CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
# -*- coding: binary -*-
2

3
require 'rex/exploitation/egghunter'
4

5
module Msf
6

7
###
8
#
9
# This mixin provides an interface to generating egghunters for various
10
# platforms using the Rex::Exploitation::Egghunter class.
11
#
12
# Originally written by skape
13
# BadChar support added by David Rude
14
# Updated to take the payload and options by Joshua J. Drake
15
#
16
###
17
module Exploit::Egghunter
18

19
  #
20
  # Creates an instance of an exploit that uses an Egghunter overwrite.
21
  #
22
  def initialize(info = {})
23
    super
24
  end
25

26

27
  #
28
  # Generates an egghunter stub based on the current target's architecture
29
  # and operating system.
30
  #
31
  def generate_egghunter(payload, badchars = nil, opts = {})
32
    # Prefer the target's platform/architecture information, but use
33
    # the module's if no target specific information exists
34
    los   = target_platform
35
    larch = target_arch || ARCH_X86
36

37
    # If we found a platform list, then take the first platform
38
    los   = los.names[0] if (los.kind_of?(Msf::Module::PlatformList))
39

40
    # Use the first architecture if one was specified
41
    larch = larch[0] if (larch.kind_of?(Array))
42

43
    if los.nil?
44
      raise RuntimeError, "No platform restrictions were specified -- cannot select egghunter"
45
    end
46

47
    badchars ||= payload_badchars
48

49
    egg   = Rex::Exploitation::Egghunter.new(los, larch)
50
    bunny = egg.generate(payload, payload_badchars, opts)
51

52
    if (bunny.nil?)
53
      print_error("The egghunter could not be generated")
54
      raise ArgumentError
55
    end
56

57
    return bunny
58
  end
59

60
  #
61
  # Set the wfs_delay setting for all exploits using the Egghunter
62
  #
63
  def wfs_delay
64
    30
65
  end
66

67
end
68

69
end
70

71