CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/msf/ui/console/command_dispatcher/payload.rb
Views: 1904
# -*- coding: binary -*-12module Msf3module Ui4module Console5module CommandDispatcher6###7# Payload module command dispatcher.8###9class Payload10include Msf::Ui::Console::ModuleCommandDispatcher11include Msf::Ui::Console::ModuleOptionTabCompletion1213# Load supported formats14@@supported_formats = \15Msf::Simple::Buffer.transform_formats + \16Msf::Util::EXE.to_executable_fmt_formats1718@@to_handler_opts = Rex::Parser::Arguments.new(19'-h' => [ false, 'Show this message' ]20)2122@@generate_opts = Rex::Parser::Arguments.new(23'-p' => [ true, 'The platform of the payload' ],24'-n' => [ true, 'Prepend a nopsled of [length] size on to the payload' ],25'-f' => [ true, "Output format: #{@@supported_formats.join(',')}" ],26'-E' => [ false, 'Force encoding' ],27'-e' => [ true, 'The encoder to use' ],28'-P' => [ true, 'Total desired payload size, auto-produce appropriate NOP sled length'],29'-S' => [ true, 'The new section name to use when generating (large) Windows binaries'],30'-b' => [ true, "The list of characters to avoid example: '\\x00\\xff'" ],31'-i' => [ true, 'The number of times to encode the payload' ],32'-x' => [ true, 'Specify a custom executable file to use as a template' ],33'-k' => [ false, 'Preserve the template behavior and inject the payload as a new thread' ],34'-o' => [ true, 'The output file name (otherwise stdout)' ],35'-O' => [ true, "Deprecated: alias for the '-o' option" ],36'-v' => [ false, 'Verbose output (display stage in addition to stager)' ],37'-h' => [ false, 'Show this message' ]38)3940#41# Returns the hash of commands specific to payload modules.42#43def commands44super.update(45'generate' => 'Generates a payload',46'to_handler' => 'Creates a handler with the specified payload',47'exploit' => 'Creates a handler with the specified payload'48)49end5051def cmd_to_handler_help52print_line 'Usage: to_handler [options]'53print_line54print_line 'Creates a handler a payload. Datastore options may be supplied after normal options.'55print_line 'This is convenient way of using multi/handler, setting the payload, and then setting datastore options.'56print_line57print_line 'Example: to_handler'58print_line 'Example: to_handler LHOST=192.168.123.1'59print @@to_handler_opts.usage60end6162def cmd_to_handler(*args)63if args.include?('-r') || args.include?('--reload-libs')64driver.run_single('reload_lib -a')65end6667mod_with_opts = mod.replicant68handler = framework.modules.create('exploit/multi/handler')69handler.share_datastore(mod_with_opts.datastore)7071@@to_handler_opts.parse(args) do |opt, _idx, val|72case opt73when '-h'74cmd_to_handler_help75return false76else77unless val.include?('=')78cmd_to_handler_help79return false80end8182handler.datastore.import_options_from_s(val)83end84end8586handler_opts = {87'Payload' => mod.refname,88'LocalInput' => driver.input,89'LocalOutput' => driver.output,90'RunAsJob' => true,91'Options' => {92'ExitOnSession' => false93}94}9596replicant_handler = nil97handler.exploit_simple(handler_opts) do |yielded_replicant_handler|98replicant_handler = yielded_replicant_handler99end100101if replicant_handler.nil?102print_error('Failed to run module')103return104end105106if replicant_handler.error.nil?107job_id = handler.job_id108109print_status "Payload Handler Started as Job #{job_id}"110end111end112113alias cmd_exploit cmd_to_handler114115#116# Tab completion for the generate command117#118def cmd_to_handler_tabs(str, words)119fmt = {120'-h' => [ nil ],121}122flags = tab_complete_generic(fmt, str, words)123options = tab_complete_option(active_module, str, words)124flags + options125end126127#128# Returns the command dispatcher name.129#130def name131'Payload'132end133134def cmd_generate_help135print_line 'Usage: generate [options]'136print_line137print_line 'Generates a payload. Datastore options may be supplied after normal options.'138print_line139print_line 'Example: generate -f python LHOST=127.0.0.1'140print @@generate_opts.usage141end142143#144# Generates a payload.145#146def cmd_generate(*args)147# Parse the arguments148encoder_name = nil149sled_size = nil150pad_nops = nil151sec_name = nil152option_str = nil153badchars = nil154format = 'ruby'155ofile = nil156iter = 1157force = nil158template = nil159plat = nil160keep = false161verbose = false162mod_with_opts = mod.replicant163164@@generate_opts.parse(args) do |opt, _idx, val|165case opt166when '-b'167badchars = Rex::Text.dehex(val)168when '-e'169encoder_name = val170when '-E'171force = true172when '-n'173sled_size = val.to_i174when '-P'175pad_nops = val.to_i176when '-S'177sec_name = val178when '-f'179format = val180when '-o'181if val.include?('=')182print_error("The -o parameter of 'generate' is now preferred to indicate the output file, like with msfvenom\n")183option_str = val184else185ofile = val186end187when '-O'188print("Usage of the '-O' parameter is deprecated, prefer '-o' to indicate the output file")189ofile = val190when '-i'191iter = val192when '-k'193keep = true194when '-p'195plat = val196when '-x'197template = val198when '-v'199verbose = true200when '-h'201cmd_generate_help202return false203else204unless val.include?('=')205cmd_generate_help206return false207end208209mod_with_opts.datastore.import_options_from_s(val)210end211end212if encoder_name.nil? && mod_with_opts.datastore['ENCODER']213encoder_name = mod_with_opts.datastore['ENCODER']214end215216# Generate the payload217begin218buf = mod_with_opts.generate_simple(219'BadChars' => badchars,220'Encoder' => encoder_name,221'Format' => format,222'NopSledSize' => sled_size,223'PadNops' => pad_nops,224'SecName' => sec_name,225'OptionStr' => option_str,226'ForceEncode' => force,227'Template' => template,228'Platform' => plat,229'KeepTemplateWorking' => keep,230'Iterations' => iter,231'Verbose' => verbose232)233rescue StandardError234log_error("Payload generation failed: #{$ERROR_INFO}")235return false236end237238if !ofile239# Display generated payload240puts(buf)241else242print_status("Writing #{buf.length} bytes to #{ofile}...")243f = File.expand_path(ofile)244fd = File.open(f, 'wb')245fd.write(buf)246fd.close247end248true249end250251#252# Tab completion for the generate command253#254def cmd_generate_tabs(str, words)255fmt = {256'-b' => [ true ],257'-E' => [ nil ],258'-e' => [ framework.encoders.module_refnames ],259'-h' => [ nil ],260'-o' => [ :file ],261'-P' => [ true ],262'-S' => [ true ],263'-f' => [ @@supported_formats ],264'-p' => [ true ],265'-k' => [ nil ],266'-x' => [ :file ],267'-i' => [ true ],268'-v' => [ nil ]269}270flags = tab_complete_generic(fmt, str, words)271options = tab_complete_option(active_module, str, words)272flags + options273end274end275end276end277end278end279280281