Modified how function to_linux_x64_elf() loads a template file
git-svn-id: file:///home/svn/framework3/trunk@13129 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
83cb04c0d6
commit
dfc7f39e1c
|
@ -568,33 +568,20 @@ require 'digest/sha1'
|
||||||
# Create a 64-bit Linux ELF containing the payload provided in +code+
|
# Create a 64-bit Linux ELF containing the payload provided in +code+
|
||||||
#
|
#
|
||||||
def self.to_linux_x64_elf(framework, code, opts={})
|
def self.to_linux_x64_elf(framework, code, opts={})
|
||||||
elf_header = ''
|
set_template_default(opts, "template_x64_linux.bin")
|
||||||
elf_header << "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" #ELF ID
|
|
||||||
elf_header << "\x02\x00" #Object file type
|
|
||||||
elf_header << "\x3e\x00" #Machine type
|
|
||||||
elf_header << "\x01\x00\x00\x00" #Object file version
|
|
||||||
elf_header << "\x78\x00\x40\x00\x00\x00\x00\x00" #Entry point address
|
|
||||||
elf_header << "\x40\x00\x00\x00\x00\x00\x00\x00" #Program header offset
|
|
||||||
elf_header << "\x00\x00\x00\x00\x00\x00\x00\x00" #Section header offset
|
|
||||||
elf_header << "\x00\x00\x00\x00" #Process specific flags
|
|
||||||
elf_header << "\x40\x00" #ELF header size
|
|
||||||
elf_header << "\x38\x00" #ELF program header entry
|
|
||||||
elf_header << "\x01\x00" #Number of program header entries
|
|
||||||
elf_header << "\x00\x00" #Size of section header entry
|
|
||||||
elf_header << "\x00\x00" #Number of section header entry
|
|
||||||
elf_header << "\x00\x00" #Section name string table index
|
|
||||||
|
|
||||||
prg_header = ''
|
elf = ''
|
||||||
prg_header << "\x01\x00\x00\x00" #Type of segment
|
File.open(opts[:template], "rb") { |fd|
|
||||||
prg_header << "\x07\x00\x00\x00" #Segment attributes (flags)
|
elf = fd.read(fd.stat.size)
|
||||||
prg_header << "\x00\x00\x00\x00\x00\x00\x00\x00" #Offset in file
|
}
|
||||||
prg_header << "\x00\x00\x40\x00\x00\x00\x00\x00" #Virtual address in memory
|
|
||||||
prg_header << "\x00\x00\x40\x00\x00\x00\x00\x00" #Reserved
|
#Append shellcode
|
||||||
prg_header << [120 + code.length].pack('Q') #Size of segment in file (p_filesz)
|
elf << code
|
||||||
prg_header << [120 + code.length].pack('Q') #Size of segment in memory (p_memsz)
|
|
||||||
prg_header << "\x00\x10\x00\x00\x00\x00\x00\x00" #Alignment of segment
|
#Modify size
|
||||||
|
elf[96, 8] = [120 + code.length].pack('Q') #p_filesz
|
||||||
|
elf[104,8] = [120 + code.length].pack('Q') #p_memsz
|
||||||
|
|
||||||
elf = elf_header + prg_header + code
|
|
||||||
return elf
|
return elf
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue