lib/msf/ui/console/command_dispatcher/payload.rb

# -*- coding: binary -*-

require 'rex/parser/arguments'

module Msf
  module Ui
    module Console
      module CommandDispatcher
        ###
        # Payload module command dispatcher.
        ###
        class Payload
          include Msf::Ui::Console::ModuleCommandDispatcher

          # Load supported formats
          @@supported_formats = \
            Msf::Simple::Buffer.transform_formats + \
            Msf::Util::EXE.to_executable_fmt_formats

          @@generate_opts = Rex::Parser::Arguments.new(
            "-p" => [ true,  "The platform of the payload" ],
            "-n" => [ true,  "Prepend a nopsled of [length] size on to the payload" ],
            "-f" => [ true,  "Output format: #{@@supported_formats.join(',')}" ],
            "-E" => [ false, "Force encoding" ],
            "-e" => [ true,  "The encoder to use" ],
            "-P" => [ true,  "Total desired payload size, auto-produce appropriate NOP sled length"],
            "-S" => [ true,  "The new section name to use when generating (large) Windows binaries"],
            "-b" => [ true,  "The list of characters to avoid example: '\\x00\\xff'" ],
            "-i" => [ true,  "The number of times to encode the payload" ],
            "-x" => [ true,  "Specify a custom executable file to use as a template" ],
            "-k" => [ false, "Preserve the template behavior and inject the payload as a new thread" ],
            "-o" => [ true,  "The output file name (otherwise stdout)" ],
            "-O" => [ true,  "Deprecated: alias for the '-o' option" ],
            "-v" => [ false, "Verbose output (display stage in addition to stager)" ],
            "-h" => [ false, "Show this message" ],
          )

          #
          # Returns the hash of commands specific to payload modules.
          #
          def commands
            super.update(
              "generate" => "Generates a payload",
              "to_handler" => "Creates a handler with the specified payload"
            )
          end

          def cmd_to_handler(*_args)
            handler = framework.modules.create('exploit/multi/handler')

            handler_opts = {
              'Payload'        => mod.refname,
              'LocalInput'     => driver.input,
              'LocalOutput'    => driver.output,
              'ExitOnSession'  => false,
              'RunAsJob'       => true
            }

            handler.datastore.merge!(mod.datastore)
            handler.exploit_simple(handler_opts)
            job_id = handler.job_id

            print_status "Payload Handler Started as Job #{job_id}"
          end

          #
          # Returns the command dispatcher name.
          #
          def name
            "Payload"
          end

          def cmd_generate_help
            print_line "Usage: generate [options]"
            print_line
            print_line "Generates a payload. Datastore options may be supplied after normal options."
            print_line
            print_line "Example: generate -f python LHOST=127.0.0.1"
            print @@generate_opts.usage
          end

          #
          # Generates a payload.
          #
          def cmd_generate(*args)
            # Parse the arguments
            encoder_name = nil
            sled_size    = nil
            pad_nops     = nil
            sec_name     = nil
            option_str   = nil
            badchars     = nil
            format       = "ruby"
            ofile        = nil
            iter         = 1
            force        = nil
            template     = nil
            plat         = nil
            keep         = false
            verbose      = false

            @@generate_opts.parse(args) do |opt, _idx, val|
              case opt
              when '-b'
                badchars = Rex::Text.dehex(val)
              when '-e'
                encoder_name = val
              when '-E'
                force = true
              when '-n'
                sled_size = val.to_i
              when '-P'
                pad_nops = val.to_i
              when '-S'
                sec_name = val
              when '-f'
                format = val
              when '-o'
                if val.include?('=')
                  print_error("The -o parameter of 'generate' is now preferred to indicate the output file, like with msfvenom\n")
                  option_str = val
                else
                  ofile = val
                end
              when '-O'
                print("Usage of the '-O' parameter is deprecated, prefer '-o' to indicate the output file")
                ofile = val
              when '-i'
                iter = val
              when '-k'
                keep = true
              when '-p'
                plat = val
              when '-x'
                template = val
              when '-v'
                verbose = true
              when '-h'
                cmd_generate_help
                return false
              else
                unless val.include?('=')
                  cmd_generate_help
                  return false
                end

                mod.datastore.import_options_from_s(val)
              end
            end
            if encoder_name.nil? && mod.datastore['ENCODER']
              encoder_name = mod.datastore['ENCODER']
            end

            # Generate the payload
            begin
              buf = mod.generate_simple(
                'BadChars'    => badchars,
                'Encoder'     => encoder_name,
                'Format'      => format,
                'NopSledSize' => sled_size,
                'PadNops'     => pad_nops,
                'SecName'     => sec_name,
                'OptionStr'   => option_str,
                'ForceEncode' => force,
                'Template'    => template,
                'Platform'    => plat,
                'KeepTemplateWorking' => keep,
                'Iterations' => iter,
                'Verbose' => verbose
              )
            rescue
              log_error("Payload generation failed: #{$ERROR_INFO}")
              return false
            end

            if !ofile
              # Display generated payload
              puts(buf)
            else
              print_status("Writing #{buf.length} bytes to #{ofile}...")
              fd = File.open(ofile, "wb")
              fd.write(buf)
              fd.close
            end
            true
          end

          def cmd_generate_tabs(str, words)
            fmt = {
              '-b' => [ true                                              ],
              '-E' => [ nil                                               ],
              '-e' => [ framework.encoders.map { |refname, mod| refname } ],
              '-h' => [ nil                                               ],
              '-o' => [ true                                              ],
              '-P' => [ true                                              ],
              '-S' => [ true                                              ],
              '-f' => [ :file                                             ],
              '-t' => [ @@supported_formats                               ],
              '-p' => [ true                                              ],
              '-k' => [ nil                                               ],
              '-x' => [ :file                                             ],
              '-i' => [ true                                              ],
              '-v' => [ nil                                               ]
            }
            tab_complete_generic(fmt, str, words)
          end
        end
      end
    end
  end
end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
big exe/dll update, see #2017 2010-09-21 00:13:30 +00:00
Reverting the autoload changes until we can upgrade to a new ActiveSupport library or find a workaround 2011-05-12 20:03:55 +00:00			`require 'rex/parser/arguments'`
payload generation 2005-07-10 10:08:10 +00:00
how you like me now, gold teef when I smile 2005-07-10 07:15:20 +00:00			`module Msf`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`module Ui`
			`module Console`
			`module CommandDispatcher`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`###`
			`# Payload module command dispatcher.`
			`###`
			`class Payload`
			`include Msf::Ui::Console::ModuleCommandDispatcher`

			`# Load supported formats`
Add tab completion to the payload generate command 2017-10-31 20:33:31 -04:00			`@@supported_formats = \`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`Msf::Simple::Buffer.transform_formats + \`
			`Msf::Util::EXE.to_executable_fmt_formats`

			`@@generate_opts = Rex::Parser::Arguments.new(`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`"-p" => [ true, "The platform of the payload" ],`
			`"-n" => [ true, "Prepend a nopsled of [length] size on to the payload" ],`
teach exploit how to parse datastore options too 2017-09-25 08:09:39 -05:00			`"-f" => [ true, "Output format: #{@@supported_formats.join(',')}" ],`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`"-E" => [ false, "Force encoding" ],`
			`"-e" => [ true, "The encoder to use" ],`
Fix another typo 2019-08-14 21:04:06 -05:00			`"-P" => [ true, "Total desired payload size, auto-produce appropriate NOP sled length"],`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`"-S" => [ true, "The new section name to use when generating (large) Windows binaries"],`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`"-b" => [ true, "The list of characters to avoid example: '\\x00\\xff'" ],`
			`"-i" => [ true, "The number of times to encode the payload" ],`
			`"-x" => [ true, "Specify a custom executable file to use as a template" ],`
			`"-k" => [ false, "Preserve the template behavior and inject the payload as a new thread" ],`
			`"-o" => [ true, "The output file name (otherwise stdout)" ],`
include some training wheels for users 2018-05-23 13:37:53 -05:00			`"-O" => [ true, "Deprecated: alias for the '-o' option" ],`
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`"-v" => [ false, "Verbose output (display stage in addition to stager)" ],`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`"-h" => [ false, "Show this message" ],`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`)`

			`#`
			`# Returns the hash of commands specific to payload modules.`
			`#`
			`def commands`
			`super.update(`
			`"generate" => "Generates a payload",`
			`"to_handler" => "Creates a handler with the specified payload"`
			`)`
			`end`
Added to_handler command 2016-12-28 20:03:40 +00:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`def cmd_to_handler(*_args)`
			`handler = framework.modules.create('exploit/multi/handler')`
Added to_handler command 2016-12-28 20:03:40 +00:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`handler_opts = {`
			`'Payload' => mod.refname,`
			`'LocalInput' => driver.input,`
			`'LocalOutput' => driver.output,`
			`'ExitOnSession' => false,`
			`'RunAsJob' => true`
			`}`
Added to_handler command 2016-12-28 20:03:40 +00:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`handler.datastore.merge!(mod.datastore)`
			`handler.exploit_simple(handler_opts)`
			`job_id = handler.job_id`
whitespace/indentation 2016-12-06 16:37:22 -06:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`print_status "Payload Handler Started as Job #{job_id}"`
			`end`
whitespace/indentation 2016-12-06 16:37:22 -06:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`#`
			`# Returns the command dispatcher name.`
			`#`
			`def name`
			`"Payload"`
			`end`
whitespace/indentation 2016-12-06 16:37:22 -06:00
teach exploit how to parse datastore options too 2017-09-25 08:09:39 -05:00			`def cmd_generate_help`
			`print_line "Usage: generate [options]"`
			`print_line`
Update help 2019-08-14 21:28:13 -05:00			`print_line "Generates a payload. Datastore options may be supplied after normal options."`
			`print_line`
			`print_line "Example: generate -f python LHOST=127.0.0.1"`
teach exploit how to parse datastore options too 2017-09-25 08:09:39 -05:00			`print @@generate_opts.usage`
			`end`

rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`#`
			`# Generates a payload.`
			`#`
			`def cmd_generate(*args)`
			`# Parse the arguments`
			`encoder_name = nil`
			`sled_size = nil`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`pad_nops = nil`
			`sec_name = nil`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`option_str = nil`
			`badchars = nil`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`format = "ruby"`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`ofile = nil`
			`iter = 1`
			`force = nil`
			`template = nil`
			`plat = nil`
			`keep = false`
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`verbose = false`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00
			`@@generate_opts.parse(args) do \|opt, _idx, val\|`
			`case opt`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`when '-b'`
Prefer Rex::Text.dehex over Rex::Text.hex_to_raw 2019-08-14 20:23:25 -05:00			`badchars = Rex::Text.dehex(val)`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`when '-e'`
			`encoder_name = val`
			`when '-E'`
			`force = true`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`when '-n'`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`sled_size = val.to_i`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`when '-P'`
			`pad_nops = val.to_i`
			`when '-S'`
			`sec_name = val`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`when '-f'`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`format = val`
			`when '-o'`
			`if val.include?('=')`
Properly parse option string anyway with -o 2019-08-14 20:31:15 -05:00			`print_error("The -o parameter of 'generate' is now preferred to indicate the output file, like with msfvenom\n")`
			`option_str = val`
include some training wheels for users 2018-05-23 13:37:53 -05:00			`else`
			`ofile = val`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`end`
include some training wheels for users 2018-05-23 13:37:53 -05:00			`when '-O'`
			`print("Usage of the '-O' parameter is deprecated, prefer '-o' to indicate the output file")`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`ofile = val`
			`when '-i'`
			`iter = val`
			`when '-k'`
			`keep = true`
			`when '-p'`
			`plat = val`
			`when '-x'`
			`template = val`
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`when '-v'`
			`verbose = true`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`when '-h'`
teach exploit how to parse datastore options too 2017-09-25 08:09:39 -05:00			`cmd_generate_help`
			`return false`
add inline datastore setting for msfvenom/generate commands 2017-09-25 08:00:20 -05:00			`else`
Prefer import_options_from_s over manual parsing 2019-08-14 21:08:00 -05:00			`unless val.include?('=')`
teach exploit how to parse datastore options too 2017-09-25 08:09:39 -05:00			`cmd_generate_help`
			`return false`
add inline datastore setting for msfvenom/generate commands 2017-09-25 08:00:20 -05:00			`end`
Properly parse option string anyway with -o 2019-08-14 20:31:15 -05:00
Prefer import_options_from_s over manual parsing 2019-08-14 21:08:00 -05:00			`mod.datastore.import_options_from_s(val)`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`end`
			`end`
			`if encoder_name.nil? && mod.datastore['ENCODER']`
			`encoder_name = mod.datastore['ENCODER']`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`end`

rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`# Generate the payload`
			`begin`
			`buf = mod.generate_simple(`
			`'BadChars' => badchars,`
			`'Encoder' => encoder_name,`
swizzle parameters in generate to match msfvenom 2017-07-25 10:11:11 -07:00			`'Format' => format,`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`'NopSledSize' => sled_size,`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`'PadNops' => pad_nops,`
			`'SecName' => sec_name,`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`'OptionStr' => option_str,`
			`'ForceEncode' => force,`
			`'Template' => template,`
			`'Platform' => plat,`
			`'KeepTemplateWorking' => keep,`
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`'Iterations' => iter,`
			`'Verbose' => verbose`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`)`
			`rescue`
			`log_error("Payload generation failed: #{$ERROR_INFO}")`
			`return false`
			`end`
whitespace/indentation 2016-12-06 16:37:22 -06:00
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`if !ofile`
			`# Display generated payload`
enhancement payload generate raw 2020-01-11 19:43:04 +08:00			`puts(buf)`
rubocop fixes for payload dispatcher 2017-01-02 15:39:48 -06:00			`else`
			`print_status("Writing #{buf.length} bytes to #{ofile}...")`
			`fd = File.open(ofile, "wb")`
			`fd.write(buf)`
			`fd.close`
			`end`
			`true`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`end`
Add tab completion to the payload generate command 2017-10-31 20:33:31 -04:00
			`def cmd_generate_tabs(str, words)`
Add a generic tab completion function 2017-11-01 20:38:45 -04:00			`fmt = {`
			`'-b' => [ true ],`
Tab completion for exploit and handler commands 2017-11-11 17:11:54 -05:00			`'-E' => [ nil ],`
Add a generic tab completion function 2017-11-01 20:38:45 -04:00			`'-e' => [ framework.encoders.map { \|refname, mod\| refname } ],`
Tab completion for exploit and handler commands 2017-11-11 17:11:54 -05:00			`'-h' => [ nil ],`
			`'-o' => [ true ],`
Implement sec-name and pad-nops for command dispatcher 2019-02-11 03:00:45 -06:00			`'-P' => [ true ],`
			`'-S' => [ true ],`
Tab completion for exploit and handler commands 2017-11-11 17:11:54 -05:00			`'-f' => [ :file ],`
			`'-t' => [ @@supported_formats ],`
			`'-p' => [ true ],`
			`'-k' => [ nil ],`
			`'-x' => [ :file ],`
Add generate -v to optionally show payload stage 2020-02-13 16:33:48 -06:00			`'-i' => [ true ],`
			`'-v' => [ nil ]`
Add a generic tab completion function 2017-11-01 20:38:45 -04:00			`}`
Add the new generic tab completion functoin 2017-11-11 16:47:11 -05:00			`tab_complete_generic(fmt, str, words)`
Add tab completion to the payload generate command 2017-10-31 20:33:31 -04:00			`end`
whitespace/indentation 2016-12-06 16:37:22 -06:00			`end`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00			`end`
			`end`
how you like me now, gold teef when I smile 2005-07-10 07:15:20 +00:00			`end`