Module: Msf::Exploit::Egghunter

Defined in:
lib/msf/core/exploit/egghunter.rb

Overview

This mixin provides an interface to generating egghunters for various platforms using the Rex::Exploitation::Egghunter class.

Originally written by skape BadChar support added by David Rude Updated to take the payload and options by Joshua J. Drake

Instance Method Summary collapse

Instance Method Details

#generate_egghunter(payload, badchars = nil, opts = {}) ⇒ Object

Generates an egghunter stub based on the current target’s architecture and operating system.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/msf/core/exploit/egghunter.rb', line 31

def generate_egghunter(payload, badchars = nil, opts = {})
  # Prefer the target's platform/architecture information, but use
  # the module's if no target specific information exists
  los   = target_platform
  larch = target_arch || ARCH_X86

  # If we found a platform list, then take the first platform
  los   = los.names[0] if (los.kind_of?(Msf::Module::PlatformList))

  # Use the first architecture if one was specified
  larch = larch[0] if (larch.kind_of?(Array))

  if los.nil?
    raise RuntimeError, "No platform restrictions were specified -- cannot select egghunter"
  end

  badchars ||= payload_badchars

  egg   = Rex::Exploitation::Egghunter.new(los, larch)
  bunny = egg.generate(payload, payload_badchars, opts)

  if (bunny.nil?)
    print_error("The egghunter could not be generated")
    raise ArgumentError
  end

  return bunny
end

#initialize(info = {}) ⇒ Object

Creates an instance of an exploit that uses an Egghunter overwrite.



22
23
24
 
# File 'lib/msf/core/exploit/egghunter.rb', line 22

def initialize(info = {})
  super
end

#wfs_delayObject

Set the wfs_delay setting for all exploits using the Egghunter



63
64
65
 
# File 'lib/msf/core/exploit/egghunter.rb', line 63

def wfs_delay
  30
end