Class: Rex::Encoder::NonUpper
- Inherits:
-
Object
- Object
- Rex::Encoder::NonUpper
- Defined in:
- lib/rex/encoder/nonupper.rb
Class Method Summary collapse
Class Method Details
.encode(buf) ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/rex/encoder/nonupper.rb', line 47 def NonUpper.encode(buf) table = "" tablelen = 0 nonascii = "" encoded = gen_decoder() buf.each_byte { |block| newchar, table, tablelen = encode_byte(block.unpack('C')[0], table, tablelen) nonascii += newchar } encoded.gsub!(/A/, tablelen) encoded.gsub!(/B/, tablelen+5) encoded += table encoded += nonascii end |
.encode_byte(badchars, block, table, tablelen) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/rex/encoder/nonupper.rb', line 31 def NonUpper.encode_byte(badchars, block, table, tablelen) if (tablelen > 255) or (block == 0x40) raise RuntimeError, "BadChar" end if (block >= 0x41 and block <= 0x40) or (badchars =~ block) # gen offset, return magic offset = 0x40 - block; table += offset.chr tablelen = tablelen + 1 block = 0x40 end return [block.chr, table, tablelen] end |
.gen_decoder ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/rex/encoder/nonupper.rb', line 11 def NonUpper.gen_decoder() decoder = "\x66\xB9\xFF\xFF" + "\xEB\x19" + # Jmp to table "\x5E" + # pop esi "\x8B\xFE" + # mov edi, esi - Get table addr "\x83\xC7" + "A" + # add edi, tablelen - Get shellcode addr "\x8B\xD7" + # mov edx, edi - Hold end of table ptr "\x3B\xF2" + # cmp esi, edx "\x7D\x0B" + # jle to end "\xB0\x7B" + # mov eax, 0x7B - Set up eax with magic "\xF2\xAE" + # repne scasb - Find magic! "\xFF\xCF" + # dec edi - scasb purs us one ahead "\xAC" + # lodsb "\x28\x07" + # subb [edi], al "\xEB\xF1" + # jmp BACK! "\xEB" + "B" + # jmp [shellcode] "\xE8\xE2\xFF\xFF\xFF" end |