infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

style compliance fixes 

git-svn-id: file:///home/svn/framework3/trunk@9460 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-06-09 18:41:58 +00:00
parent 816a149e2d
commit d8609b85e3
7 changed files with 144 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
modules/encoders/x86/context_cpuid.rb
View File

@ -1,3 +1,7 @@
##
# $Id$
##
## ##
# This file is part of the Metasploit Framework and may be subject to # This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit # redistribution and commercial restrictions. Please see the Metasploit
@ -32,18 +36,18 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
}) })
register_options( register_options(
[ [
OptString.new('CPUID_KEY', OptString.new('CPUID_KEY',
[ true, [ true,
"CPUID key from target host (see tools/context/cpuid-key utility)", "CPUID key from target host (see tools/context/cpuid-key utility)",
"0x00000000"]), "0x00000000"]),
], self.class) ], self.class)
end end
def obtain_key(buf, badchars, state) def obtain_key(buf, badchars, state)
state.key = datastore['CPUID_KEY'].hex state.key = datastore['CPUID_KEY'].hex
return state.key return state.key
end end
# #
# Generates the shikata decoder stub. # Generates the shikata decoder stub.
@ -73,22 +77,23 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
protected protected
def keygen_stub def keygen_stub
payload = payload =
"\x31\xf6" + # xor %esi,%esi "\x31\xf6" + # xor %esi,%esi
"\x31\xff" + # xor %edi,%edi "\x31\xff" + # xor %edi,%edi
"\x89\xf8" + # cpuid_loop: mov %edi,%eax "\x89\xf8" + # cpuid_loop: mov %edi,%eax
"\x31\xc9" + # xor %ecx,%ecx "\x31\xc9" + # xor %ecx,%ecx
"\x0f\xa2" + # cpuid "\x0f\xa2" + # cpuid
"\x31\xc6" + # xor %eax,%esi "\x31\xc6" + # xor %eax,%esi
"\x39\xf0" + # cmp %esi,%eax "\x39\xf0" + # cmp %esi,%eax
"\x75\x03" + # jne not_first_time "\x75\x03" + # jne not_first_time
"\x8d\x78\x01" + # lea 0x1(%eax,1),%edi "\x8d\x78\x01" + # lea 0x1(%eax,1),%edi
"\x31\xde" + # not_first_time: xor %ebx,%esi "\x31\xde" + # not_first_time: xor %ebx,%esi
"\x31\xce" + # xor %ecx,%esi "\x31\xce" + # xor %ecx,%esi
"\x31\xd6" + # xor %edx,%esi "\x31\xd6" + # xor %edx,%esi
"\x83\xef\x01" + # sub $0x1,%edi "\x83\xef\x01" + # sub $0x1,%edi
"\x75\xe6" + # jne cpuid_loop "\x75\xe6" + # jne cpuid_loop
"\x89\xf0" # mov %esi,%eax "\x89\xf0" # mov %esi,%eax
end end
# #
# Returns the set of FPU instructions that can be used for the FPU block of # Returns the set of FPU instructions that can be used for the FPU block of
# the decoder stub. # the decoder stub.
@ -130,8 +135,7 @@ protected
# FPU blocks # FPU blocks
fpu = Rex::Poly::LogicalBlock.new('fpu', fpu = Rex::Poly::LogicalBlock.new('fpu',
*fpu_instructions) *fpu_instructions)
fnstenv = Rex::Poly::LogicalBlock.new('fnstenv', fnstenv = Rex::Poly::LogicalBlock.new('fnstenv', "\xd9\x74\x24\xf4")
"\xd9\x74\x24\xf4")
# Get EIP off the stack # Get EIP off the stack
popeip = Rex::Poly::LogicalBlock.new('popeip', popeip = Rex::Poly::LogicalBlock.new('popeip',

55
modules/encoders/x86/context_stat.rb
View File

@ -1,3 +1,7 @@
##
# $Id$
##
## ##
# This file is part of the Metasploit Framework and may be subject to # This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit # redistribution and commercial restrictions. Please see the Metasploit
@ -33,19 +37,19 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
}) })
register_options( register_options(
[ [
OptString.new('STAT_KEY', OptString.new('STAT_KEY',
[ true, [ true,
"STAT key from target host (see tools/context/stat-key utility)", "STAT key from target host (see tools/context/stat-key utility)",
"0x00000000"]), "0x00000000"]),
OptString.new('STAT_FILE', [ true, "name of file to stat(2)", "/bin/ls"]), OptString.new('STAT_FILE', [ true, "name of file to stat(2)", "/bin/ls"]),
], self.class) ], self.class)
end end
def obtain_key(buf, badchars, state) def obtain_key(buf, badchars, state)
state.key = datastore['STAT_KEY'].hex state.key = datastore['STAT_KEY'].hex
return state.key return state.key
end end
# #
# Generates the shikata decoder stub. # Generates the shikata decoder stub.
@ -78,22 +82,23 @@ protected
flen = fname.length flen = fname.length
payload = payload =
"\xd9\xee" + # fldz "\xd9\xee" + # fldz
"\xd9\x74\x24\xf4" + # fnstenv -0xc(%esp) "\xd9\x74\x24\xf4" + # fnstenv -0xc(%esp)
"\x5b" + # pop %ebx "\x5b" + # pop %ebx
Rex::Arch::X86.jmp_short(flen) + # jmp over Rex::Arch::X86.jmp_short(flen) + # jmp over
fname + # the filename fname + # the filename
"\x83\xc3\x09" + # over: add $9, %ebx "\x83\xc3\x09" + # over: add $9, %ebx
"\x8d\x53" + # lea filelen(%ebx), %edx "\x8d\x53" + # lea filelen(%ebx), %edx
Rex::Arch::X86.pack_lsb(flen) + # Rex::Arch::X86.pack_lsb(flen) + #
"\x31\xc0" + # xor %eax,%eax "\x31\xc0" + # xor %eax,%eax
"\x88\x02" + # mov %al,(%edx) "\x88\x02" + # mov %al,(%edx)
"\x8d\x4c\x24\xa8" + # lea -0x58(%esp),%ecx "\x8d\x4c\x24\xa8" + # lea -0x58(%esp),%ecx
"\xb0\xc3" + # mov $0xc3, %al "\xb0\xc3" + # mov $0xc3, %al
"\xcd\x80" + # int $0x80 "\xcd\x80" + # int $0x80
"\x8b\x41\x2c" + # mov 0x2c(%ecx),%eax "\x8b\x41\x2c" + # mov 0x2c(%ecx),%eax
"\x33\x41\x48" # xor 0x48(%ecx),%eax "\x33\x41\x48" # xor 0x48(%ecx),%eax
end end
# #
# Returns the set of FPU instructions that can be used for the FPU block of # Returns the set of FPU instructions that can be used for the FPU block of
# the decoder stub. # the decoder stub.
@ -133,10 +138,8 @@ protected
endb = Rex::Poly::SymbolicBlock::End.new endb = Rex::Poly::SymbolicBlock::End.new
# FPU blocks # FPU blocks
fpu = Rex::Poly::LogicalBlock.new('fpu', fpu = Rex::Poly::LogicalBlock.new('fpu', *fpu_instructions)
*fpu_instructions) fnstenv = Rex::Poly::LogicalBlock.new('fnstenv', "\xd9\x74\x24\xf4")
fnstenv = Rex::Poly::LogicalBlock.new('fnstenv',
"\xd9\x74\x24\xf4")
# Get EIP off the stack # Get EIP off the stack
popeip = Rex::Poly::LogicalBlock.new('popeip', popeip = Rex::Poly::LogicalBlock.new('popeip',

35
modules/encoders/x86/context_time.rb
View File

@ -1,3 +1,7 @@
##
# $Id$
##
## ##
# This file is part of the Metasploit Framework and may be subject to # This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit # redistribution and commercial restrictions. Please see the Metasploit
@ -18,7 +22,7 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
def initialize def initialize
super( super(
'Name' => 'time(2)-based Context Keyed Payload Encoder', 'Name' => 'time(2)-based Context Keyed Payload Encoder',
'Version' => '$Revision: 1$', 'Version' => '$Revision$',
'Description' => %q{ 'Description' => %q{
This is a Context-Keyed Payload Encoder based on time(2) This is a Context-Keyed Payload Encoder based on time(2)
and Shikata Ga Nai. and Shikata Ga Nai.
@ -33,18 +37,18 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
}) })
register_options( register_options(
[ [
OptString.new('TIME_KEY', OptString.new('TIME_KEY',
[ true, [ true,
"TIME key from target host (see tools/context/time-key utility)", "TIME key from target host (see tools/context/time-key utility)",
"0x00000000"]) "0x00000000"])
], self.class) ], self.class)
end end
def obtain_key(buf, badchars, state) def obtain_key(buf, badchars, state)
state.key = datastore['TIME_KEY'].hex state.key = datastore['TIME_KEY'].hex
return state.key return state.key
end end
# #
# Generates the shikata decoder stub. # Generates the shikata decoder stub.
@ -74,11 +78,12 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback
protected protected
def keygen_stub def keygen_stub
payload = payload =
"\x31\xdb" + # xor %ebx,%ebx "\x31\xdb" + # xor %ebx,%ebx
"\x8d\x43\x0d" + # lea 0xd(%ebx),%eax "\x8d\x43\x0d" + # lea 0xd(%ebx),%eax
"\xcd\x80" + # int $0x80 "\xcd\x80" + # int $0x80
"\x66\x31\xc0" # xor %ax,%ax "\x66\x31\xc0" # xor %ax,%ax
end end
# #
# Returns the set of FPU instructions that can be used for the FPU block of # Returns the set of FPU instructions that can be used for the FPU block of
# the decoder stub. # the decoder stub.
@ -118,10 +123,8 @@ protected
endb = Rex::Poly::SymbolicBlock::End.new endb = Rex::Poly::SymbolicBlock::End.new
# FPU blocks # FPU blocks
fpu = Rex::Poly::LogicalBlock.new('fpu', fpu = Rex::Poly::LogicalBlock.new('fpu', *fpu_instructions)
*fpu_instructions) fnstenv = Rex::Poly::LogicalBlock.new('fnstenv', "\xd9\x74\x24\xf4")
fnstenv = Rex::Poly::LogicalBlock.new('fnstenv',
"\xd9\x74\x24\xf4")
# Get EIP off the stack # Get EIP off the stack
popeip = Rex::Poly::LogicalBlock.new('popeip', popeip = Rex::Poly::LogicalBlock.new('popeip',

0
modules/exploits/osx/http/evocam_webserver.rb Executable file → Normal file
View File

5
plugins/editor.rb
View File

@ -1,3 +1,8 @@
#
# $Id$
# $Revision$
#
module Msf module Msf
### ###

3
plugins/wmap.rb Executable file → Normal file
View File

@ -2,6 +2,9 @@
# Web assessment for the metasploit framework # Web assessment for the metasploit framework
# Efrain Torres - et[ ] metasploit.com 2010 # Efrain Torres - et[ ] metasploit.com 2010
# #
# $Id$
# $Revision$
#
require 'rabal/tree' require 'rabal/tree'
require 'rexml/document' require 'rexml/document'