lib/msf/base/simple/buffer.rb

# -*- coding: binary -*-


module Msf
module Simple

###
#
# Wraps interaction with a generated buffer from the framework.
# Its primary use is to transform a raw buffer into another
# format.
#
###
module Buffer

  class BufferFormatError < ::ArgumentError; end
  #
  # Serializes a buffer to a provided format.  The formats supported are raw,
  # num, dword, ruby, rust, python, perl, bash, c, js_be, js_le, java and psh
  #
  def self.transform(buf, fmt = "ruby", var_name = 'buf', encryption_opts={})
    default_wrap = 60

    unless encryption_opts.empty?
      buf = encrypt_buffer(buf, encryption_opts)
    end

    case fmt
      when 'raw'
      when 'num'
        buf = Rex::Text.to_num(buf)
      when 'hex'
        buf = Rex::Text.to_hex(buf, '')
      when 'dword', 'dw'
        buf = Rex::Text.to_dword(buf)
      when 'python', 'py'
        buf = Rex::Text.to_python(buf, default_wrap, var_name)
      when 'ruby', 'rb'
        buf = Rex::Text.to_ruby(buf, default_wrap, var_name)
      when 'perl', 'pl'
        buf = Rex::Text.to_perl(buf, default_wrap, var_name)
      when 'bash', 'sh'
        buf = Rex::Text.to_bash(buf, default_wrap, var_name)
      when 'c'
        buf = Rex::Text.to_c(buf, default_wrap, var_name)
      when 'csharp'
        buf = Rex::Text.to_csharp(buf, default_wrap, var_name)
      when 'js_be'
        buf = Rex::Text.to_unescape(buf, ENDIAN_BIG)
      when 'js_le'
        buf = Rex::Text.to_unescape(buf, ENDIAN_LITTLE)
      when 'java'
        buf = Rex::Text.to_java(buf, var_name)
      when 'powershell', 'ps1'
        buf = Rex::Powershell.to_powershell(buf, var_name)
      when 'vbscript'
        buf = Rex::Text.to_vbscript(buf, var_name)
      when 'vbapplication'
        buf = Rex::Text.to_vbapplication(buf, var_name)
      when 'base32'
        buf = Rex::Text.encode_base32(buf)
      when 'base64'
        buf = Rex::Text.encode_base64(buf)
      when 'go','golang'
        buf = Rex::Text.to_golang(buf)
      when 'masm'
        buf = Rex::Text.to_masm(buf)
      when 'nim','nimlang'
        buf = Rex::Text.to_nim(buf)
      when 'rust', 'rustlang'
        buf = Rex::Text.to_rust(buf)
      when 'octal'
        buf = Rex::Text.to_octal(buf)
      else
        raise BufferFormatError, "Unsupported buffer format: #{fmt}", caller
    end

    return buf
  end

  #
  # Creates a comment using the supplied format.  The formats supported are
  # raw, ruby, rust python, perl, bash, js_be, js_le, c, and java.
  #
  def self.comment(buf, fmt = "ruby")
    case fmt
      when 'raw'
      when 'num', 'dword', 'dw', 'hex', 'octal', 'base64', 'base32'
        # These are string encodings, not languages; default to the js comment.
        buf = Rex::Text.to_js_comment(buf)
      when 'ruby', 'rb', 'python', 'py'
        buf = Rex::Text.to_ruby_comment(buf)
      when 'perl', 'pl'
        buf = Rex::Text.to_perl_comment(buf)
      when 'bash', 'sh'
        buf = Rex::Text.to_bash_comment(buf)
      when 'c'
        buf = Rex::Text.to_c_comment(buf)
      when 'csharp'
        buf = Rex::Text.to_c_comment(buf)
      when 'js_be', 'js_le'
        buf = Rex::Text.to_js_comment(buf)
      when 'java'
        buf = Rex::Text.to_c_comment(buf)
      when 'powershell','ps1'
        buf = Rex::Text.to_psh_comment(buf)
      when 'go','golang'
        buf = Rex::Text.to_golang_comment(buf)
      when 'masm','ml64'
        buf = Rex::Text.to_masm_comment(buf)
      when 'nim','nimlang'
        buf = Rex::Text.to_nim_comment(buf)
      when 'rust', 'rustlang'
        buf = Rex::Text.to_rust_comment(buf)
      else
        raise BufferFormatError, "Unsupported buffer format: #{fmt}", caller
    end

    return buf
  end

  #
  # Returns the list of supported formats
  #
  def self.transform_formats
    [
      'base32',
      'base64',
      'bash',
      'c',
      'csharp',
      'dw',
      'dword',
      'go',
      'golang',
      'hex',
      'java',
      'js_be',
      'js_le',
      'masm',
      'nim',
      'nimlang',
      'num',
      'octal',
      'perl',
      'pl',
      'powershell',
      'ps1',
      'py',
      'python',
      'raw',
      'rb',
      'ruby',
      'rust',
      'rustlang',
      'sh',
      'vbapplication',
      'vbscript'
    ]
  end

  def self.encryption_formats
    [
      'xor',
      'base64',
      'aes256',
      'rc4'
    ]
  end

  private

  def self.encrypt_buffer(value, encryption_opts)
    buf = ''

    case encryption_opts[:format]
    when 'aes256'
      if encryption_opts[:iv].blank?
        raise ArgumentError, 'Initialization vector is missing'
      elsif encryption_opts[:key].blank?
        raise ArgumentError, 'Encryption key is missing'
      end

      buf = Rex::Crypto.encrypt_aes256(encryption_opts[:iv], encryption_opts[:key], value)
    when 'base64'
      buf = Rex::Text.encode_base64(value)
    when 'xor'
      if encryption_opts[:key].blank?
        raise ArgumentError, 'XOR key is missing'
      end

      buf = Rex::Text.xor(encryption_opts[:key], value)
    when 'rc4'
      if encryption_opts[:key].blank?
        raise ArgumentError, 'Encryption key is missing'
      end

      buf = Rex::Crypto.rc4(encryption_opts[:key], value)
    else
      raise ArgumentError, "Unsupported encryption format: #{encryption_opts[:format]}", caller
    end

    return buf
  end

end

end
end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00
simple wrappers 2005-07-10 09:42:49 +00:00
			`module Msf`
			`module Simple`

			`###`
			`#`
			`# Wraps interaction with a generated buffer from the framework.`
			`# Its primary use is to transform a raw buffer into another`
			`# format.`
			`#`
			`###`
			`module Buffer`

Dump formats when invalid format is selected 2018-11-04 09:25:37 -05:00			`class BufferFormatError < ::ArgumentError; end`
simple wrappers 2005-07-10 09:42:49 +00:00			`#`
docs 2005-11-15 15:29:56 +00:00			`# Serializes a buffer to a provided format. The formats supported are raw,`
Added Rust Programming Language format support for generating payloads 2022-10-30 21:14:51 +13:00			`# num, dword, ruby, rust, python, perl, bash, c, js_be, js_le, java and psh`
simple wrappers 2005-07-10 09:42:49 +00:00			`#`
Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`def self.transform(buf, fmt = "ruby", var_name = 'buf', encryption_opts={})`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`default_wrap = 60`

Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`unless encryption_opts.empty?`
			`buf = encrypt_buffer(buf, encryption_opts)`
			`end`

Revert downcase throughout, instead use single downcase within option parsing 2018-11-04 08:57:45 -05:00			`case fmt`
simple wrappers 2005-07-10 09:42:49 +00:00			`when 'raw'`
added 2 new output types for msfencode: num and dword 2013-11-20 22:36:17 +01:00			`when 'num'`
			`buf = Rex::Text.to_num(buf)`
added new hex format 2015-02-24 16:05:02 +01:00			`when 'hex'`
remove newline 2015-02-24 17:35:53 +01:00			`buf = Rex::Text.to_hex(buf, '')`
added 2 new output types for msfencode: num and dword 2013-11-20 22:36:17 +01:00			`when 'dword', 'dw'`
			`buf = Rex::Text.to_dword(buf)`
Fix hard vs soft tabs 2013-05-13 20:44:51 -05:00			`when 'python', 'py'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_python(buf, default_wrap, var_name)`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`when 'ruby', 'rb'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_ruby(buf, default_wrap, var_name)`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`when 'perl', 'pl'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_perl(buf, default_wrap, var_name)`
Bash format for msfencode/msfvenom 2011-11-11 00:13:17 -08:00			`when 'bash', 'sh'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_bash(buf, default_wrap, var_name)`
simple wrappers 2005-07-10 09:42:49 +00:00			`when 'c'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_c(buf, default_wrap, var_name)`
This commit adds support for C# byte arrays for the assembly payloads. 2013-06-11 19:27:06 -05:00			`when 'csharp'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_csharp(buf, default_wrap, var_name)`
Added javascript and win32 pe output formats 2006-07-31 04:05:20 +00:00			`when 'js_be'`
			`buf = Rex::Text.to_unescape(buf, ENDIAN_BIG)`
			`when 'js_le'`
			`buf = Rex::Text.to_unescape(buf, ENDIAN_LITTLE)`
This patch adds support for java byte array output (useful for sticking shellcode into java applets). 2007-05-07 04:42:11 +00:00			`when 'java'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_java(buf, var_name)`
Fix psh and add powershell transform 2013-08-23 15:59:19 +01:00			`when 'powershell', 'ps1'`
rip out old rex code and replace with gems 2016-06-21 13:56:36 -05:00			`buf = Rex::Powershell.to_powershell(buf, var_name)`
vbs transform 2013-08-23 16:26:03 +01:00			`when 'vbscript'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_vbscript(buf, var_name)`
vba transform 2013-08-23 18:00:19 +01:00			`when 'vbapplication'`
Resolves #4275 - Configurable variable name as an option 2014-12-15 23:59:34 -06:00			`buf = Rex::Text.to_vbapplication(buf, var_name)`
Finish up the .NET deserialization tool 2020-04-29 17:50:07 -04:00			`when 'base32'`
			`buf = Rex::Text.encode_base32(buf)`
			`when 'base64'`
			`buf = Rex::Text.encode_base64(buf)`
Added golang format support for generating payload 2022-08-26 07:49:11 -04:00			`when 'go','golang'`
added reference to new gemlock file. 2022-08-26 08:45:43 -04:00			`buf = Rex::Text.to_golang(buf)`
add support to masm formatting 2023-05-31 17:17:17 +02:00			`when 'masm'`
			`buf = Rex::Text.to_masm(buf)`
working on nim shellcode generator 2022-09-02 07:55:39 -04:00			`when 'nim','nimlang'`
			`buf = Rex::Text.to_nim(buf)`
Added Rust Programming Language format support for generating payloads 2022-10-30 21:14:51 +13:00			`when 'rust', 'rustlang'`
			`buf = Rex::Text.to_rust(buf)`
Add support to msfvenom for "-f octal". 2023-09-13 12:08:21 -06:00			`when 'octal'`
			`buf = Rex::Text.to_octal(buf)`
simple wrappers 2005-07-10 09:42:49 +00:00			`else`
Dump formats when invalid format is selected 2018-11-04 09:25:37 -05:00			`raise BufferFormatError, "Unsupported buffer format: #{fmt}", caller`
simple wrappers 2005-07-10 09:42:49 +00:00			`end`

			`return buf`
			`end`

more cool shit 2005-07-10 19:21:40 +00:00			`#`
docs 2005-11-15 15:29:56 +00:00			`# Creates a comment using the supplied format. The formats supported are`
Added Rust Programming Language format support for generating payloads 2022-10-30 21:14:51 +13:00			`# raw, ruby, rust python, perl, bash, js_be, js_le, c, and java.`
more cool shit 2005-07-10 19:21:40 +00:00			`#`
			`def self.comment(buf, fmt = "ruby")`
Revert downcase throughout, instead use single downcase within option parsing 2018-11-04 08:57:45 -05:00			`case fmt`
more cool shit 2005-07-10 19:21:40 +00:00			`when 'raw'`
Add support for base32/64 comments. 2023-09-21 08:50:58 -06:00			`when 'num', 'dword', 'dw', 'hex', 'octal', 'base64', 'base32'`
			`# These are string encodings, not languages; default to the js comment.`
set _comment method to js for num and dword 2013-11-20 23:10:55 +01:00			`buf = Rex::Text.to_js_comment(buf)`
Add a Python buffer formatter and update msfpayload to enable using it 2013-05-13 20:41:15 -05:00			`when 'ruby', 'rb', 'python', 'py'`
more cool shit 2005-07-10 19:21:40 +00:00			`buf = Rex::Text.to_ruby_comment(buf)`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`when 'perl', 'pl'`
more cool shit 2005-07-10 19:21:40 +00:00			`buf = Rex::Text.to_perl_comment(buf)`
Bash format for msfencode/msfvenom 2011-11-11 00:13:17 -08:00			`when 'bash', 'sh'`
			`buf = Rex::Text.to_bash_comment(buf)`
more cool shit 2005-07-10 19:21:40 +00:00			`when 'c'`
			`buf = Rex::Text.to_c_comment(buf)`
This commit adds support for C# byte arrays for the assembly payloads. 2013-06-11 19:27:06 -05:00			`when 'csharp'`
			`buf = Rex::Text.to_c_comment(buf)`
Added javascript and win32 pe output formats 2006-07-31 04:05:20 +00:00			`when 'js_be', 'js_le'`
			`buf = Rex::Text.to_js_comment(buf)`
This patch adds support for java byte array output (useful for sticking shellcode into java applets). 2007-05-07 04:42:11 +00:00			`when 'java'`
			`buf = Rex::Text.to_c_comment(buf)`
Fix broken `ps1` and `powershell` transform 2019-09-18 12:20:16 -05:00			`when 'powershell','ps1'`
			`buf = Rex::Text.to_psh_comment(buf)`
Added golang format support for generating payload 2022-08-26 07:49:11 -04:00			`when 'go','golang'`
added reference to new gemlock file. 2022-08-26 08:45:43 -04:00			`buf = Rex::Text.to_golang_comment(buf)`
[+] add masm output support 2023-06-13 06:55:16 +02:00			`when 'masm','ml64'`
			`buf = Rex::Text.to_masm_comment(buf)`
working on nim shellcode generator 2022-09-02 07:55:39 -04:00			`when 'nim','nimlang'`
			`buf = Rex::Text.to_nim_comment(buf)`
Added Rust Programming Language format support for generating payloads 2022-10-30 21:14:51 +13:00			`when 'rust', 'rustlang'`
Fixed typo in the self.comment function for Rust 2022-10-31 17:22:29 +13:00			`buf = Rex::Text.to_rust_comment(buf)`
more cool shit 2005-07-10 19:21:40 +00:00			`else`
Dump formats when invalid format is selected 2018-11-04 09:25:37 -05:00			`raise BufferFormatError, "Unsupported buffer format: #{fmt}", caller`
more cool shit 2005-07-10 19:21:40 +00:00			`end`

			`return buf`
			`end`

big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`#`
			`# Returns the list of supported formats`
			`#`
			`def self.transform_formats`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`[`
Finish up the .NET deserialization tool 2020-04-29 17:50:07 -04:00			`'base32',`
			`'base64',`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`'bash',`
			`'c',`
			`'csharp',`
			`'dw',`
			`'dword',`
added reference to new gemlock file. 2022-08-26 08:45:43 -04:00			`'go',`
			`'golang',`
added new hex format 2015-02-24 16:05:02 +01:00			`'hex',`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`'java',`
			`'js_be',`
			`'js_le',`
add support to masm formatting 2023-05-31 17:17:17 +02:00			`'masm',`
working on nim shellcode generator 2022-09-02 07:55:39 -04:00			`'nim',`
			`'nimlang',`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`'num',`
Add support to msfvenom for "-f octal". 2023-09-13 12:08:21 -06:00			`'octal',`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`'perl',`
			`'pl',`
			`'powershell',`
			`'ps1',`
			`'py',`
			`'python',`
			`'raw',`
			`'rb',`
			`'ruby',`
Added Rust Programming Language format support for generating payloads 2022-10-30 21:14:51 +13:00			`'rust',`
			`'rustlang',`
sorted out the sorts without .sort 2013-12-02 11:57:52 +01:00			`'sh',`
			`'vbapplication',`
			`'vbscript'`
			`]`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`end`

Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`def self.encryption_formats`
			`[`
			`'xor',`
			`'base64',`
			`'aes256',`
			`'rc4'`
			`]`
			`end`

			`private`

			`def self.encrypt_buffer(value, encryption_opts)`
			`buf = ''`

Revert downcase throughout, instead use single downcase within option parsing 2018-11-04 08:57:45 -05:00			`case encryption_opts[:format]`
Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`when 'aes256'`
Add some checks in buffer.rb and fix option in msfvenom 2018-04-11 13:02:35 -05:00			`if encryption_opts[:iv].blank?`
			`raise ArgumentError, 'Initialization vector is missing'`
			`elsif encryption_opts[:key].blank?`
			`raise ArgumentError, 'Encryption key is missing'`
			`end`

Move crypto methods to Rex::Crypto namespace 2018-04-17 20:12:26 -05:00			`buf = Rex::Crypto.encrypt_aes256(encryption_opts[:iv], encryption_opts[:key], value)`
Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`when 'base64'`
			`buf = Rex::Text.encode_base64(value)`
			`when 'xor'`
Add some checks in buffer.rb and fix option in msfvenom 2018-04-11 13:02:35 -05:00			`if encryption_opts[:key].blank?`
			`raise ArgumentError, 'XOR key is missing'`
			`end`

Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`buf = Rex::Text.xor(encryption_opts[:key], value)`
			`when 'rc4'`
Add some checks in buffer.rb and fix option in msfvenom 2018-04-11 13:02:35 -05:00			`if encryption_opts[:key].blank?`
			`raise ArgumentError, 'Encryption key is missing'`
			`end`

Move crypto methods to Rex::Crypto namespace 2018-04-17 20:12:26 -05:00			`buf = Rex::Crypto.rc4(encryption_opts[:key], value)`
Add encryption support for shellcode 2018-04-10 11:14:14 -05:00			`else`
			`raise ArgumentError, "Unsupported encryption format: #{encryption_opts[:format]}", caller`
			`end`

			`return buf`
			`end`

simple wrappers 2005-07-10 09:42:49 +00:00			`end`

			`end`
comment updates 2009-01-09 02:16:02 +00:00			`end`