Path: blob/master/modules/encoders/x86/nonupper.rb
19592 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'rex/encoder/nonupper'67class MetasploitModule < Msf::Encoder::NonUpper8Rank = LowRanking910def initialize11super(12'Name' => 'Non-Upper Encoder',13'Description' => %q{14Encodes payloads as non-alpha based bytes. This allows15payloads to bypass tolower() calls, but will fail isalpha().16Table based design from Russel Sanford.17},18'Author' => [ 'pusscat'],19'Arch' => ARCH_X86,20'License' => BSD_LICENSE,21'EncoderType' => Msf::Encoder::Type::NonUpper,22'Decoder' => {23'BlockSize' => 124})25end2627#28# Returns the decoder stub that is adjusted for the size of the buffer29# being encoded.30#31def decoder_stub(state)32state.key = ''33state.decoder_key_size = 034Rex::Encoder::NonUpper.gen_decoder35end3637#38# Encodes a one byte block with the current index of the length of the39# payload.40#41def encode_block(state, block)42begin43newchar, state.key, state.decoder_key_size =44Rex::Encoder::NonUpper.encode_byte(datastore['BadChars'], block.unpack('C')[0], state.key, state.decoder_key_size)45rescue RuntimeError => e46# This is a bandaid to deal with the fact that, since it's in47# the Rex namespace, the encoder itself doesn't have access to the48# Msf exception classes. Turn it into an actual EncodingError49# exception so the encoder doesn't look broken when it just fails50# to encode.51raise BadcharError if e.message == 'BadChar'52end53return newchar54end5556#57# Fix stuff, and add the table :)58#59def encode_end(state)60state.encoded.gsub!(/A/, state.decoder_key_size.chr)61state.encoded.gsub!(/B/, (state.decoder_key_size + 5).chr)62state.encoded[0x24, 0] = state.key63end64end656667