CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
###
7
#
8
# MixedNop
9
# ----------
10
#
11
# This class implements a mixed NOP generator for MIPS (big endian)
12
#
13
###
14
class MetasploitModule < Msf::Nop
15

16
  def initialize
17
    super(
18
      'Name'        => 'Better',
19
      'Alias'       => 'mipsbe_better',
20
      'Description' => 'Better NOP generator',
21
      'Author'      => 'jm',
22
      'License'     => MSF_LICENSE,
23
      'Arch'        => ARCH_MIPSBE)
24

25
    register_advanced_options(
26
      [
27
        OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
28
      ])
29
  end
30

31
  def get_register()
32
      return rand(27) + 1
33
  end
34

35
  def make_bne(reg)
36
    op = 0x14000000
37

38
    reg = get_register()
39
    offset = rand(65536)
40

41
    op = op | ( reg << 21 ) | ( reg << 16 ) | offset
42
    return op
43
  end
44

45
  def make_or(reg)
46
    op = 0x00000025
47

48
    op = op | ( reg << 21 ) | ( reg << 11 )
49
    return op
50
  end
51

52
  def make_sll(reg)
53
    op = 0x00000000
54

55
    op = op | ( reg << 16 ) | ( reg << 11 )
56
    return op
57
  end
58

59
  def make_sra(reg)
60
    op = 0x00000003
61

62
    op = op | ( reg << 16 ) | ( reg << 11 )
63
    return op
64
  end
65

66
  def make_srl(reg)
67
    op = 0x00000002
68

69
    op = op | ( reg << 16 ) | ( reg << 11 )
70
    return op
71
  end
72

73
  def make_xori(reg)
74
    op = 0x38000000
75

76
    op = op | ( reg << 21 ) | ( reg << 16 )
77
    return op
78
  end
79

80
  def make_ori(reg)
81
    op = 0x34000000
82

83
    op = op | ( reg << 21 ) | ( reg << 16 )
84
    return op
85
  end
86

87
  def generate_sled(length, opts)
88

89
    badchars = opts['BadChars'] || ''
90
    random   = opts['Random']   || datastore['RandomNops']
91
    nop_fn   = [ :make_bne, :make_or, :make_sll, :make_sra, :make_srl, :make_xori, :make_ori ]
92
    sled     = ''
93

94
    for i in 1..length/4 do
95
        n = nop_fn.sample
96
        sled << [send(n, get_register())].pack("N*")
97
    end
98

99
    return sled
100
  end
101
end
102

103

104