metasploit-framework/lib/msf/core/exploit/seh.rb

67 lines
1.5 KiB
Ruby

require 'rex/exploitation/seh'
module Msf
###
#
# Seh
# ---
#
# This mixin provides a interface to generating SEH registration records in a
# robust fashion using the Rex::Exploitation::Seh class.
#
###
module Exploit::Seh
def initialize(info = {})
super
# Register an advanced option that allows users to specify whether or
# not a dynamic SEH record should be used.
register_advanced_options(
[
OptBool.new('DynamicSehRecord', [ false, "Generate a dynamic SEH record (more stealthy)", 'no' ])
], Msf::Exploit::Seh)
end
#
# Generates an SEH record with zero or more options. The supported options
# are:
#
# EvasionLevel
#
# The evasion level to use. If none is supplied, the default is used.
#
# NopGenerator
#
# The NOP generator instance to use, if any.
#
# Space
#
# The amount of room the SEH record generator has to play with for
# random padding. This should be derived from the maximum amount of
# space available to the exploit for payloads minus the current payload
# size.
#
def generate_seh_record(handler, opts = {})
seh = Rex::Exploitation::Seh.new(
payload_badchars,
opts['Space'],
opts['NopGenerator'])
evlvl = opts['EvasionLevel'] || seh.default_evasion_level
# If the user specified that a dynamic SEH record be used, override all
# of the supplied settings.
if (datastore['DynamicSehRecord'])
evlvl = EVASION_HIGH
end
# Generate the record
seh.generate_seh_record(handler, evlvl)
end
end
end