Class: Rex::Exploitation::Js::Memory

Inherits:

Object

• Object
• Rex::Exploitation::Js::Memory

Defined in:

lib/rex/exploitation/js/memory.rb

Overview

Provides meomry manipulative functions in JavaScript

Class Method Summary

• .explib2 ⇒ Object
• .explib2_payload(payload = "exec") ⇒ Object
• .heap_spray ⇒ Object
• .heaplib2(custom_js = '', opts = {}) ⇒ Object
• .mstime_malloc ⇒ Object
• .property_spray ⇒ Object

Class Method Details

.explib2 ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 61

def self.explib2
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "lib", "explib2.js"))

  ::Rex::Exploitation::ObfuscateJS.obfuscate(js)
end

.explib2_payload(payload = "exec") ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 67

def self.explib2_payload(payload="exec")
  case payload
  when "drop_exec"
    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "payload", "drop_exec.js"))
  else # "exec"
    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "explib2", "payload", "exec.js"))
  end

  ::Rex::Exploitation::ObfuscateJS.obfuscate(js)
end

.heap_spray ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 50

def self.heap_spray
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "heap_spray.js"))

  ::Rex::Exploitation::ObfuscateJS.new(js,
    {
      'Symbols' => {
        'Variables' => %w{ index heapSprayAddr_hi heapSprayAddr_lo retSlide heapBlockCnt }
      }
    }).obfuscate
end

.heaplib2(custom_js = '', opts = {}) ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 27

def self.heaplib2(custom_js='', opts={})
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "heaplib2.js"))

  unless custom_js.blank?
    js << custom_js
  end

  js = ::Rex::Exploitation::JSObfu.new js
  js.obfuscate
  return js
end

.mstime_malloc ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 14

def self.mstime_malloc
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "mstime_malloc.js"))
  js = js.gsub(/W00TA/, Rex::Text.rand_text_hex(6))
  js = js.gsub(/W00TB/, Rex::Text.rand_text_hex(5))

  ::Rex::Exploitation::ObfuscateJS.new(js,
    {
      'Symbols' => {
        'Variables' => %w{ buf eleId acTag }
      }
    }).obfuscate
end

.property_spray ⇒ Object

# File 'lib/rex/exploitation/js/memory.rb', line 39

def self.property_spray
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "memory", "property_spray.js"))

  ::Rex::Exploitation::ObfuscateJS.new(js,
    {
      'Symbols' => {
        'Variables' => %w{ sym_div_container data junk obj }
      }
    }).obfuscate
end