Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Encoder::XorAdditiveFeedback
7

8
  # Uncomment when we get the poly stuff working again.
9
  #Rank = GreatRanking
10

11
  def initialize
12
    super(
13
      'Name'             => 'Jump/Call XOR Additive Feedback Encoder',
14
      'Description'      => 'Jump/Call XOR Additive Feedback',
15
      'Author'           => 'skape',
16
      'Arch'             => ARCH_X86,
17
      'License'          => MSF_LICENSE,
18
      'Decoder'          =>
19
        {
20
          'Stub'       =>
21
            "\xfc"                + # cld
22
            "\xbbXORK"            + # mov ebx, key
23
            "\xeb\x0c"            + # jmp short 0x14
24
            "\x5e"                + # pop esi
25
            "\x56"                + # push esi
26
            "\x31\x1e"            + # xor [esi], ebx
27
            "\xad"                + # lodsd
28
            "\x01\xc3"            + # add ebx, eax
29
            "\x85\xc0"            + # test eax, eax
30
            "\x75\xf7"            + # jnz 0xa
31
            "\xc3"                + # ret
32
            "\xe8\xef\xff\xff\xff", # call 0x8
33
          'KeyOffset' => 2,
34
          'KeySize'   => 4,
35
          'BlockSize' => 4,
36
        })
37
  end
38

39
  #
40
  # Append the termination block.
41
  #
42
  def encode_end(state)
43
    state.encoded += [ state.key ].pack(state.decoder_key_pack)
44
  end
45
end
46

47