Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
require 'rex/encoder/nonalpha'
7

8
class MetasploitModule < Msf::Encoder::NonAlpha
9
  Rank = LowRanking
10

11
  def initialize
12
    super(
13
      'Name'             => "Non-Alpha Encoder",
14
      'Description'      => %q{
15
          Encodes payloads as non-alpha based bytes. This allows
16
        payloads to bypass both toupper() and tolower() calls,
17
        but will fail isalpha(). Table based design from
18
        Russel Sanford.
19
      },
20
      'Author'           => [ 'pusscat'],
21
      'Arch'             => ARCH_X86,
22
      'License'          => BSD_LICENSE,
23
      'EncoderType'      => Msf::Encoder::Type::NonAlpha,
24
      'Decoder'          =>
25
        {
26
          'BlockSize' => 1,
27
        })
28
  end
29

30
  #
31
  # Returns the decoder stub that is adjusted for the size of the buffer
32
  # being encoded.
33
  #
34
  def decoder_stub(state)
35
    state.key                   = ""
36
    state.decoder_key_size      = 0
37
    Rex::Encoder::NonAlpha::gen_decoder()
38
  end
39

40
  #
41
  # Encodes a one byte block with the current index of the length of the
42
  # payload.
43
  #
44
  def encode_block(state, block)
45
    begin
46
      newchar, state.key, state.decoder_key_size = Rex::Encoder::NonAlpha::encode_byte(block.unpack('C')[0], state.key, state.decoder_key_size)
47
    rescue RuntimeError => e
48
      raise BadcharError if e.message == "BadChar"
49
    end
50
    return newchar
51
  end
52

53
  #
54
  # Fix stuff, and add the table :)
55
  #
56
  def encode_end(state)
57
    state.encoded.gsub!(/A/, state.decoder_key_size.chr)
58
    state.encoded.gsub!(/B/, (state.decoder_key_size+5).chr)
59
    state.encoded[0x24, 0] = state.key
60
  end
61
end
62

63