Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/lib/msf/base/simple/payload.rb
Views: 11784
# -*- coding: binary -*-123module Msf4module Simple56###7#8# Simple payload wrapper class for performing generation.9#10###11module Payload1213include Module1415#16# Generate a payload with the mad skillz. The payload can be generated in17# a number of ways.18#19# opts can have:20#21# Encoder => A encoder module name.22# BadChars => A string of bad characters.23# Format => The format to represent the data as: ruby, perl, c, raw24# Options => A hash of options to set.25# OptionStr => A string of options in VAR=VAL form separated by26# whitespace.27# NoComment => Disables prepention of a comment28# NopSledSize => The number of NOPs to use29# MaxSize => The maximum size of the payload.30# Iterations => Number of times to encode.31# ForceEncode => Force encoding.32#33# raises:34#35# BadcharError => If the supplied encoder fails to encode the payload36# NoKeyError => No valid encoder key could be found37# ArgumentParseError => Options were supplied improperly38#39def self.generate_simple(payload, opts, &block)4041# Clone the module to prevent changes to the original instance42payload = payload.replicant43Msf::Simple::Framework.simplify_module(payload)44yield(payload) if block_given?4546# Import any options we may need47payload._import_extra_options(opts)48framework = payload.framework4950# Generate the payload51e = EncodedPayload.create(payload,52'BadChars' => opts['BadChars'],53'MinNops' => opts['NopSledSize'],54'PadNops' => opts['PadNops'],55'Encoder' => opts['Encoder'],56'Iterations' => opts['Iterations'],57'ForceEncode' => opts['ForceEncode'],58'DisableNops' => opts['DisableNops'],59'Space' => opts['MaxSize'])6061fmt = opts['Format'] || 'raw'6263exeopts = {64:inject => opts['KeepTemplateWorking'],65:template => opts['Template'],66:template_path => opts['ExeDir'],67:secname => opts['SecName']68}6970arch = payload.arch71plat = opts['Platform'] || payload.platform7273# Save off the original payload length74len = e.encoded.length757677if arch.index(ARCH_JAVA) and fmt == 'war'78return e.encoded_war.pack79end8081output = Msf::Util::EXE.to_executable_fmt(framework, arch, plat, e.encoded, fmt, exeopts)8283if not output84# Generate jar if necessary85if fmt == 'jar'86return e.encoded_jar.pack87end8889# Serialize the generated payload to some sort of format90fmt ||= "ruby"91output = Buffer.transform(e.encoded, fmt)9293# Prepend a comment94if (fmt != 'raw' and opts['NoComment'] != true)95((ou = payload.options.options_used_to_s(payload.datastore)) and ou.length > 0) ? ou += "\n" : ou = ''96output =97Buffer.comment(98"#{payload.refname} - #{len} bytes#{payload.staged? ? " (stage 1)" : ""}\n" +99"https://metasploit.com/\n" +100((e.encoder) ? "Encoder: #{e.encoder.refname}\n" : '') +101((e.nop) ? "NOP gen: #{e.nop.refname}\n" : '') +102"#{ou}",103fmt) +104output105106# If verbose was requested and it's multistage, include the second stage too107if opts['Verbose'] && payload.staged?108stage = payload.generate_stage109110# If a stage was generated, then display it111if stage and stage.length > 0112output +=113"\n" +114Buffer.comment(115"#{payload.refname} - #{stage.length} bytes (stage 2)\n" +116"https://metasploit.com/\n",117fmt) +118Buffer.transform(stage, fmt)119end120end121122end123124end125126# How to warn?127#if exeopts[:fellback]128# $stderr.puts(OutError + "Warning: Falling back to default template: #{exeopts[:fellback]}")129#end130131return output132end133134#135# Calls the class method.136#137def generate_simple(opts, &block)138Msf::Simple::Payload.generate_simple(self, opts, &block)139end140141end142143end144end145146147