Class: Rex::Post::Meterpreter::Extensions::Bofloader::BofPack

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Extensions::Bofloader::BofPack

Defined in:

lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb

Overview

Code referenced from: github.com/trustedsec/COFFLoader/blob/main/beacon_generate.py Emulates the native Cobalt Strike bof_pack() function. Documented here: hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics_aggressor-scripts/as-resources_functions.htm#bof_pack

Type Description Unpack With © ——–|—————————————|—————————— b | binary data | BeaconDataExtract i | 4-byte integer | BeaconDataInt s | 2-byte short integer | BeaconDataShort z | zero-terminated+encoded string | BeaconDataExtract Z | zero-terminated wide-char string | (wchar_t *)BeaconDataExtract

Instance Method Summary

• #add_binary(binary) ⇒ Object
• #add_int(dint) ⇒ Object
• #add_short(short) ⇒ Object
• #add_str(str) ⇒ Object
• #add_wstr(wstr) ⇒ Object
• #bof_pack(fstring, args) ⇒ Object
• #finalize_buffer ⇒ Object
• #initialize ⇒ BofPack constructor

  A new instance of BofPack.

• #reset ⇒ Object

Constructor Details

#initialize ⇒ BofPack

Returns a new instance of BofPack.

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 39

def initialize
  reset
end

Instance Method Details

#add_binary(binary) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 43

def add_binary(binary)
  # Add binary data to the buffer
  binary = binary.bytes if binary.is_a? String
  b_length = binary.length
  binary = [b_length] + binary
  buf = binary.pack("I<c#{b_length}")
  @size += buf.length
  @buffer << buf
end

#add_int(dint) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 53

def add_int(dint)
  @buffer << [dint.to_i].pack('I<')
  @size += 4
end

#add_short(short) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 58

def add_short(short)
  @buffer << [short.to_i].pack('s<')
  @size += 2
end

#add_str(str) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 63

def add_str(str)
  str = str.encode('utf-8').bytes
  str << 0x00 # Null terminated strings...
  s_length = str.length
  str = [s_length] + str
  buf = str.pack("I<c#{s_length}")
  @size += buf.length
  @buffer << buf
end

#add_wstr(wstr) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 73

def add_wstr(wstr)
  wstr = wstr.encode('utf-16le').bytes
  wstr << 0x00 << 0x00 # Null terminated wide string
  s_length = wstr.length
  wstr = [s_length] + wstr
  buf = wstr.pack("I<c#{s_length}")
  @size += buf.length
  @buffer << buf
end

#bof_pack(fstring, args) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 94

def bof_pack(fstring, args)
  # Wrapper function to pack an entire bof command line into a buffer
  if fstring.nil? || args.nil?
    return finalize_buffer
  end

  if fstring.length != args.length
    raise BofPackingError, 'Mismatched format and argument lengths'
  end

  fstring.chars.zip(args).each do |c, arg|
    case c
    when 'b'
      add_binary(arg)
    when 'i'
      add_int(arg)
    when 's'
      add_short(arg)
    when 'z'
      add_str(arg)
    when 'Z'
      add_wstr(arg)
    else
      raise BofPackingError, "Invalid character in format string: #{c}. Must be one of \"b, i, s, z, Z\""
    end
  end

  # return the packed bof_string
  finalize_buffer
end

#finalize_buffer ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 83

def finalize_buffer
  output = [@size].pack('I<') + @buffer
  reset
  output
end

#reset ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 89

def reset
  @buffer = ''
  @size = 0
end