Class: Msf::Encoder::XorDynamic

Inherits:
Msf::Encoder show all
Defined in:
lib/msf/core/encoder/xor_dynamic.rb

Constant Summary

Constants inherited from Module

Module::REPLICANT_EXTENSION_DS_KEY

Constants included from Module::ModuleInfo

Module::ModuleInfo::UpdateableOptions

Instance Attribute Summary

Attributes inherited from Msf::Encoder

#available_space

Attributes inherited from Module

#error, #job_id, #license, #platform, #privileged, #references, #user_data

Attributes included from Framework::Offspring

#framework

Attributes included from Module::UUID

#uuid

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Module::Privileged

#priveli, #privileged

Attributes included from Module::Options

#options

Attributes included from Module::ModuleStore

#module_store

Attributes included from Module::ModuleInfo

#module_info

Attributes included from Module::FullName

#aliased_as

Attributes included from Module::DataStore

#datastore

Attributes included from Module::Author

#author

Attributes included from Module::Arch

#arch

Attributes included from Module::Alert

#alerts, #you_have_been_warned

Instance Method Summary collapse

Methods inherited from Msf::Encoder

#can_preserve_registers?, #decoder_block_size, #decoder_hash, #decoder_key_offset, #decoder_key_pack, #decoder_key_size, #decoder_stub, #do_encode, #encode_begin, #encode_block, #encode_end, #encode_finalize_stub, #encoder_type, #find_bad_keys, #find_context_key, #find_key_verify, #has_badchars?, #init_platform, #init_state, #integer_to_key_bytes, #key_bytes_to_buffer, #key_bytes_to_integer, #modified_registers, #obtain_key, #prepend_buf, #preserves_stack?, #to_native, #type, type

Methods inherited from Module

#black_listed_auth_filenames, cached?, #debugging?, #default_cred?, #fail_with, #file_path, #framework, #has_check?, #orig_cls, #owner, #perform_extensions, #platform?, #platform_to_s, #post_auth?, #register_extensions, #register_parent, #replicant, #required_cred_options, #set_defaults, #workspace

Methods included from Module::Reliability

#reliability, #reliability_to_s

Methods included from Module::Stability

#stability, #stability_to_s

Methods included from Module::SideEffects

#side_effects, #side_effects_to_s

Methods included from Module::UUID

#generate_uuid

Methods included from Module::UI

#init_ui

Methods included from Module::UI::Message

#print_error, #print_good, #print_prefix, #print_status, #print_warning

Methods included from Module::UI::Message::Verbose

#vprint_error, #vprint_good, #vprint_status, #vprint_warning

Methods included from Module::UI::Line

#print_line, #print_line_prefix

Methods included from Module::UI::Line::Verbose

#vprint_line

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Module::Type

#auxiliary?, #encoder?, #evasion?, #exploit?, #nop?, #payload?, #post?, #type

Methods included from Module::Ranking

#rank, #rank_to_h, #rank_to_s

Methods included from Module::Privileged

#privileged?

Methods included from Module::Options

#deregister_options, #register_advanced_options, #register_evasion_options, #register_options, #validate

Methods included from Module::Network

#comm, #support_ipv6?, #target_host, #target_port

Methods included from Module::ModuleStore

#[], #[]=

Methods included from Module::ModuleInfo

#alias, #description, #disclosure_date, #info_fixups, #merge_check_key, #merge_info, #merge_info_advanced_options, #merge_info_alias, #merge_info_description, #merge_info_evasion_options, #merge_info_name, #merge_info_options, #merge_info_string, #merge_info_version, #name, #notes, #update_info

Methods included from Module::FullName

#aliases, #fullname, #promptname, #realname, #refname, #shortname

Methods included from Module::DataStore

#import_defaults, #import_target_defaults, #share_datastore

Methods included from Module::Compatibility

#compat, #compatible?, #init_compat

Methods included from Module::Author

#author_to_s, #each_author

Methods included from Module::Auth

#store_valid_credential

Methods included from Module::Arch

#arch?, #arch_to_s, #each_arch

Methods included from Module::Alert

#add_alert, #add_error, #add_warning, #alert_user, #errors, #get_alerts, included, #is_usable?, #warnings

Constructor Details

#initialize(info) ⇒ XorDynamic

Returns a new instance of XorDynamic.


6
7
8
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 6

def initialize(info)
    super(info)
end

Instance Method Details

#encode(buf, badchars = nil, state = nil, platform = nil) ⇒ Object


110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 110

def encode(buf, badchars = nil, state = nil, platform = nil)

  # Set default badchars if empty
  badchars = "\x00\x0a\x0d" if (badchars == nil or badchars == '')

  # Check badchars in stub
  if Rex::Text.badchar_index(stub.gsub(stub_key_term, "").gsub(stub_payload_term, ""), badchars)
    raise Msf::BadcharError, "Bad character found in stub for the #{self.name} encoder.", caller
  end

  # Set allowed chars
  keyChars = ""
  for i in 1..255 do
    if !badchars[i.chr]
      keyChars << i.chr
    end
  end

  # Find key
  key = find_key(buf, badchars, keyChars)

  if key == nil
    raise Msf::BadcharError, "A key could not be found for the #{self.name} encoder.", caller
  end

  # Search for key terminator
  keyTerm = nil
  keyChars.chars.shuffle.each do |i|
    if !key[i]
      keyTerm = i
      break
    end
  end

  if keyTerm == nil
    raise Msf::BadcharError, "Key terminator could not be found for the #{self.name} encoder.", caller
  end

  # Encode paylod
  pos = 0
  encoded = ""
  while pos < buf.length
    encoded << (buf[pos].ord ^ key[pos % key.length].ord).chr
    pos += 1
  end

  # Search for payload terminator
  payloadTerm = nil
  keyChars.chars.shuffle.each do |i|
    break unless keyChars.chars.shuffle.each do |j|
      if !encoded.index(i + j)
        payloadTerm = i + j
        break
      end
    end
  end

  if payloadTerm == nil
    raise Msf::BadcharError, "Payload terminator could not be found for the #{self.name} encoder.", caller
  end

  finalPayload = stub.gsub(stub_key_term, keyTerm).gsub(stub_payload_term, payloadTerm) + key + keyTerm + encoded + payloadTerm

  # Check badchars in finalPayload
  if Rex::Text.badchar_index(finalPayload, badchars)
    raise Msf::BadcharError, "Bad character found for the #{self.name} encoder.", caller
  end

  return finalPayload
end

#find_key(buf, badchars, keyChars) ⇒ Object


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 34

def find_key(buf, badchars, keyChars)

  keyFound = nil

  bufLen = buf.length

  # Search for a valid key
  _min_key_len = min_key_len
  if _min_key_len < 1
    _min_key_len = Integer(buf.length / 100 * (0.2 + 0.05 * badchars.length))
    if _min_key_len < 1
      _min_key_len = 1
    end
  end

  _max_key_len = max_key_len
  if _max_key_len < 1
    _max_key_len = buf.length
  end

  if _min_key_len > _max_key_len or min_key_len == -1
    _min_key_len = _max_key_len
  end

  _key_inc = key_inc
  if _key_inc < 1
    _key_inc = Integer(buf.length / 100 * (0.01 + 0.001 * badchars.length))
    if _key_inc < 1
      _key_inc = 1
    end
  end

  keyLen = _min_key_len
  while keyLen < _max_key_len + _key_inc do
    if keyLen > _max_key_len
      keyLen = _max_key_len
    end

    #$stderr.print "\rKey size: #{keyLen}"
    #$stderr.flush

    myKey = ""
    for x in 0..keyLen - 1 do
      keyChars.each_char do |j|
        ok = true
        i = 0
        while i + x < bufLen do
          if badchars[(buf[i + x].ord ^ j.ord).chr]
            ok = false
            break
          end

          i += keyLen
        end

        if ok
          myKey << j.chr
          break
        end
      end
    end

    if myKey.length == keyLen
      keyFound = myKey
      break
    end

    keyLen += _key_inc
  end

  #$stderr.print "\n"
  #$stderr.flush

  return keyFound
end

#key_incObject


18
19
20
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 18

def key_inc
  Integer(datastore['KEYINC'] || 0)
end

#max_key_lenObject


14
15
16
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 14

def max_key_len
  Integer(datastore['KEYMAX'] || 0)
end

#min_key_lenObject


10
11
12
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 10

def min_key_len
  Integer(datastore['KEYMIN'] || 0)
end

#stubObject


22
23
24
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 22

def stub
  nil
end

#stub_key_termObject


26
27
28
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 26

def stub_key_term
  nil
end

#stub_payload_termObject


30
31
32
# File 'lib/msf/core/encoder/xor_dynamic.rb', line 30

def stub_payload_term
  nil
end