Module: Msf::Simple::Payload

Includes:
Module
Defined in:
lib/msf/base/simple/payload.rb

Overview

Simple payload wrapper class for performing generation.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Module

#_import_extra_options, #init_simplified, #inspect, #load_config, #save_config

Class Method Details

.generate_simple(payload, opts) {|payload| ... } ⇒ Object

Generate a payload with the mad skillz. The payload can be generated in a number of ways.

opts can have:

Encoder     => A encoder module name.
BadChars    => A string of bad characters.
Format      => The format to represent the data as: ruby, perl, c, raw
Options     => A hash of options to set.
OptionStr   => A string of options in VAR=VAL form separated by
               whitespace.
NoComment   => Disables prepention of a comment
NopSledSize => The number of NOPs to use
MaxSize     => The maximum size of the payload.
Iterations  => Number of times to encode.
ForceEncode => Force encoding.

raises:

BadcharError => If the supplied encoder fails to encode the payload
NoKeyError => No valid encoder key could be found
ArgumentParseError => Options were supplied improperly

Yields:

  • (payload) 


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/msf/base/simple/payload.rb', line 40

def self.generate_simple(payload, opts, &block)

  # Clone the module to prevent changes to the original instance
  payload = payload.replicant
  Msf::Simple::Framework.simplify_module(payload)
  yield(payload) if block_given?

  # Import any options we may need
  payload._import_extra_options(opts)
  framework = payload.framework

  # Generate the payload
  e = EncodedPayload.create(payload,
      'BadChars'    => opts['BadChars'],
      'MinNops'     => opts['NopSledSize'],
      'PadNops'     => opts['PadNops'],
      'Encoder'     => opts['Encoder'],
      'Iterations'  => opts['Iterations'],
      'ForceEncode' => opts['ForceEncode'],
      'DisableNops' => opts['DisableNops'],
      'Space'       => opts['MaxSize'])

  fmt = opts['Format'] || 'raw'

  exeopts = {
    :inject => opts['KeepTemplateWorking'],
    :template => opts['Template'],
    :template_path => opts['ExeDir'],
    :secname => opts['SecName']
  }

  arch = payload.arch
  plat = opts['Platform'] || payload.platform

  # Save off the original payload length
  len = e.encoded.length


  if arch.index(ARCH_JAVA) and fmt == 'war'
    return e.encoded_war.pack
  end

  output = Msf::Util::EXE.to_executable_fmt(framework, arch, plat, e.encoded, fmt, exeopts)

  if not output
    # Generate jar if necessary
    if fmt == 'jar'
      return e.encoded_jar.pack
    end

    # Serialize the generated payload to some sort of format
    fmt ||= "ruby"
    output = Buffer.transform(e.encoded, fmt)

    # Prepend a comment
    if (fmt != 'raw' and opts['NoComment'] != true)
      ((ou = payload.options.options_used_to_s(payload.datastore)) and ou.length > 0) ? ou += "\n" : ou = ''
      output =
        Buffer.comment(
          "#{payload.refname} - #{len} bytes#{payload.staged? ? " (stage 1)" : ""}\n" +
          "https://metasploit.com/\n" +
          ((e.encoder) ? "Encoder: #{e.encoder.refname}\n" : '') +
          ((e.nop) ?     "NOP gen: #{e.nop.refname}\n" : '') +
          "#{ou}",
          fmt) +
        output

      # If verbose was requested and it's multistage, include the second stage too
      if opts['Verbose'] && payload.staged?
        stage = payload.generate_stage

        # If a stage was generated, then display it
        if stage and stage.length > 0
          output +=
            "\n" +
            Buffer.comment(
              "#{payload.refname} - #{stage.length} bytes (stage 2)\n" +
              "https://metasploit.com/\n",
              fmt) +
            Buffer.transform(stage, fmt)
        end
      end

    end

  end

  # How to warn?
  #if exeopts[:fellback]
  #	$stderr.puts(OutError + "Warning: Falling back to default template: #{exeopts[:fellback]}")
  #end

  return output
end

Instance Method Details

#generate_simple(opts, &block) ⇒ Object

Calls the class method.



138
139
140
 
# File 'lib/msf/base/simple/payload.rb', line 138

def generate_simple(opts, &block)
  Msf::Simple::Payload.generate_simple(self, opts, &block)
end