Land #6954, Fix the available size of payload for exploit/.../payload_inject

bug/bundler_fix 4.12.10
Brendan 2016-07-05 07:38:27 -07:00
commit e29d5b9efe
No known key found for this signature in database
GPG Key ID: ECC0F0A52E65F268
15 changed files with 29 additions and 24 deletions

View File

@ -30,7 +30,7 @@ module Payload::Linux::BindTcp
}
# Generate the more advanced stager if we have the space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC'],
conf[:reliable] = true
end

View File

@ -33,7 +33,7 @@ module Payload::Linux::ReverseTcp
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -34,7 +34,7 @@ module Payload::Windows::BindTcp
}
# Generate the more advanced stager if we have the space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC'],
conf[:reliable] = true
end

View File

@ -32,7 +32,7 @@ module Payload::Windows::BindTcpRc4
}
# Generate the more advanced stager if we have the space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC'],
conf[:reliable] = true
end

View File

@ -50,7 +50,7 @@ module Payload::Windows::ReverseHttp
}
# Add extra options if we have enough space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:url] = luri + generate_uri
conf[:exitfunk] = datastore['EXITFUNC']
conf[:ua] = datastore['MeterpreterUserAgent']

View File

@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcp
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -38,7 +38,7 @@ module Payload::Windows::ReverseTcpDns
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcpRc4
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -34,7 +34,7 @@ module Payload::Windows::ReverseTcpRc4Dns
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -36,7 +36,7 @@ module Payload::Windows::ReverseWinHttp
}
# Add extra options if we have enough space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:uri] = generate_uri
conf[:exitfunk] = datastore['EXITFUNC']
conf[:verify_cert_hash] = opts[:verify_cert_hash]

View File

@ -32,7 +32,7 @@ module Payload::Windows::BindTcp_x64
}
# Generate the more advanced stager if we have the space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC'],
conf[:reliable] = true
end

View File

@ -54,7 +54,7 @@ module Payload::Windows::ReverseHttp_x64
}
# add extended options if we do have enough space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:url] = luri + generate_uri
conf[:exitfunk] = datastore['EXITFUNC']
conf[:ua] = datastore['MeterpreterUserAgent']

View File

@ -41,7 +41,7 @@ module Payload::Windows::ReverseTcp_x64
}
# Generate the advanced stager if we have space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:exitfunk] = datastore['EXITFUNC']
conf[:reliable] = true
end

View File

@ -37,7 +37,7 @@ module Payload::Windows::ReverseWinHttp_x64
}
# Add extra options if we have enough space
unless self.available_space.nil? || required_space > self.available_space
if self.available_space && required_space < self.available_space
conf[:uri] = generate_uri
conf[:exitfunk] = datastore['EXITFUNC']
conf[:verify_cert_hash] = opts[:verify_cert_hash]

View File

@ -14,24 +14,29 @@ class MetasploitModule < Msf::Exploit::Local
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Manage Memory Payload Injection',
'Description' => %q{
'Name' => 'Windows Manage Memory Payload Injection',
'Description' => %q{
This module will inject a payload into memory of a process. If a payload
isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID
datastore option isn't specified, then it'll inject into notepad.exe instead.
},
'License' => MSF_LICENSE,
'Author' =>
'License' => MSF_LICENSE,
'Author' =>
[
'Carlos Perez <carlos_perez[at]darkoperator.com>',
'sinn3r'
],
'Platform' => [ 'win' ],
'Arch' => [ ARCH_X86, ARCH_X86_64 ],
'SessionTypes' => [ 'meterpreter' ],
'Targets' => [ [ 'Windows', {} ] ],
'DefaultTarget' => 0,
'DisclosureDate'=> "Oct 12 2011"
'Platform' => [ 'win' ],
'Arch' => [ ARCH_X86, ARCH_X86_64 ],
'SessionTypes' => [ 'meterpreter' ],
'Targets' => [ [ 'Windows', {} ] ],
'Payload' =>
{
'Space' => 4096,
'DisableNops' => true
},
'DefaultTarget' => 0,
'DisclosureDate' => "Oct 12 2011"
))
register_options(