Class: Msf::Encoder::XorDynamic

Inherits:

Msf::Encoder

• Object
• Module
• Msf::Encoder
• Msf::Encoder::XorDynamic

Defined in:

lib/msf/core/encoder/xor_dynamic.rb

Constant Summary

Constants inherited from Module

Module::REPLICANT_EXTENSION_DS_KEY

Constants included from Module::ModuleInfo

Module::ModuleInfo::UpdateableOptions

Instance Attribute Summary

Attributes inherited from Msf::Encoder

#available_space

Attributes inherited from Module

#error, #job_id, #license, #platform, #privileged, #references, #user_data

Attributes included from Framework::Offspring

#framework

Attributes included from Module::UUID

#uuid

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Module::Privileged

#priveli, #privileged

Attributes included from Module::Options

#options

Attributes included from Module::ModuleStore

#module_store

Attributes included from Module::ModuleInfo

#module_info

Attributes included from Module::FullName

#aliased_as

Attributes included from Module::DataStore

#datastore

Attributes included from Module::Author

#author

Attributes included from Module::Arch

#arch

Attributes included from Module::Alert

#alerts, #you_have_been_warned

Instance Method Summary

• #encode(buf, badchars = nil, state = nil, platform = nil) ⇒ Object
• #find_key(buf, badchars, keyChars) ⇒ Object
• #initialize(info) ⇒ XorDynamic constructor

  A new instance of XorDynamic.

• #key_inc ⇒ Object
• #max_key_len ⇒ Object
• #min_key_len ⇒ Object
• #stub ⇒ Object
• #stub_key_term ⇒ Object
• #stub_payload_term ⇒ Object

Methods inherited from Msf::Encoder

#can_preserve_registers?, #decoder_block_size, #decoder_hash, #decoder_key_offset, #decoder_key_pack, #decoder_key_size, #decoder_stub, #do_encode, #encode_begin, #encode_block, #encode_end, #encode_finalize_stub, #encoder_type, #find_bad_keys, #find_context_key, #find_key_verify, #has_badchars?, #init_platform, #init_state, #integer_to_key_bytes, #key_bytes_to_buffer, #key_bytes_to_integer, #modified_registers, #obtain_key, #prepend_buf, #preserves_stack?, #to_native, #type, type

Methods inherited from Module

#adapted_refname, #adapter_refname, #black_listed_auth_filenames, cached?, #debugging?, #default_cred?, #default_options, #fail_with, #file_path, #framework, #has_check?, #orig_cls, #owner, #perform_extensions, #platform?, #platform_to_s, #post_auth?, #register_extensions, #register_parent, #replicant, #required_cred_options, #set_defaults, #stage_refname, #stager_refname, #workspace

Methods included from Module::Reliability

#reliability, #reliability_to_s

Methods included from Module::Stability

#stability, #stability_to_s

Methods included from Module::SideEffects

#side_effects, #side_effects_to_s

Methods included from Module::UUID

#generate_uuid

Methods included from Module::UI

#init_ui

Methods included from Module::UI::Message

#print_error, #print_good, #print_prefix, #print_status, #print_warning

Methods included from Module::UI::Message::Verbose

#vprint_error, #vprint_good, #vprint_status, #vprint_warning

Methods included from Module::UI::Line

#print_line, #print_line_prefix

Methods included from Module::UI::Line::Verbose

#vprint_line

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Module::Type

#auxiliary?, #encoder?, #evasion?, #exploit?, #nop?, #payload?, #post?, #type

Methods included from Module::Ranking

#rank, #rank_to_h, #rank_to_s

Methods included from Module::Privileged

#privileged?

Methods included from Module::Options

#deregister_option_group, #deregister_options, #register_advanced_options, #register_evasion_options, #register_option_group, #register_options, #validate

Methods included from Module::Network

#comm, #support_ipv6?, #target_host, #target_port

Methods included from Module::ModuleStore

#[], #[]=

Methods included from Module::ModuleInfo

#alias, #description, #disclosure_date, #info_fixups, #merge_check_key, #merge_info, #merge_info_advanced_options, #merge_info_alias, #merge_info_description, #merge_info_evasion_options, #merge_info_name, #merge_info_options, #merge_info_string, #merge_info_version, #name, #notes, #update_info

Methods included from Module::FullName

#aliases, #fullname, #promptname, #realname, #refname, #shortname

Methods included from Module::DataStore

#import_defaults, #import_target_defaults, #share_datastore

Methods included from Module::Compatibility

#compat, #compatible?, #init_compat

Methods included from Module::Author

#author_to_s, #each_author

Methods included from Module::Auth

#store_valid_credential

Methods included from Module::Arch

#arch?, #arch_to_s, #each_arch

Methods included from Module::Alert

#add_alert, #add_error, #add_info, #add_warning, #alert_user, #errors, #get_alerts, included, #infos, #is_usable?, #warnings, #without_prompt

Constructor Details

#initialize(info) ⇒ XorDynamic

Returns a new instance of XorDynamic.

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 5

def initialize(info)
    super(info)
end

Instance Method Details

#encode(buf, badchars = nil, state = nil, platform = nil) ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 109

def encode(buf, badchars = nil, state = nil, platform = nil)

  # Set default badchars if empty
  badchars = "\x00\x0a\x0d" if (badchars == nil or badchars == '')

  # Check badchars in stub
  if Rex::Text.badchar_index(stub.gsub(stub_key_term, "").gsub(stub_payload_term, ""), badchars)
    raise Msf::BadcharError, "Bad character found in stub for the #{self.name} encoder.", caller
  end

  # Set allowed chars
  keyChars = ""
  for i in 1..255 do
    if !badchars[i.chr]
      keyChars << i.chr
    end
  end

  # Find key
  key = find_key(buf, badchars, keyChars)

  if key == nil
    raise Msf::BadcharError, "A key could not be found for the #{self.name} encoder.", caller
  end

  # Search for key terminator
  keyTerm = nil
  keyChars.chars.shuffle.each do |i|
    if !key[i]
      keyTerm = i
      break
    end
  end

  if keyTerm == nil
    raise Msf::BadcharError, "Key terminator could not be found for the #{self.name} encoder.", caller
  end

  # Encode paylod
  pos = 0
  encoded = ""
  while pos < buf.length
    encoded << (buf[pos].ord ^ key[pos % key.length].ord).chr
    pos += 1
  end

  # Search for payload terminator
  payloadTerm = nil
  keyChars.chars.shuffle.each do |i|
    break unless keyChars.chars.shuffle.each do |j|
      if !encoded.index(i + j)
        payloadTerm = i + j
        break
      end
    end
  end

  if payloadTerm == nil
    raise Msf::BadcharError, "Payload terminator could not be found for the #{self.name} encoder.", caller
  end

  finalPayload = stub.gsub(stub_key_term, keyTerm).gsub(stub_payload_term, payloadTerm) + key + keyTerm + encoded + payloadTerm

  # Check badchars in finalPayload
  if Rex::Text.badchar_index(finalPayload, badchars)
    raise Msf::BadcharError, "Bad character found for the #{self.name} encoder.", caller
  end

  return finalPayload
end

#find_key(buf, badchars, keyChars) ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 33

def find_key(buf, badchars, keyChars)

  keyFound = nil

  bufLen = buf.length

  # Search for a valid key
  _min_key_len = min_key_len
  if _min_key_len < 1
    _min_key_len = Integer(buf.length / 100 * (0.2 + 0.05 * badchars.length))
    if _min_key_len < 1
      _min_key_len = 1
    end
  end

  _max_key_len = max_key_len
  if _max_key_len < 1
    _max_key_len = buf.length
  end

  if _min_key_len > _max_key_len or min_key_len == -1
    _min_key_len = _max_key_len
  end

  _key_inc = key_inc
  if _key_inc < 1
    _key_inc = Integer(buf.length / 100 * (0.01 + 0.001 * badchars.length))
    if _key_inc < 1
      _key_inc = 1
    end
  end

  keyLen = _min_key_len
  while keyLen < _max_key_len + _key_inc do
    if keyLen > _max_key_len
      keyLen = _max_key_len
    end

    #$stderr.print "\rKey size: #{keyLen}"
    #$stderr.flush

    myKey = ""
    for x in 0..keyLen - 1 do
      keyChars.each_char do |j|
        ok = true
        i = 0
        while i + x < bufLen do
          if badchars[(buf[i + x].ord ^ j.ord).chr]
            ok = false
            break
          end

          i += keyLen
        end

        if ok
          myKey << j.chr
          break
        end
      end
    end

    if myKey.length == keyLen
      keyFound = myKey
      break
    end

    keyLen += _key_inc
  end

  #$stderr.print "\n"
  #$stderr.flush

  return keyFound
end

#key_inc ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 17

def key_inc
  Integer(datastore['KEYINC'] || 0)
end

#max_key_len ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 13

def max_key_len
  Integer(datastore['KEYMAX'] || 0)
end

#min_key_len ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 9

def min_key_len
  Integer(datastore['KEYMIN'] || 0)
end

#stub ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 21

def stub
  nil
end

#stub_key_term ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 25

def stub_key_term
  nil
end

#stub_payload_term ⇒ Object

# File 'lib/msf/core/encoder/xor_dynamic.rb', line 29

def stub_payload_term
  nil
end