lib/msf/base/simple/payload.rb

# -*- coding: binary -*-


module Msf
module Simple

###
#
# Simple payload wrapper class for performing generation.
#
###
module Payload

  include Module

  #
  # Generate a payload with the mad skillz.  The payload can be generated in
  # a number of ways.
  #
  # opts can have:
  #
  #   Encoder     => A encoder module name.
  #   BadChars    => A string of bad characters.
  #   Format      => The format to represent the data as: ruby, perl, c, raw
  #   Options     => A hash of options to set.
  #   OptionStr   => A string of options in VAR=VAL form separated by
  #                  whitespace.
  #   NoComment   => Disables prepention of a comment
  #   NopSledSize => The number of NOPs to use
  #   MaxSize     => The maximum size of the payload.
  #   Iterations  => Number of times to encode.
  #   ForceEncode => Force encoding.
  #
  # raises:
  #
  #   BadcharError => If the supplied encoder fails to encode the payload
  #   NoKeyError => No valid encoder key could be found
  #   ArgumentParseError => Options were supplied improperly
  #
  def self.generate_simple(payload, opts, &block)

    # Clone the module to prevent changes to the original instance
    payload = payload.replicant
    Msf::Simple::Framework.simplify_module(payload)
    yield(payload) if block_given?

    # Import any options we may need
    payload._import_extra_options(opts)
    framework = payload.framework

    # Generate the payload
    e = EncodedPayload.create(payload,
        'BadChars'    => opts['BadChars'],
        'MinNops'     => opts['NopSledSize'],
        'PadNops'     => opts['PadNops'],
        'Encoder'     => opts['Encoder'],
        'Iterations'  => opts['Iterations'],
        'ForceEncode' => opts['ForceEncode'],
        'DisableNops' => opts['DisableNops'],
        'Space'       => opts['MaxSize'])

    fmt = opts['Format'] || 'raw'

    exeopts = {
      :inject => opts['KeepTemplateWorking'],
      :template => opts['Template'],
      :template_path => opts['ExeDir'],
      :secname => opts['SecName']
    }

    arch = payload.arch
    plat = opts['Platform'] || payload.platform

    # Save off the original payload length
    len = e.encoded.length


    if arch.index(ARCH_JAVA) and fmt == 'war'
      return e.encoded_war.pack
    end

    output = Msf::Util::EXE.to_executable_fmt(framework, arch, plat, e.encoded, fmt, exeopts)

    if not output
      # Generate jar if necessary
      if fmt == 'jar'
        return e.encoded_jar.pack
      end

      # Serialize the generated payload to some sort of format
      fmt ||= "ruby"
      output = Buffer.transform(e.encoded, fmt)

      # Prepend a comment
      if (fmt != 'raw' and opts['NoComment'] != true)
        ((ou = payload.options.options_used_to_s(payload.datastore)) and ou.length > 0) ? ou += "\n" : ou = ''
        output =
          Buffer.comment(
            "#{payload.refname} - #{len} bytes#{payload.staged? ? " (stage 1)" : ""}\n" +
            "https://metasploit.com/\n" +
            ((e.encoder) ? "Encoder: #{e.encoder.refname}\n" : '') +
            ((e.nop) ?     "NOP gen: #{e.nop.refname}\n" : '') +
            "#{ou}",
            fmt) +
          output

        # If verbose was requested and it's multistage, include the second stage too
        if opts['Verbose'] && payload.staged?
          stage = payload.generate_stage

          # If a stage was generated, then display it
          if stage and stage.length > 0
            output +=
              "\n" +
              Buffer.comment(
                "#{payload.refname} - #{stage.length} bytes (stage 2)\n" +
                "https://metasploit.com/\n",
                fmt) +
              Buffer.transform(stage, fmt)
          end
        end

      end

    end

    # How to warn?
    #if exeopts[:fellback]
    #	$stderr.puts(OutError + "Warning: Falling back to default template: #{exeopts[:fellback]}")
    #end

    return output
  end

  #
  # Calls the class method.
  #
  def generate_simple(opts, &block)
    Msf::Simple::Payload.generate_simple(self, opts, &block)
  end

end

end
end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00
simple wrappers 2005-07-10 09:42:49 +00:00
			`module Msf`
			`module Simple`

			`###`
			`#`
			`# Simple payload wrapper class for performing generation.`
			`#`
			`###`
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`module Payload`

			`include Module`
Retab lib 2013-08-30 16:28:33 -05:00
simple wrappers 2005-07-10 09:42:49 +00:00			`#`
			`# Generate a payload with the mad skillz. The payload can be generated in`
			`# a number of ways.`
			`#`
			`# opts can have:`
			`#`
msfweb payload generation functional 2005-11-25 01:59:54 +00:00			`# Encoder => A encoder module name.`
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`# BadChars => A string of bad characters.`
fixed up encoding, made payload generation pimper 2005-07-13 21:09:07 +00:00			`# Format => The format to represent the data as: ruby, perl, c, raw`
			`# Options => A hash of options to set.`
			`# OptionStr => A string of options in VAR=VAL form separated by`
			`# whitespace.`
			`# NoComment => Disables prepention of a comment`
			`# NopSledSize => The number of NOPs to use`
msfweb payload generation functional 2005-11-25 01:59:54 +00:00			`# MaxSize => The maximum size of the payload.`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`# Iterations => Number of times to encode.`
Fix incorrect parameter docstring. 2023-09-20 14:30:05 -06:00			`# ForceEncode => Force encoding.`
simple wrappers 2005-07-10 09:42:49 +00:00			`#`
tearing up the house, fixed some invalid exception names, payload encoding rocks 2005-07-10 19:35:46 +00:00			`# raises:`
			`#`
			`# BadcharError => If the supplied encoder fails to encode the payload`
			`# NoKeyError => No valid encoder key could be found`
			`# ArgumentParseError => Options were supplied improperly`
			`#`
Adds a block callback to work with the replicant 2012-06-14 16:21:06 -05:00			`def self.generate_simple(payload, opts, &block)`
Retab lib 2013-08-30 16:28:33 -05:00
Always clone modules before running them via the simplified wrappers. 2012-02-29 01:34:29 -06:00			`# Clone the module to prevent changes to the original instance`
			`payload = payload.replicant`
Simplify the module instance (required to call certain methods) 2012-03-07 07:59:41 -06:00			`Msf::Simple::Framework.simplify_module(payload)`
Adds a block callback to work with the replicant 2012-06-14 16:21:06 -05:00			`yield(payload) if block_given?`
Retab lib 2013-08-30 16:28:33 -05:00
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`# Import any options we may need`
			`payload._import_extra_options(opts)`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`framework = payload.framework`
Retab lib 2013-08-30 16:28:33 -05:00
simple wrappers 2005-07-10 09:42:49 +00:00			`# Generate the payload`
fixed up encoding, made payload generation pimper 2005-07-13 21:09:07 +00:00			`e = EncodedPayload.create(payload,`
Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00			`'BadChars' => opts['BadChars'],`
			`'MinNops' => opts['NopSledSize'],`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`'PadNops' => opts['PadNops'],`
Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00			`'Encoder' => opts['Encoder'],`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`'Iterations' => opts['Iterations'],`
			`'ForceEncode' => opts['ForceEncode'],`
Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00			`'DisableNops' => opts['DisableNops'],`
			`'Space' => opts['MaxSize'])`
Retab lib 2013-08-30 16:28:33 -05:00
more cool shit 2005-07-10 19:21:40 +00:00			`fmt = opts['Format'] \|\| 'raw'`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`exeopts = {`
			`:inject => opts['KeepTemplateWorking'],`
			`:template => opts['Template'],`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`:template_path => opts['ExeDir'],`
			`:secname => opts['SecName']`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`}`
Retab lib 2013-08-30 16:28:33 -05:00
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`arch = payload.arch`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`plat = opts['Platform'] \|\| payload.platform`
Retab lib 2013-08-30 16:28:33 -05:00
yea yea 2005-07-11 05:25:50 +00:00			`# Save off the original payload length`
fixed up encoding, made payload generation pimper 2005-07-13 21:09:07 +00:00			`len = e.encoded.length`
Retab lib 2013-08-30 16:28:33 -05:00

fix generating war files for Java payloads from within msfconsole 2012-03-27 22:43:50 +02:00			`if arch.index(ARCH_JAVA) and fmt == 'war'`
			`return e.encoded_war.pack`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`output = Msf::Util::EXE.to_executable_fmt(framework, arch, plat, e.encoded, fmt, exeopts)`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`if not output`
Support 'jar' format when generating payloads. 2011-04-16 02:11:12 +00:00			`# Generate jar if necessary`
			`if fmt == 'jar'`
			`return e.encoded_jar.pack`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`# Serialize the generated payload to some sort of format`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`fmt \|\|= "ruby"`
			`output = Buffer.transform(e.encoded, fmt)`
Retab lib 2013-08-30 16:28:33 -05:00
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`# Prepend a comment`
			`if (fmt != 'raw' and opts['NoComment'] != true)`
			`((ou = payload.options.options_used_to_s(payload.datastore)) and ou.length > 0) ? ou += "\n" : ou = ''`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`output =`
			`Buffer.comment(`
			`"#{payload.refname} - #{len} bytes#{payload.staged? ? " (stage 1)" : ""}\n" +`
Update generate splat from http:// to https:// 2019-08-15 18:11:39 -05:00			`"https://metasploit.com/\n" +`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`((e.encoder) ? "Encoder: #{e.encoder.refname}\n" : '') +`
			`((e.nop) ? "NOP gen: #{e.nop.refname}\n" : '') +`
			`"#{ou}",`
			`fmt) +`
			`output`
Retab lib 2013-08-30 16:28:33 -05:00
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`# If verbose was requested and it's multistage, include the second stage too`
			`if opts['Verbose'] && payload.staged?`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`stage = payload.generate_stage`
Retab lib 2013-08-30 16:28:33 -05:00
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`# If a stage was generated, then display it`
			`if stage and stage.length > 0`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`output +=`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`"\n" +`
			`Buffer.comment(`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`"#{payload.refname} - #{stage.length} bytes (stage 2)\n" +`
Update generate splat from http:// to https:// 2019-08-15 18:11:39 -05:00			`"https://metasploit.com/\n",`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`fmt) +`
			`Buffer.transform(stage, fmt)`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`end`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
more cool shit 2005-07-10 19:21:40 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`# How to warn?`
			`#if exeopts[:fellback]`
			`# $stderr.puts(OutError + "Warning: Falling back to default template: #{exeopts[:fellback]}")`
			`#end`
Retab lib 2013-08-30 16:28:33 -05:00
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00			`return output`
simple wrappers 2005-07-10 09:42:49 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Calls the class method.`
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`#`
fix missing bock transitions 2012-06-15 14:25:47 -05:00			`def generate_simple(opts, &block)`
			`Msf::Simple::Payload.generate_simple(self, opts, &block)`
lots of changes, making the simple wrapper better, lots of improvements 2005-07-14 06:34:58 +00:00			`end`

simple wrappers 2005-07-10 09:42:49 +00:00			`end`

			`end`
add support for doing everything msfpayload does into msfconsole and xmlrpc, fixes #589 . Thanks, Ryan Linn for the patch 2010-07-23 20:22:36 +00:00			`end`