109 lines
1.9 KiB
Ruby
109 lines
1.9 KiB
Ruby
##
|
|
# This module requires Metasploit: http://metasploit.com/download
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
##
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
|
###
|
|
#
|
|
# MixedNop
|
|
# ----------
|
|
#
|
|
# This class implements a mixed NOP generator for MIPS (big endian)
|
|
#
|
|
###
|
|
class MetasploitModule < Msf::Nop
|
|
|
|
|
|
def initialize
|
|
super(
|
|
'Name' => 'Better',
|
|
'Alias' => 'mipsbe_better',
|
|
'Description' => 'Better NOP generator',
|
|
'Author' => 'jm',
|
|
'License' => MSF_LICENSE,
|
|
'Arch' => ARCH_MIPSBE)
|
|
|
|
register_advanced_options(
|
|
[
|
|
OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
|
|
], self.class)
|
|
end
|
|
|
|
def get_register()
|
|
return rand(27) + 1
|
|
end
|
|
|
|
def make_bne(reg)
|
|
op = 0x14000000
|
|
|
|
reg = get_register()
|
|
offset = rand(65536)
|
|
|
|
op = op | ( reg << 21 ) | ( reg << 16 ) | offset
|
|
return op
|
|
end
|
|
|
|
def make_or(reg)
|
|
op = 0x00000025
|
|
|
|
op = op | ( reg << 21 ) | ( reg << 11 )
|
|
return op
|
|
end
|
|
|
|
def make_sll(reg)
|
|
op = 0x00000000
|
|
|
|
op = op | ( reg << 16 ) | ( reg << 11 )
|
|
return op
|
|
end
|
|
|
|
def make_sra(reg)
|
|
op = 0x00000003
|
|
|
|
op = op | ( reg << 16 ) | ( reg << 11 )
|
|
return op
|
|
end
|
|
|
|
def make_srl(reg)
|
|
op = 0x00000002
|
|
|
|
op = op | ( reg << 16 ) | ( reg << 11 )
|
|
return op
|
|
end
|
|
|
|
def make_xori(reg)
|
|
op = 0x38000000
|
|
|
|
op = op | ( reg << 21 ) | ( reg << 16 )
|
|
return op
|
|
end
|
|
|
|
def make_ori(reg)
|
|
op = 0x34000000
|
|
|
|
op = op | ( reg << 21 ) | ( reg << 16 )
|
|
return op
|
|
end
|
|
|
|
def generate_sled(length, opts)
|
|
|
|
badchars = opts['BadChars'] || ''
|
|
random = opts['Random'] || datastore['RandomNops']
|
|
nop_fn = [ :make_bne, :make_or, :make_sll, :make_sra, :make_srl, :make_xori, :make_ori ]
|
|
sled = ''
|
|
|
|
for i in 1..length/4 do
|
|
n = nop_fn.sample
|
|
sled << [send(n, get_register())].pack("N*")
|
|
end
|
|
|
|
return sled
|
|
end
|
|
|
|
end
|
|
|