From 6b1e911041a3d22cfc5cae843ff0c3b4e53b217f Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 13 Aug 2015 11:10:50 -0500 Subject: [PATCH 1/2] Instantiate payload modules so parameter validation occurs Calling .new on payload modules does not perform parameter validation, leading to a number cached sizes based on invalid parameters. Most notably, normalization does not occur either, which makes all OptBool params default to true. --- lib/msf/util/payload_cached_size.rb | 32 ++++++++++++++++--- modules/payloads/singles/bsd/x64/exec.rb | 2 +- .../singles/bsd/x64/shell_bind_tcp.rb | 2 +- .../singles/bsd/x64/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/bsd/x86/exec.rb | 2 +- modules/payloads/singles/cmd/unix/generic.rb | 2 +- modules/payloads/singles/cmd/unix/reverse.rb | 2 +- .../payloads/singles/cmd/unix/reverse_awk.rb | 2 +- .../payloads/singles/cmd/unix/reverse_lua.rb | 2 +- .../singles/cmd/unix/reverse_netcat_gaping.rb | 2 +- .../singles/cmd/unix/reverse_nodejs.rb | 2 +- .../singles/cmd/unix/reverse_openssl.rb | 2 +- .../payloads/singles/cmd/unix/reverse_perl.rb | 2 +- .../singles/cmd/unix/reverse_perl_ssl.rb | 2 +- .../singles/cmd/unix/reverse_php_ssl.rb | 2 +- .../singles/cmd/unix/reverse_python_ssl.rb | 2 +- .../payloads/singles/cmd/unix/reverse_ruby.rb | 2 +- .../singles/cmd/unix/reverse_ruby_ssl.rb | 2 +- .../cmd/unix/reverse_ssl_double_telnet.rb | 2 +- .../payloads/singles/cmd/unix/reverse_zsh.rb | 2 +- .../payloads/singles/cmd/windows/adduser.rb | 2 +- .../payloads/singles/cmd/windows/generic.rb | 2 +- .../cmd/windows/powershell_bind_tcp.rb | 2 +- .../cmd/windows/powershell_reverse_tcp.rb | 2 +- .../singles/cmd/windows/reverse_lua.rb | 2 +- .../singles/cmd/windows/reverse_perl.rb | 2 +- .../singles/cmd/windows/reverse_powershell.rb | 2 +- .../singles/cmd/windows/reverse_ruby.rb | 2 +- modules/payloads/singles/firefox/exec.rb | 2 +- .../singles/java/jsp_shell_reverse_tcp.rb | 2 +- .../singles/java/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/linux/armle/exec.rb | 2 +- modules/payloads/singles/linux/mipsbe/exec.rb | 2 +- .../singles/linux/mipsbe/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/linux/mipsle/exec.rb | 2 +- .../singles/linux/mipsle/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/linux/x64/exec.rb | 4 +-- modules/payloads/singles/linux/x86/exec.rb | 2 +- .../payloads/singles/linux/x86/read_file.rb | 2 +- .../singles/linux/x86/shell_reverse_tcp2.rb | 2 +- .../singles/nodejs/shell_reverse_tcp.rb | 2 +- .../singles/nodejs/shell_reverse_tcp_ssl.rb | 2 +- modules/payloads/singles/osx/x64/exec.rb | 2 +- .../singles/osx/x64/shell_bind_tcp.rb | 2 +- .../singles/osx/x64/shell_find_tag.rb | 2 +- .../singles/osx/x64/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/osx/x86/exec.rb | 2 +- .../singles/php/meterpreter_reverse_tcp.rb | 2 +- .../singles/python/shell_reverse_tcp.rb | 2 +- .../singles/python/shell_reverse_tcp_ssl.rb | 2 +- .../singles/ruby/shell_reverse_tcp.rb | 2 +- .../singles/ruby/shell_reverse_tcp_ssl.rb | 2 +- .../singles/solaris/sparc/shell_find_port.rb | 2 +- .../singles/solaris/x86/shell_bind_tcp.rb | 2 +- .../singles/solaris/x86/shell_find_port.rb | 2 +- .../singles/solaris/x86/shell_reverse_tcp.rb | 2 +- modules/payloads/singles/windows/adduser.rb | 2 +- .../singles/windows/dns_txt_query_exec.rb | 2 +- .../payloads/singles/windows/download_exec.rb | 2 +- modules/payloads/singles/windows/exec.rb | 2 +- .../payloads/singles/windows/loadlibrary.rb | 2 +- .../singles/windows/powershell_bind_tcp.rb | 2 +- .../singles/windows/powershell_reverse_tcp.rb | 2 +- modules/payloads/singles/windows/x64/exec.rb | 2 +- .../singles/windows/x64/loadlibrary.rb | 2 +- .../windows/x64/powershell_bind_tcp.rb | 2 +- .../windows/x64/powershell_reverse_tcp.rb | 2 +- modules/payloads/stagers/java/reverse_http.rb | 2 +- .../payloads/stagers/java/reverse_https.rb | 2 +- modules/payloads/stagers/java/reverse_tcp.rb | 2 +- .../payloads/stagers/linux/x86/reverse_tcp.rb | 2 +- .../stagers/linux/x86/reverse_tcp_uuid.rb | 2 +- .../payloads/stagers/netware/reverse_tcp.rb | 2 +- modules/payloads/stagers/php/reverse_tcp.rb | 2 +- .../payloads/stagers/php/reverse_tcp_uuid.rb | 2 +- .../payloads/stagers/python/reverse_tcp.rb | 2 +- .../stagers/python/reverse_tcp_uuid.rb | 2 +- .../payloads/stagers/windows/reverse_http.rb | 2 +- .../windows/reverse_http_proxy_pstore.rb | 2 +- .../payloads/stagers/windows/reverse_https.rb | 2 +- .../stagers/windows/reverse_https_proxy.rb | 2 +- .../stagers/windows/x64/reverse_http.rb | 2 +- .../stagers/windows/x64/reverse_https.rb | 2 +- spec/modules/payloads_spec.rb | 6 ++-- .../payload_cached_size_is_consistent.rb | 29 ++++++++++++++++- tools/update_payload_cached_sizes.rb | 7 ++-- 86 files changed, 146 insertions(+), 94 deletions(-) diff --git a/lib/msf/util/payload_cached_size.rb b/lib/msf/util/payload_cached_size.rb index f349be43ca..e299739664 100644 --- a/lib/msf/util/payload_cached_size.rb +++ b/lib/msf/util/payload_cached_size.rb @@ -14,6 +14,27 @@ module Util class PayloadCachedSize + @opts = { + 'Format' => 'raw', + 'Options' => { + 'CPORT' => 4444, + 'LPORT' => 4444, + 'LHOST' => '255.255.255.255', + 'KHOST' => '255.255.255.255', + 'AHOST' => '255.255.255.255', + 'CMD' => '/bin/sh', + 'URL' => 'http://a.com', + 'PATH' => '/', + 'BUNDLE' => 'data/isight.bundle', + 'DLL' => 'external/source/byakugan/bin/XPSP2/detoured.dll', + 'RC4PASSWORD' => 'Metasploit', + 'DNSZONE' => 'corelan.eu', + 'PEXEC' => '/bin/sh' + }, + 'Encoder' => nil, + 'DisableNops' => true + } + # Insert a new CachedSize value into the text of a payload module # # @param data [String] The source code of a payload module @@ -60,7 +81,7 @@ class PayloadCachedSize # @return [Fixnum] def self.compute_cached_size(mod) return ":dynamic" if is_dynamic?(mod) - return mod.new.size + return mod.generate_simple(@opts).size end # Determines whether a payload generates a static sized output @@ -69,8 +90,9 @@ class PayloadCachedSize # @param generation_count [Fixnum] The number of iterations to use to # verify that the size is static. # @return [Fixnum] - def self.is_dynamic?(mod,generation_count=5) - [*(1..generation_count)].map{|x| mod.new.size}.uniq.length != 1 + def self.is_dynamic?(mod, generation_count=5) + [*(1..generation_count)].map{|x| + mod.generate_simple(@opts).size}.uniq.length != 1 end # Determines whether a payload's CachedSize is up to date @@ -78,9 +100,9 @@ class PayloadCachedSize # @param mod [Msf::Payload] The class of the payload module to update # @return [Boolean] def self.is_cached_size_accurate?(mod) - return true if mod.dynamic_size? + return true if mod.dynamic_size? && is_dynamic?(mod) return false if mod.cached_size.nil? - mod.cached_size == mod.new.size + mod.cached_size == mod.generate_simple(@opts).size end end diff --git a/modules/payloads/singles/bsd/x64/exec.rb b/modules/payloads/singles/bsd/x64/exec.rb index fb391f6b3d..150d96f356 100644 --- a/modules/payloads/singles/bsd/x64/exec.rb +++ b/modules/payloads/singles/bsd/x64/exec.rb @@ -17,7 +17,7 @@ require 'msf/core' ### module Metasploit3 - CachedSize = 23 + CachedSize = 31 include Msf::Payload::Single include Msf::Payload::Bsd diff --git a/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb b/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb index ca682e1e08..9528c88233 100644 --- a/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_bind_tcp.rb @@ -40,7 +40,7 @@ module Metasploit3 # build the shellcode payload dynamically based on the user-provided CMD def generate - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" port = [datastore['LPORT'].to_i].pack('n') call = "\xe8" + [cmd.length].pack('V') payload = diff --git a/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb index 0c87216d8b..fece7de959 100644 --- a/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb @@ -49,7 +49,7 @@ module Metasploit3 raise ArgumentError, "LHOST must be in IPv4 format." end - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" port = [datastore['LPORT'].to_i].pack('n') ipaddr = [lhost.split('.').inject(0) {|t,v| (t << 8 ) + v.to_i}].pack("N") diff --git a/modules/payloads/singles/bsd/x86/exec.rb b/modules/payloads/singles/bsd/x86/exec.rb index 552ff37273..eee7aebbd9 100644 --- a/modules/payloads/singles/bsd/x86/exec.rb +++ b/modules/payloads/singles/bsd/x86/exec.rb @@ -17,7 +17,7 @@ require 'msf/core' ### module Metasploit3 - CachedSize = 16 + CachedSize = 24 include Msf::Payload::Single include Msf::Payload::Bsd diff --git a/modules/payloads/singles/cmd/unix/generic.rb b/modules/payloads/singles/cmd/unix/generic.rb index a1e283951a..3b982b201f 100644 --- a/modules/payloads/singles/cmd/unix/generic.rb +++ b/modules/payloads/singles/cmd/unix/generic.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 0 + CachedSize = 8 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse.rb b/modules/payloads/singles/cmd/unix/reverse.rb index 9333695bc1..2ef164ebd7 100644 --- a/modules/payloads/singles/cmd/unix/reverse.rb +++ b/modules/payloads/singles/cmd/unix/reverse.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 100 + CachedSize = 130 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_awk.rb b/modules/payloads/singles/cmd/unix/reverse_awk.rb index 10a4d1c497..05402d4153 100644 --- a/modules/payloads/singles/cmd/unix/reverse_awk.rb +++ b/modules/payloads/singles/cmd/unix/reverse_awk.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 95 + CachedSize = 110 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_lua.rb b/modules/payloads/singles/cmd/unix/reverse_lua.rb index f95478851e..95bbd8dd3c 100644 --- a/modules/payloads/singles/cmd/unix/reverse_lua.rb +++ b/modules/payloads/singles/cmd/unix/reverse_lua.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 209 + CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb b/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb index d20797943d..5040d2cba9 100644 --- a/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb +++ b/modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 20 + CachedSize = 35 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_nodejs.rb b/modules/payloads/singles/cmd/unix/reverse_nodejs.rb index cf50ea5057..1d3dd09b0f 100644 --- a/modules/payloads/singles/cmd/unix/reverse_nodejs.rb +++ b/modules/payloads/singles/cmd/unix/reverse_nodejs.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 1911 + CachedSize = 1971 include Msf::Payload::Single include Msf::Payload::NodeJS diff --git a/modules/payloads/singles/cmd/unix/reverse_openssl.rb b/modules/payloads/singles/cmd/unix/reverse_openssl.rb index 30f5ed8241..d89af6ad67 100644 --- a/modules/payloads/singles/cmd/unix/reverse_openssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_openssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 152 + CachedSize = 182 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_perl.rb b/modules/payloads/singles/cmd/unix/reverse_perl.rb index b3eb2133dd..0aafd22aba 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 219 + CachedSize = 234 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb index ce969a1e4a..8e134bd9de 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 129 + CachedSize = 144 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb index cdf9dedfe6..08a8f93942 100644 --- a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 117 + CachedSize = 132 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb index fa9db69b3d..b1ab1b26f4 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 567 + CachedSize = 587 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby.rb b/modules/payloads/singles/cmd/unix/reverse_ruby.rb index f29140422c..502efcbb0c 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 118 + CachedSize = 133 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb index 9a28b0724b..009d0f00aa 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 170 + CachedSize = 185 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb index e6b90cccc7..bdf31d2045 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 106 + CachedSize = 136 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/unix/reverse_zsh.rb b/modules/payloads/singles/cmd/unix/reverse_zsh.rb index c0c9101163..9127052406 100644 --- a/modules/payloads/singles/cmd/unix/reverse_zsh.rb +++ b/modules/payloads/singles/cmd/unix/reverse_zsh.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 95 + CachedSize = 110 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/adduser.rb b/modules/payloads/singles/cmd/windows/adduser.rb index 0c7c09b23a..3a74d57100 100644 --- a/modules/payloads/singles/cmd/windows/adduser.rb +++ b/modules/payloads/singles/cmd/windows/adduser.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 258 + CachedSize = 97 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/generic.rb b/modules/payloads/singles/cmd/windows/generic.rb index 0b8a394f30..047dc0bfc4 100644 --- a/modules/payloads/singles/cmd/windows/generic.rb +++ b/modules/payloads/singles/cmd/windows/generic.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 0 + CachedSize = 8 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb index 0bd2d0d1b5..b33a5a6741 100644 --- a/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb +++ b/modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb @@ -11,7 +11,7 @@ require 'msf/core/handler/bind_tcp' module Metasploit3 - CachedSize = 1510 + CachedSize = 1518 include Msf::Payload::Single include Rex::Powershell::Command diff --git a/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb index 0e6d28cff5..5174312512 100644 --- a/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb @@ -11,7 +11,7 @@ require 'msf/core/handler/reverse_tcp_ssl' module Metasploit3 - CachedSize = 1518 + CachedSize = 1526 include Msf::Payload::Single include Rex::Powershell::Command diff --git a/modules/payloads/singles/cmd/windows/reverse_lua.rb b/modules/payloads/singles/cmd/windows/reverse_lua.rb index dc52854ffc..fbe52645ad 100644 --- a/modules/payloads/singles/cmd/windows/reverse_lua.rb +++ b/modules/payloads/singles/cmd/windows/reverse_lua.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 209 + CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/reverse_perl.rb b/modules/payloads/singles/cmd/windows/reverse_perl.rb index b5572c3bc6..ff007384f0 100644 --- a/modules/payloads/singles/cmd/windows/reverse_perl.rb +++ b/modules/payloads/singles/cmd/windows/reverse_perl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 133 + CachedSize = 148 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/reverse_powershell.rb b/modules/payloads/singles/cmd/windows/reverse_powershell.rb index bf998753f7..510f4b5df5 100644 --- a/modules/payloads/singles/cmd/windows/reverse_powershell.rb +++ b/modules/payloads/singles/cmd/windows/reverse_powershell.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 1189 + CachedSize = 1204 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/cmd/windows/reverse_ruby.rb b/modules/payloads/singles/cmd/windows/reverse_ruby.rb index 5b0f4d8f2b..fa61454995 100644 --- a/modules/payloads/singles/cmd/windows/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/windows/reverse_ruby.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 111 + CachedSize = 126 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/firefox/exec.rb b/modules/payloads/singles/firefox/exec.rb index 436deb5031..9f3dcbc1d5 100644 --- a/modules/payloads/singles/firefox/exec.rb +++ b/modules/payloads/singles/firefox/exec.rb @@ -7,7 +7,7 @@ require 'msf/core' module Metasploit3 - CachedSize = :dynamic + CachedSize = 1019 include Msf::Payload::Single include Msf::Payload::Firefox diff --git a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb index f45d8acbf8..e5201b9a61 100644 --- a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 0 + CachedSize = 1501 include Msf::Payload::Single include Msf::Payload::JSP diff --git a/modules/payloads/singles/java/shell_reverse_tcp.rb b/modules/payloads/singles/java/shell_reverse_tcp.rb index ca47412e51..183aadcd71 100644 --- a/modules/payloads/singles/java/shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/shell_reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 7748 + CachedSize = 7761 include Msf::Payload::Single include Msf::Payload::Java diff --git a/modules/payloads/singles/linux/armle/exec.rb b/modules/payloads/singles/linux/armle/exec.rb index 0b3bd3c7ba..88c3f9e5b9 100644 --- a/modules/payloads/singles/linux/armle/exec.rb +++ b/modules/payloads/singles/linux/armle/exec.rb @@ -15,7 +15,7 @@ require 'msf/core' ### module Metasploit3 - CachedSize = 22 + CachedSize = 29 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/mipsbe/exec.rb b/modules/payloads/singles/linux/mipsbe/exec.rb index fabc01f2e8..0d7f26d720 100644 --- a/modules/payloads/singles/linux/mipsbe/exec.rb +++ b/modules/payloads/singles/linux/mipsbe/exec.rb @@ -7,7 +7,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 48 + CachedSize = 52 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb index 141d9e37d3..36692d22dc 100644 --- a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 0 + CachedSize = 184 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/mipsle/exec.rb b/modules/payloads/singles/linux/mipsle/exec.rb index 4fc68ab0aa..a2b1440a21 100644 --- a/modules/payloads/singles/linux/mipsle/exec.rb +++ b/modules/payloads/singles/linux/mipsle/exec.rb @@ -7,7 +7,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 48 + CachedSize = 52 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb index 2ed64a33c6..6d240561fa 100644 --- a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 0 + CachedSize = 184 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/x64/exec.rb b/modules/payloads/singles/linux/x64/exec.rb index 430527ecf7..69630f74bf 100644 --- a/modules/payloads/singles/linux/x64/exec.rb +++ b/modules/payloads/singles/linux/x64/exec.rb @@ -8,7 +8,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 40 + CachedSize = 47 include Msf::Payload::Single include Msf::Payload::Linux @@ -29,7 +29,7 @@ module Metasploit3 end def generate_stage(opts={}) - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" call = "\xe8" + [cmd.length].pack('V') payload = "\x6a\x3b" + # pushq $0x3b diff --git a/modules/payloads/singles/linux/x86/exec.rb b/modules/payloads/singles/linux/x86/exec.rb index dcb8d3ce25..d81ac237ad 100644 --- a/modules/payloads/singles/linux/x86/exec.rb +++ b/modules/payloads/singles/linux/x86/exec.rb @@ -15,7 +15,7 @@ require 'msf/core' ### module Metasploit3 - CachedSize = 36 + CachedSize = 43 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/x86/read_file.rb b/modules/payloads/singles/linux/x86/read_file.rb index 1a6ce1819b..6d9a0a9b89 100644 --- a/modules/payloads/singles/linux/x86/read_file.rb +++ b/modules/payloads/singles/linux/x86/read_file.rb @@ -7,7 +7,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 62 + CachedSize = 63 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb b/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb index 5a41ddfae5..d31c4ccc7c 100644 --- a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb +++ b/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 103 + CachedSize = 70 include Msf::Payload::Single include Msf::Payload::Linux diff --git a/modules/payloads/singles/nodejs/shell_reverse_tcp.rb b/modules/payloads/singles/nodejs/shell_reverse_tcp.rb index 18fc91ca73..b7cf44698d 100644 --- a/modules/payloads/singles/nodejs/shell_reverse_tcp.rb +++ b/modules/payloads/singles/nodejs/shell_reverse_tcp.rb @@ -14,7 +14,7 @@ require 'msf/base/sessions/command_shell' module Metasploit3 - CachedSize = 473 + CachedSize = 488 include Msf::Payload::Single include Msf::Payload::NodeJS diff --git a/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb index bd0c7e907d..140ccdfa85 100644 --- a/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/nodejs/shell_reverse_tcp_ssl.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 501 + CachedSize = 516 include Msf::Payload::Single include Msf::Payload::NodeJS diff --git a/modules/payloads/singles/osx/x64/exec.rb b/modules/payloads/singles/osx/x64/exec.rb index 10610e01e1..126b9b4433 100644 --- a/modules/payloads/singles/osx/x64/exec.rb +++ b/modules/payloads/singles/osx/x64/exec.rb @@ -8,7 +8,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 23 + CachedSize = 31 include Msf::Payload::Single diff --git a/modules/payloads/singles/osx/x64/shell_bind_tcp.rb b/modules/payloads/singles/osx/x64/shell_bind_tcp.rb index 39c243a804..246bbcc2b2 100644 --- a/modules/payloads/singles/osx/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x64/shell_bind_tcp.rb @@ -37,7 +37,7 @@ module Metasploit3 # build the shellcode payload dynamically based on the user-provided CMD def generate - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" port = [datastore['LPORT'].to_i].pack('n') call = "\xe8" + [cmd.length].pack('V') payload = diff --git a/modules/payloads/singles/osx/x64/shell_find_tag.rb b/modules/payloads/singles/osx/x64/shell_find_tag.rb index cea9453ba5..e10354938a 100644 --- a/modules/payloads/singles/osx/x64/shell_find_tag.rb +++ b/modules/payloads/singles/osx/x64/shell_find_tag.rb @@ -40,7 +40,7 @@ module Metasploit3 # ensures the setting of tag to a four byte value # def generate - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" call = "\xe8" + [cmd.length].pack('V') payload = diff --git a/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb b/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb index 2326540c1c..13e4586d5b 100644 --- a/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb @@ -45,7 +45,7 @@ module Metasploit3 raise ArgumentError, "LHOST must be in IPv4 format." end - cmd = (datastore['CMD'] || '') << "\x00" + cmd = (datastore['CMD'] || '') + "\x00" port = [datastore['LPORT'].to_i].pack('n') ipaddr = [lhost.split('.').inject(0) {|t,v| (t << 8 ) + v.to_i}].pack("N") diff --git a/modules/payloads/singles/osx/x86/exec.rb b/modules/payloads/singles/osx/x86/exec.rb index 7756c8f420..688f654fb0 100644 --- a/modules/payloads/singles/osx/x86/exec.rb +++ b/modules/payloads/singles/osx/x86/exec.rb @@ -16,7 +16,7 @@ require 'msf/core' ### module Metasploit3 - CachedSize = 16 + CachedSize = 24 include Msf::Payload::Single include Msf::Payload::Bsd::X86 diff --git a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb index b7b94c4cc3..1a1c56d38b 100644 --- a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb @@ -12,7 +12,7 @@ require 'msf/base/sessions/meterpreter_options' module Metasploit4 - CachedSize = 25679 + CachedSize = 25685 include Msf::Payload::Single include Msf::Payload::Php::ReverseTcp diff --git a/modules/payloads/singles/python/shell_reverse_tcp.rb b/modules/payloads/singles/python/shell_reverse_tcp.rb index d0da258362..2a7ceb923f 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 381 + CachedSize = 401 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb index e450654e55..c3e6eb0765 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 537 + CachedSize = 557 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions diff --git a/modules/payloads/singles/ruby/shell_reverse_tcp.rb b/modules/payloads/singles/ruby/shell_reverse_tcp.rb index 723ee36cbc..72db7766bd 100644 --- a/modules/payloads/singles/ruby/shell_reverse_tcp.rb +++ b/modules/payloads/singles/ruby/shell_reverse_tcp.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 496 + CachedSize = 516 include Msf::Payload::Single include Msf::Payload::Ruby diff --git a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb index 5801918b6c..0f16cba516 100644 --- a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 424 + CachedSize = 444 include Msf::Payload::Single include Msf::Payload::Ruby diff --git a/modules/payloads/singles/solaris/sparc/shell_find_port.rb b/modules/payloads/singles/solaris/sparc/shell_find_port.rb index 66c045ca31..6027131f48 100644 --- a/modules/payloads/singles/solaris/sparc/shell_find_port.rb +++ b/modules/payloads/singles/solaris/sparc/shell_find_port.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = :dynamic + CachedSize = 136 include Msf::Payload::Single include Msf::Payload::Solaris diff --git a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb index b131313de5..f90d730769 100644 --- a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 160 + CachedSize = 95 include Msf::Payload::Single include Msf::Payload::Solaris diff --git a/modules/payloads/singles/solaris/x86/shell_find_port.rb b/modules/payloads/singles/solaris/x86/shell_find_port.rb index 47685dc019..63f6835cfc 100644 --- a/modules/payloads/singles/solaris/x86/shell_find_port.rb +++ b/modules/payloads/singles/solaris/x86/shell_find_port.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 151 + CachedSize = 86 include Msf::Payload::Single include Msf::Payload::Solaris diff --git a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb index e30f986522..8263e301da 100644 --- a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 156 + CachedSize = 91 include Msf::Payload::Single include Msf::Payload::Solaris diff --git a/modules/payloads/singles/windows/adduser.rb b/modules/payloads/singles/windows/adduser.rb index bac5858201..ce3d1fd43c 100644 --- a/modules/payloads/singles/windows/adduser.rb +++ b/modules/payloads/singles/windows/adduser.rb @@ -15,7 +15,7 @@ require 'msf/core/payload/windows/exec' ### module Metasploit3 - CachedSize = 443 + CachedSize = 282 include Msf::Payload::Windows::Exec diff --git a/modules/payloads/singles/windows/dns_txt_query_exec.rb b/modules/payloads/singles/windows/dns_txt_query_exec.rb index db3d09cffb..dcb1415381 100644 --- a/modules/payloads/singles/windows/dns_txt_query_exec.rb +++ b/modules/payloads/singles/windows/dns_txt_query_exec.rb @@ -7,7 +7,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 275 + CachedSize = 285 include Msf::Payload::Windows include Msf::Payload::Single diff --git a/modules/payloads/singles/windows/download_exec.rb b/modules/payloads/singles/windows/download_exec.rb index d161b4384f..3ecde4535b 100644 --- a/modules/payloads/singles/windows/download_exec.rb +++ b/modules/payloads/singles/windows/download_exec.rb @@ -8,7 +8,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 439 + CachedSize = 423 include Msf::Payload::Windows include Msf::Payload::Single diff --git a/modules/payloads/singles/windows/exec.rb b/modules/payloads/singles/windows/exec.rb index 1e88f03eb3..436c0c3dfe 100644 --- a/modules/payloads/singles/windows/exec.rb +++ b/modules/payloads/singles/windows/exec.rb @@ -13,7 +13,7 @@ require 'msf/core/payload/windows/exec' ### module Metasploit3 - CachedSize = 185 + CachedSize = 192 include Msf::Payload::Windows::Exec diff --git a/modules/payloads/singles/windows/loadlibrary.rb b/modules/payloads/singles/windows/loadlibrary.rb index efcf3c1b11..e0072623c0 100644 --- a/modules/payloads/singles/windows/loadlibrary.rb +++ b/modules/payloads/singles/windows/loadlibrary.rb @@ -13,7 +13,7 @@ require 'msf/core/payload/windows/loadlibrary' ### module Metasploit3 - CachedSize = 183 + CachedSize = 230 include Msf::Payload::Windows::LoadLibrary diff --git a/modules/payloads/singles/windows/powershell_bind_tcp.rb b/modules/payloads/singles/windows/powershell_bind_tcp.rb index 1042da2ee2..95ef7b26c2 100644 --- a/modules/payloads/singles/windows/powershell_bind_tcp.rb +++ b/modules/payloads/singles/windows/powershell_bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' ### module Metasploit3 - CachedSize = 1695 + CachedSize = 1703 include Msf::Payload::Windows::Exec include Rex::Powershell::Command diff --git a/modules/payloads/singles/windows/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/powershell_reverse_tcp.rb index 20d069518b..487c0d8d35 100644 --- a/modules/payloads/singles/windows/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/powershell_reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp_ssl' ### module Metasploit3 - CachedSize = 1703 + CachedSize = 1711 include Msf::Payload::Windows::Exec include Msf::Payload::Windows::Powershell diff --git a/modules/payloads/singles/windows/x64/exec.rb b/modules/payloads/singles/windows/x64/exec.rb index 547ca5cfe4..92455a5b9b 100644 --- a/modules/payloads/singles/windows/x64/exec.rb +++ b/modules/payloads/singles/windows/x64/exec.rb @@ -9,7 +9,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 268 + CachedSize = 275 include Msf::Payload::Windows include Msf::Payload::Single diff --git a/modules/payloads/singles/windows/x64/loadlibrary.rb b/modules/payloads/singles/windows/x64/loadlibrary.rb index 2c95b8ee61..f8ee8f6823 100644 --- a/modules/payloads/singles/windows/x64/loadlibrary.rb +++ b/modules/payloads/singles/windows/x64/loadlibrary.rb @@ -9,7 +9,7 @@ require 'msf/core' module Metasploit3 - CachedSize = 267 + CachedSize = 314 include Msf::Payload::Windows include Msf::Payload::Single diff --git a/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb b/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb index 065b8f5685..7b16dad82d 100644 --- a/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/powershell_bind_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/bind_tcp' ### module Metasploit3 - CachedSize = 1778 + CachedSize = 1786 include Msf::Payload::Windows::Exec_x64 include Rex::Powershell::Command diff --git a/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb index 4db849cd89..524d876cdc 100644 --- a/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/powershell_reverse_tcp.rb @@ -16,7 +16,7 @@ require 'msf/core/handler/reverse_tcp_ssl' ### module Metasploit3 - CachedSize = 1786 + CachedSize = 1794 include Msf::Payload::Windows::Exec_x64 include Msf::Payload::Windows::Powershell diff --git a/modules/payloads/stagers/java/reverse_http.rb b/modules/payloads/stagers/java/reverse_http.rb index 8a96ea2837..5871e573df 100644 --- a/modules/payloads/stagers/java/reverse_http.rb +++ b/modules/payloads/stagers/java/reverse_http.rb @@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_http' module Metasploit3 - CachedSize = 5499 + CachedSize = 5505 include Msf::Payload::Stager include Msf::Payload::Java diff --git a/modules/payloads/stagers/java/reverse_https.rb b/modules/payloads/stagers/java/reverse_https.rb index 4318ad3f42..2a95173ce7 100644 --- a/modules/payloads/stagers/java/reverse_https.rb +++ b/modules/payloads/stagers/java/reverse_https.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/uuid/options' module Metasploit3 - CachedSize = 6307 + CachedSize = 6313 include Msf::Payload::Stager include Msf::Payload::Java diff --git a/modules/payloads/stagers/java/reverse_tcp.rb b/modules/payloads/stagers/java/reverse_tcp.rb index 514f8b35aa..5e6284c129 100644 --- a/modules/payloads/stagers/java/reverse_tcp.rb +++ b/modules/payloads/stagers/java/reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit3 - CachedSize = 5487 + CachedSize = 5500 include Msf::Payload::Stager include Msf::Payload::Java diff --git a/modules/payloads/stagers/linux/x86/reverse_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_tcp.rb index 6e6d4b611b..6127486d9c 100644 --- a/modules/payloads/stagers/linux/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_tcp.rb @@ -10,7 +10,7 @@ require 'msf/core/payload/linux/reverse_tcp' module Metasploit4 - CachedSize = 193 + CachedSize = 71 include Msf::Payload::Stager include Msf::Payload::Linux::ReverseTcp diff --git a/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb b/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb index fa08274121..3f0d438f87 100644 --- a/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/linux/x86/reverse_tcp_uuid.rb @@ -10,7 +10,7 @@ require 'msf/core/payload/linux/reverse_tcp' module Metasploit4 - CachedSize = 236 + CachedSize = 114 include Msf::Payload::Stager include Msf::Payload::Linux::ReverseTcp diff --git a/modules/payloads/stagers/netware/reverse_tcp.rb b/modules/payloads/stagers/netware/reverse_tcp.rb index 79c4acae90..43a6199879 100644 --- a/modules/payloads/stagers/netware/reverse_tcp.rb +++ b/modules/payloads/stagers/netware/reverse_tcp.rb @@ -11,7 +11,7 @@ require 'msf/core/handler/reverse_tcp' module Metasploit3 - CachedSize = 279 + CachedSize = 281 include Msf::Payload::Stager include Msf::Payload::Netware diff --git a/modules/payloads/stagers/php/reverse_tcp.rb b/modules/payloads/stagers/php/reverse_tcp.rb index 4fcafa11df..9768010ca5 100644 --- a/modules/payloads/stagers/php/reverse_tcp.rb +++ b/modules/payloads/stagers/php/reverse_tcp.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/php/reverse_tcp' module Metasploit4 - CachedSize = 936 + CachedSize = 951 include Msf::Payload::Stager include Msf::Payload::Php::ReverseTcp diff --git a/modules/payloads/stagers/php/reverse_tcp_uuid.rb b/modules/payloads/stagers/php/reverse_tcp_uuid.rb index 86c152d0d4..e99e44664a 100644 --- a/modules/payloads/stagers/php/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/php/reverse_tcp_uuid.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/php/reverse_tcp' module Metasploit4 - CachedSize = 1110 + CachedSize = 1125 include Msf::Payload::Stager include Msf::Payload::Php::ReverseTcp diff --git a/modules/payloads/stagers/python/reverse_tcp.rb b/modules/payloads/stagers/python/reverse_tcp.rb index 75b1a00929..7350a20022 100644 --- a/modules/payloads/stagers/python/reverse_tcp.rb +++ b/modules/payloads/stagers/python/reverse_tcp.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit4 - CachedSize = 342 + CachedSize = 362 include Msf::Payload::Stager include Msf::Payload::Python::ReverseTcp diff --git a/modules/payloads/stagers/python/reverse_tcp_uuid.rb b/modules/payloads/stagers/python/reverse_tcp_uuid.rb index ebb0a1d9d5..80b038fdc4 100644 --- a/modules/payloads/stagers/python/reverse_tcp_uuid.rb +++ b/modules/payloads/stagers/python/reverse_tcp_uuid.rb @@ -11,7 +11,7 @@ require 'msf/base/sessions/command_shell_options' module Metasploit4 - CachedSize = 446 + CachedSize = 466 include Msf::Payload::Stager include Msf::Payload::Python diff --git a/modules/payloads/stagers/windows/reverse_http.rb b/modules/payloads/stagers/windows/reverse_http.rb index 06d5de4f3e..572d1c282d 100644 --- a/modules/payloads/stagers/windows/reverse_http.rb +++ b/modules/payloads/stagers/windows/reverse_http.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/windows/reverse_http' module Metasploit4 - CachedSize = 312 + CachedSize = 327 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb b/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb index 3ba25412bf..d6f375b31a 100644 --- a/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb +++ b/modules/payloads/stagers/windows/reverse_http_proxy_pstore.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/uuid/options' module Metasploit3 - CachedSize = 650 + CachedSize = 665 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/modules/payloads/stagers/windows/reverse_https.rb b/modules/payloads/stagers/windows/reverse_https.rb index 879777dbaf..0b35881fd0 100644 --- a/modules/payloads/stagers/windows/reverse_https.rb +++ b/modules/payloads/stagers/windows/reverse_https.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/windows/reverse_https' module Metasploit4 - CachedSize = 332 + CachedSize = 347 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/modules/payloads/stagers/windows/reverse_https_proxy.rb b/modules/payloads/stagers/windows/reverse_https_proxy.rb index 500506525a..f9a1e0dbf2 100644 --- a/modules/payloads/stagers/windows/reverse_https_proxy.rb +++ b/modules/payloads/stagers/windows/reverse_https_proxy.rb @@ -10,7 +10,7 @@ require 'msf/core/handler/reverse_https_proxy' module Metasploit3 - CachedSize = 391 + CachedSize = 397 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/modules/payloads/stagers/windows/x64/reverse_http.rb b/modules/payloads/stagers/windows/x64/reverse_http.rb index 8b15646f81..4ae5af6697 100644 --- a/modules/payloads/stagers/windows/x64/reverse_http.rb +++ b/modules/payloads/stagers/windows/x64/reverse_http.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/windows/x64/reverse_http' module Metasploit4 - CachedSize = 486 + CachedSize = 501 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/modules/payloads/stagers/windows/x64/reverse_https.rb b/modules/payloads/stagers/windows/x64/reverse_https.rb index 08117499f4..8e5a2fc1f5 100644 --- a/modules/payloads/stagers/windows/x64/reverse_https.rb +++ b/modules/payloads/stagers/windows/x64/reverse_https.rb @@ -9,7 +9,7 @@ require 'msf/core/payload/windows/x64/reverse_https' module Metasploit4 - CachedSize = 517 + CachedSize = 532 include Msf::Payload::Stager include Msf::Payload::Windows diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb index 50b07c1c36..553606f01d 100644 --- a/spec/modules/payloads_spec.rb +++ b/spec/modules/payloads_spec.rb @@ -863,7 +863,7 @@ describe 'modules/payloads', :content do ancestor_reference_names: [ 'singles/firefox/exec' ], - dynamic_size: true, + dynamic_size: false, modules_pathname: modules_pathname, reference_name: 'firefox/exec' end @@ -2320,7 +2320,7 @@ describe 'modules/payloads', :content do ancestor_reference_names: [ 'singles/solaris/sparc/shell_find_port' ], - dynamic_size: true, + dynamic_size: false, modules_pathname: modules_pathname, reference_name: 'solaris/sparc/shell_find_port' end @@ -3886,7 +3886,7 @@ describe 'modules/payloads', :content do modules_pathname: modules_pathname, reference_name: 'windows/x64/powershell_reverse_tcp' end - + context 'windows/x64/shell/bind_tcp' do it_should_behave_like 'payload cached size is consistent', ancestor_reference_names: [ diff --git a/spec/support/shared/examples/payload_cached_size_is_consistent.rb b/spec/support/shared/examples/payload_cached_size_is_consistent.rb index e325e038da..0a687994e8 100644 --- a/spec/support/shared/examples/payload_cached_size_is_consistent.rb +++ b/spec/support/shared/examples/payload_cached_size_is_consistent.rb @@ -70,6 +70,7 @@ # `:ancestor_reference_names`. # @return [void] shared_examples_for 'payload cached size is consistent' do |options| + options.assert_valid_keys(:ancestor_reference_names, :modules_pathname, :reference_name, :dynamic_size) ancestor_reference_names = options.fetch(:ancestor_reference_names) @@ -85,6 +86,30 @@ shared_examples_for 'payload cached size is consistent' do |options| include_context 'Msf::Simple::Framework#modules loading' + datastore = { + } + + opts = { + 'Format' => 'raw', + 'Options' => { + 'CPORT' => 4444, + 'LPORT' => 4444, + 'LHOST' => '255.255.255.255', + 'KHOST' => '255.255.255.255', + 'AHOST' => '255.255.255.255', + 'CMD' => '/bin/sh', + 'URL' => 'http://a.com', + 'PATH' => '/', + 'BUNDLE' => 'data/isight.bundle', + 'DLL' => 'external/source/byakugan/bin/XPSP2/detoured.dll', + 'RC4PASSWORD' => 'Metasploit', + 'DNSZONE' => 'corelan.eu', + 'PEXEC' => '/bin/sh' + }, + 'Encoder' => nil, + 'DisableNops' => true + } + # # lets # @@ -111,6 +136,8 @@ shared_examples_for 'payload cached size is consistent' do |options| ) end + next if reference_name =~ /generic/ + if dynamic_size it 'is dynamic_size?' do pinst = load_and_create_module( @@ -132,7 +159,7 @@ shared_examples_for 'payload cached size is consistent' do |options| ) expect(pinst.cached_size).to_not(be_nil) expect(pinst.dynamic_size?).to be(false) - expect(pinst.cached_size).to eq(pinst.size) + expect(pinst.cached_size).to eq(pinst.generate_simple(opts).size) end end end diff --git a/tools/update_payload_cached_sizes.rb b/tools/update_payload_cached_sizes.rb index 950d519669..1a9d97acaa 100755 --- a/tools/update_payload_cached_sizes.rb +++ b/tools/update_payload_cached_sizes.rb @@ -22,8 +22,11 @@ require 'msf/util/payload_cached_size' framework = Msf::Simple::Framework.create('DisableDatabase' => true) framework.payloads.each_module do |name, mod| - next if Msf::Util::PayloadCachedSize.is_cached_size_accurate?(mod) + next if name =~ /generic/ + mod_inst = framework.payloads.create(name) + #mod_inst.datastore.merge!(framework.datastore) + next if Msf::Util::PayloadCachedSize.is_cached_size_accurate?(mod_inst) $stdout.puts "[*] Updating the CacheSize for #{mod.file_path}..." - Msf::Util::PayloadCachedSize.update_module_cached_size(mod) + Msf::Util::PayloadCachedSize.update_module_cached_size(mod_inst) end From f25a5da46f11e27aaacc8655015fc3f0568e78d5 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Fri, 14 Aug 2015 12:37:49 -0500 Subject: [PATCH 2/2] Do Minor fixes --- lib/msf/util/payload_cached_size.rb | 8 ++++---- .../shared/examples/payload_cached_size_is_consistent.rb | 3 --- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/msf/util/payload_cached_size.rb b/lib/msf/util/payload_cached_size.rb index e299739664..0063b51ea1 100644 --- a/lib/msf/util/payload_cached_size.rb +++ b/lib/msf/util/payload_cached_size.rb @@ -14,7 +14,7 @@ module Util class PayloadCachedSize - @opts = { + OPTS = { 'Format' => 'raw', 'Options' => { 'CPORT' => 4444, @@ -81,7 +81,7 @@ class PayloadCachedSize # @return [Fixnum] def self.compute_cached_size(mod) return ":dynamic" if is_dynamic?(mod) - return mod.generate_simple(@opts).size + return mod.generate_simple(OPTS).size end # Determines whether a payload generates a static sized output @@ -92,7 +92,7 @@ class PayloadCachedSize # @return [Fixnum] def self.is_dynamic?(mod, generation_count=5) [*(1..generation_count)].map{|x| - mod.generate_simple(@opts).size}.uniq.length != 1 + mod.generate_simple(OPTS).size}.uniq.length != 1 end # Determines whether a payload's CachedSize is up to date @@ -102,7 +102,7 @@ class PayloadCachedSize def self.is_cached_size_accurate?(mod) return true if mod.dynamic_size? && is_dynamic?(mod) return false if mod.cached_size.nil? - mod.cached_size == mod.generate_simple(@opts).size + mod.cached_size == mod.generate_simple(OPTS).size end end diff --git a/spec/support/shared/examples/payload_cached_size_is_consistent.rb b/spec/support/shared/examples/payload_cached_size_is_consistent.rb index 0a687994e8..f1c02204e6 100644 --- a/spec/support/shared/examples/payload_cached_size_is_consistent.rb +++ b/spec/support/shared/examples/payload_cached_size_is_consistent.rb @@ -86,9 +86,6 @@ shared_examples_for 'payload cached size is consistent' do |options| include_context 'Msf::Simple::Framework#modules loading' - datastore = { - } - opts = { 'Format' => 'raw', 'Options' => {