify receipt
# @param opts [Hash] the options hash
# @option opts :decode [Boolean] rle decoding should be applied to the response
# @option opts :verify [Boolean] verify the response's checksum
# @return [String] the response
# @raise [BadResponseError] if the expected response is missing
# @raise [BadChecksumError] if the checksum is invalid
def read_response(opts={})
decode = opts.fetch(:decode, false)
decode, verify = opts.fetch(:decode, false), opts.fetch(:verify, true)
res = sock.get_once
raise BadResponseError if res.nil?
raise BadChecksumError if (verify && !verify_checksum(res))
res = decode_rle(res) if decode
vprint_status('Result: '+res)
send_ack
@ -86,12 +92,20 @@ module Exploit::Remote::Gdb
# The two-digit checksum is computed as the modulo 256 sum of all characters
# between the leading $ and the trailing # (an eight bit unsigned checksum).
# @param [String] str the string to calculate the checksum of
# @param str [String] the string to calculate the checksum of
# @return [String] hex string containing checksum
def checksum(str)
"%02x" % str.bytes.inject(0) { |b, sum| (sum+b)%256 }
end
# Verifies a response's checksum
# @param res [String] the response to check
# @return [Boolean] whether the checksum is valid
def verify_checksum(res)
msg, chksum = res.match(/^\$(.*)#(\h{2})$/)[1..2]
checksum(msg) == chksum
end
# Writes the buffer +buf+ to the address +addr+ in the remote process's memory
# @param buf [String] the buffer to write
# @param addr [String] the hex-encoded address to write to