Modify libs to support explib2

2014-03-28 10:44:52 -05:00 · 2014-03-28 10:44:52 -05:00 · da6a428bbf
parent b0bbe3f6a9
commit da6a428bbf
3 changed files with 28 additions and 3 deletions
--- a/lib/msf/core/exploit/http/server.rb
+++ b/lib/msf/core/exploit/http/server.rb
@ -826,6 +826,14 @@ protected
    @cache_heap_spray ||= Rex::Exploitation::Js::Memory.heap_spray
  end

+  def js_explib2
+    @explib2 ||= ::Rex::Exploitation::Js::Memory.explib2
+  end
+
+  def js_explib2_payload(payload="exec")
+    @explib2_payload ||= ::Rex::Exploitation::Js::Memory.explib2_payload(payload)
+  end
+
  def js_os_detect
    @cache_os_detect ||= ::Rex::Exploitation::Js::Detect.os
  end
--- a/lib/rex/exploitation/js/memory.rb
+++ b/lib/rex/exploitation/js/memory.rb
@ -58,6 +58,23 @@ class Memory
      }).obfuscate
  end

+  def self.explib2
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "lib", "explib2.js"))
+
+    js
+  end
+
+  def self.explib2_payload(payload="exec")
+    case payload
+    when "drop_exec"
+      js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "payload", "drop_exec.js"))
+    else # "exec"
+      js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "payload", "exec.js"))
+    end
+
+    js
+  end
+
 end
 end
 end
--- a/lib/rex/text.rb
+++ b/lib/rex/text.rb
@ -429,7 +429,7 @@ module Text
  #
  # Returns a unicode escaped string for Javascript
  #
-  def self.to_unescape(data, endian=ENDIAN_LITTLE)
+  def self.to_unescape(data, endian=ENDIAN_LITTLE, prefix='%%u')
    data << "\x41" if (data.length % 2 != 0)
    dptr = 0
    buff = ''
@ -440,9 +440,9 @@ module Text
      dptr += 1

      if (endian == ENDIAN_LITTLE)
-        buff << sprintf('%%u%.2x%.2x', c2, c1)
+        buff << sprintf("#{prefix}%.2x%.2x", c2, c1)
      else
-        buff << sprintf('%%u%.2x%.2x', c1, c2)
+        buff << sprintf("#{prefix}%.2x%.2x", c1, c2)
      end
    end
    return buff