infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10215, add support for payload estimation for IPv6-specific modules

GSoC/Meterpreter_Web_Console
Brent Cook 2018-06-27 16:46:54 -05:00
parent cb0564913e 25b9f97a32
commit e17744df8d
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lib/msf/util/payload_cached_size.rb
View File

@ -36,6 +36,28 @@ class PayloadCachedSize
'DisableNops' => true 'DisableNops' => true
} }
OPTS6 = {
'Format' => 'raw',
'Options' => {
'CPORT' => 4444,
'LPORT' => 4444,
'LHOST' => 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff',
'KHOST' => 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff',
'AHOST' => 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff',
'CMD' => '/bin/sh',
'URL' => 'http://a.com',
'PATH' => '/',
'BUNDLE' => 'data/isight.bundle',
'DLL' => 'external/source/byakugan/bin/XPSP2/detoured.dll',
'RC4PASSWORD' => 'Metasploit',
'DNSZONE' => 'corelan.eu',
'PEXEC' => '/bin/sh',
'StagerURILength' => 5
},
'Encoder' => nil,
'DisableNops' => true
}
# Insert a new CachedSize value into the text of a payload module # Insert a new CachedSize value into the text of a payload module
# #
# @param data [String] The source code of a payload module # @param data [String] The source code of a payload module
@ -82,6 +104,7 @@ class PayloadCachedSize
# @return [Integer] # @return [Integer]
def self.compute_cached_size(mod) def self.compute_cached_size(mod)
return ":dynamic" if is_dynamic?(mod) return ":dynamic" if is_dynamic?(mod)
return mod.generate_simple(OPTS6).size if mod.shortname =~ /6/
return mod.generate_simple(OPTS).size return mod.generate_simple(OPTS).size
end end
@ -92,8 +115,13 @@ class PayloadCachedSize
# verify that the size is static. # verify that the size is static.
# @return [Integer] # @return [Integer]
def self.is_dynamic?(mod, generation_count=5) def self.is_dynamic?(mod, generation_count=5)
[*(1..generation_count)].map{|x| [*(1..generation_count)].map do |x|
mod.generate_simple(OPTS).size}.uniq.length != 1 if mod.shortname =~ /6/
mod.generate_simple(OPTS6).size
else
mod.generate_simple(OPTS).size
end
end.uniq.length != 1
end end
# Determines whether a payload's CachedSize is up to date # Determines whether a payload's CachedSize is up to date
@ -103,7 +131,11 @@ class PayloadCachedSize
def self.is_cached_size_accurate?(mod) def self.is_cached_size_accurate?(mod)
return true if mod.dynamic_size? && is_dynamic?(mod) return true if mod.dynamic_size? && is_dynamic?(mod)
return false if mod.cached_size.nil? return false if mod.cached_size.nil?
mod.cached_size == mod.generate_simple(OPTS).size if mod.shortname =~ /6/
mod.cached_size == mod.generate_simple(OPTS6).size
else
mod.cached_size == mod.generate_simple(OPTS).size
end
end end
end end

2
modules/payloads/singles/linux/x86/shell_reverse_tcp_ipv6.rb
View File

@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options'
module MetasploitModule module MetasploitModule
CachedSize = 167 CachedSize = 158
include Msf::Payload::Single include Msf::Payload::Single
include Msf::Payload::Linux include Msf::Payload::Linux