CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/encoders/x86/nonupper.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'rex/encoder/nonupper'

7


8
class MetasploitModule < Msf::Encoder::NonUpper

9
  Rank = LowRanking

10


11
  def initialize

12
    super(

13
      'Name'             => "Non-Upper Encoder",

14
      'Description'      => %q{

15
          Encodes payloads as non-alpha based bytes. This allows

16
        payloads to bypass tolower() calls, but will fail isalpha().

17
        Table based design from Russel Sanford.

18
      },

19
      'Author'           => [ 'pusscat'],

20
      'Arch'             => ARCH_X86,

21
      'License'          => BSD_LICENSE,

22
      'EncoderType'      => Msf::Encoder::Type::NonUpper,

23
      'Decoder'          =>

24
        {

25
          'BlockSize' => 1,

26
        })

27
  end

28


29
  #

30
  # Returns the decoder stub that is adjusted for the size of the buffer

31
  # being encoded.

32
  #

33
  def decoder_stub(state)

34
    state.key                   = ""

35
    state.decoder_key_size      = 0

36
    Rex::Encoder::NonUpper::gen_decoder()

37
  end

38


39
  #

40
  # Encodes a one byte block with the current index of the length of the

41
  # payload.

42
  #

43
  def encode_block(state, block)

44
    begin

45
      newchar, state.key, state.decoder_key_size =

46
        Rex::Encoder::NonUpper::encode_byte(datastore['BadChars'], block.unpack('C')[0], state.key, state.decoder_key_size)

47
    rescue RuntimeError => e

48
      # This is a bandaid to deal with the fact that, since it's in

49
      # the Rex namespace, the encoder itself doesn't have access to the

50
      # Msf exception classes.  Turn it into an actual EncodingError

51
      # exception so the encoder doesn't look broken when it just fails

52
      # to encode.

53
      raise BadcharError if e.message == "BadChar"

54
    end

55
    return newchar

56
  end

57


58
  #

59
  # Fix stuff, and add the table :)

60
  #

61
  def encode_end(state)

62
    state.encoded.gsub!(/A/, state.decoder_key_size.chr)

63
    state.encoded.gsub!(/B/, (state.decoder_key_size+5).chr)

64
    state.encoded[0x24, 0] = state.key

65
  end

66
end

67


68