added support to msfpayload to use elf so payload target

2014-06-19 00:59:49 -05:00 · 2014-06-19 00:59:49 -05:00 · ccf967fdfe
parent 1c5cfeebb3
commit ccf967fdfe
3 changed files with 36 additions and 3 deletions
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@ -911,6 +911,12 @@ require 'msf/core/exe/segment_injector'
    return elf
  end

+  # Create a 64-bit Linux ELF_DYN containing the payload provided in +code+
+  def self.to_linux_x64_elf_dll(framework, code, opts={})
+    elf = to_exe_elf(framework, opts, "template_x64_linux_dll.bin", code)
+    return elf
+  end
+
  def self.to_linux_armle_elf(framework, code, opts={})
    elf = to_exe_elf(framework, opts, "template_armle_linux.bin", code)
    return elf
@ -1896,6 +1902,13 @@ require 'msf/core/exe/segment_injector'
          end
      end

+    when 'elf-so'
+      if (not plat or (plat.index(Msf::Module::Platform::Linux)))
+        output = case arch
+          when ARCH_X86_64  then to_linux_x64_elf_dll(framework, code, exeopts)
+          end
+      end
+
    when 'macho', 'osx-app'
      output = case arch
        when ARCH_X86,nil then to_osx_x86_macho(framework, code, exeopts)
@ -1949,6 +1962,7 @@ require 'msf/core/exe/segment_injector'
      "aspx-exe",
      "dll",
      "elf",
+      "elf-so",
      "exe",
      "exe-only",
      "exe-service",
--- a/24
+++ b/24
@ -30,7 +30,7 @@ $args = Rex::Parser::Arguments.new(
 #
 def usage
  $stderr.puts("\n" +
-    "    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>\n" +
+    "    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]|s[O]>\n" +
    $args.usage)
  exit
 end
@ -125,10 +125,10 @@ end

 payload.datastore.merge! options

-if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
+if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n|o)$/)
  fmt = 'perl' if (cmd =~ /^p$/)
  fmt = 'ruby' if (cmd =~ /^y$/)
-  fmt = 'raw' if (cmd =~ /^(r|x|d)$/)
+  fmt = 'raw' if (cmd =~ /^(r|x|d|o)$/)
  fmt = 'raw' if (cmd =~ /^v$/)
  fmt = 'c' if (cmd =~ /^c$/)
  fmt = 'csharp' if (cmd =~ /^h$/)
@ -208,6 +208,24 @@ if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
    exit(-1)
  end

+  if (cmd =~ /^o$/)
+    so = Msf::Util::EXE.to_linux_x64_elf_dll($framework, buf)
+    note =
+       "Created by msfpayload (http://www.metasploit.com).\r\n" +
+       "Payload: " + payload.refname + "\r\n" +
+       " Length: " + buf.length.to_s + "\r\n" +
+       "Options: " + options.inspect + "\r\n"
+
+    if(so)
+      $stderr.puts(note)
+      $stdout.write(so)
+      exit(0)
+    end
+
+    $stderr.puts "Failed to build dll"
+    exit(-1)
+  end
+
  if(cmd =~ /^w$/)
    note =
      "Created by msfpayload (http://www.metasploit.com).\n" +
--- a/spec/support/shared/contexts/msf/util/exe.rb
+++ b/spec/support/shared/contexts/msf/util/exe.rb
@ -48,6 +48,7 @@ shared_context 'Msf::Util::Exe' do
    "linux" => [
      { :format => "elf", :arch => "x86",    :file_fp => /ELF 32.*SYSV/ },
      { :format => "elf", :arch => "x64",    :file_fp => /ELF 64.*SYSV/ },
+      { :format => "elf-so", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },
      { :format => "elf", :arch => "armle",  :file_fp => /ELF 32.*ARM/ },
      { :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB executable, MIPS/ },
      { :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB executable, MIPS/ },