Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/util/exe/linux/x86.rb
36043 views
1
module Msf::Util::EXE::Linux::X86

2
  include Msf::Util::EXE::Common

3
  include Msf::Util::EXE::Linux::Common

4


5


6
  def self.included(base)

7
    base.extend(ClassMethods)

8
  end

9
  

10
  module ClassMethods

11


12
    # Create a 32-bit Linux ELF containing the payload provided in +code+

13
    # to_linux_x86_elf

14
    #

15
    # @param framework  [Msf::Framework]  The framework of you want to use

16
    # @param code       [String]

17
    # @param opts       [Hash]

18
    # @option           [String] :template

19
    # @return           [String] Returns an elf

20
    def to_linux_x86_elf(framework, code, opts = {})

21
      default = true unless opts[:template]

22


23
      return to_exe_elf(framework, opts, "template_x86_linux.bin", code) if default

24
      return to_linux_x86_custom_elf(framework, code, opts)

25
    end

26


27
    # Create a 32-bit Linux ELF containing the payload provided in +code+ with custom template

28
    # to_linux_x86_custom_elf

29
    #

30
    # @param framework [Msf::Framework]

31
    # @param code       [String]

32
    # @param opts       [Hash]

33
    # @option           [String] :template

34
    # @return           [String] Returns an elf

35
    def to_linux_x86_custom_elf(framework, code, opts = {})

36
      # Use set_template_default to normalize the :template key. It will just end up doing

37
      # opts[:template] = File.join(opts[:template_path], opts[:template])

38
      # for us, check if the file exists.

39
      set_template_default(opts, 'template_x86_linux.bin')

40


41
      # If this isn't our normal template, we have to do some fancy

42
      # header patching to mark the .text section rwx before putting our

43
      # payload into the entry point.

44


45
      # read in the template and parse it

46
      e = Metasm::ELF.decode_file(opts[:template])

47


48
      # This will become a modified copy of the template's original phdr

49
      new_phdr = Metasm::EncodedData.new

50
      e.segments.each { |s|

51
        # Be lazy and mark any executable segment as writable.  Doing

52
        # it this way means we don't have to care about which one

53
        # contains .text

54
        s.flags += [ "W" ] if s.flags.include? "X"

55
        new_phdr << s.encode(e)

56
      }

57


58
      # Copy the original file

59
      elf = get_file_contents(opts[:template], "rb")

60


61
      # Replace the header with our rwx modified version

62
      elf[e.header.phoff, new_phdr.data.length] = new_phdr.data

63


64
      # Replace code at the entrypoint with our payload

65
      entry_off = e.addr_to_off(e.label_addr('entrypoint'))

66
      elf[entry_off, code.length] = code

67
    end

68


69


70
    # Create a 32-bit Linux ELF_DYN containing the payload provided in +code+

71
    # to_linux_x86_elf_dll

72
    #

73
    # @param framework [Msf::Framework]

74
    # @param code       [String]

75
    # @param opts       [Hash]

76
    # @option           [String] :template

77
    # @return           [String] Returns an elf

78
    def to_linux_x86_elf_dll(framework, code, opts = {})

79
      to_exe_elf(framework, opts, "template_x86_linux_dll.bin", code)

80
    end

81
  end

82


83
  class << self

84
    include ClassMethods

85
  end

86


87
end

88


89