metasploit-framework/modules/nops/mipsbe/better.rb

109 lines
1.9 KiB
Ruby

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
###
#
# MixedNop
# ----------
#
# This class implements a mixed NOP generator for MIPS (big endian)
#
###
class MetasploitModule < Msf::Nop
def initialize
super(
'Name' => 'Better',
'Alias' => 'mipsbe_better',
'Description' => 'Better NOP generator',
'Author' => 'jm',
'License' => MSF_LICENSE,
'Arch' => ARCH_MIPSBE)
register_advanced_options(
[
OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
], self.class)
end
def get_register()
return rand(27) + 1
end
def make_bne(reg)
op = 0x14000000
reg = get_register()
offset = rand(65536)
op = op | ( reg << 21 ) | ( reg << 16 ) | offset
return op
end
def make_or(reg)
op = 0x00000025
op = op | ( reg << 21 ) | ( reg << 11 )
return op
end
def make_sll(reg)
op = 0x00000000
op = op | ( reg << 16 ) | ( reg << 11 )
return op
end
def make_sra(reg)
op = 0x00000003
op = op | ( reg << 16 ) | ( reg << 11 )
return op
end
def make_srl(reg)
op = 0x00000002
op = op | ( reg << 16 ) | ( reg << 11 )
return op
end
def make_xori(reg)
op = 0x38000000
op = op | ( reg << 21 ) | ( reg << 16 )
return op
end
def make_ori(reg)
op = 0x34000000
op = op | ( reg << 21 ) | ( reg << 16 )
return op
end
def generate_sled(length, opts)
badchars = opts['BadChars'] || ''
random = opts['Random'] || datastore['RandomNops']
nop_fn = [ :make_bne, :make_or, :make_sll, :make_sra, :make_srl, :make_xori, :make_ori ]
sled = ''
for i in 1..length/4 do
n = nop_fn.sample
sled << [send(n, get_register())].pack("N*")
end
return sled
end
end