adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,959 Commits 27 Branches 1,043 Tags
0ae2e64bc56dd8543a97cc4ebc94de4738376488
Commit Graph

39 Commits

Author SHA1 Message Date
HD Moore 9dd82d94ae Exclude Manual ranked encoders from automatic selection, these can still be specified with -e 2015-05-18 15:47:15 -05:00
HD Moore 71eab7a236 Implements msfvenom --smallest, still some blockers 2015-05-18 15:24:59 -05:00
HD Moore a82168d7bb Fixes #5361 by adding --encoder-space to msfvenom 2015-05-18 14:27:52 -05:00
wchen-r7 2e61973411 Resolve #5343, Print payload size 
Resolve #5343. Prints payload size
 2015-05-13 16:33:22 -05:00
Brent Cook 2a327b7c91 Land #5116, better handle platform and arch in msfvenom 2015-04-17 10:55:41 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
sinn3r 56793d11c8 Fix #4866, msfvenom not properly handling platform & arch 
This fixes #4866, an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:

Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.

Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.

As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.

In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.

After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
 2015-04-09 16:01:11 -05:00
HD Moore c3479ba747 Update msfvenom & PayloadGenerator to pass in available_space 2015-03-09 01:14:56 -05:00
William Vu 1dafedf23b Clarify no encoder/badchars specified 2015-01-21 00:26:42 -06:00
William Vu 4cc027c4c1 Move "found" message to a saner location 
Thanks to Peleus for the idea.
 2015-01-20 23:58:12 -06:00
sinn3r c2bc79c53c Resolves #4275 - Configurable variable name as an option 
Resolves #4275
 2014-12-15 23:59:34 -06:00
Spencer McIntyre d74a8f6c41 Include the datastore options for the encoder too 2014-12-09 16:32:41 -05:00
sinn3r 0b51741779 Fix #4047 - undefined method `rank' due to an invalid encoder name 
Fix #4047 caused by an invalid encoder name. Also added elog() to
avoid shutting everything up in msfvenom
 2014-11-10 13:25:53 -06:00
jvazquez-r7 260e829a59 Fix PayloadGenerator to have platform into account, so msfvenom works as expected 2014-10-06 19:20:59 -05:00
Joe Vennix d9a713b415 Decode the badchars string correctly. 2014-09-20 17:48:03 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files 
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
 2014-08-17 17:31:53 -05:00
David Maloney 130474fdfd Fix java payload generation 
jsp payloads are java but do not generate JARs
also we were not merging datastore options in properly
 2014-03-18 13:41:27 -05:00
David Maloney f51cbfffb8 minor fix to payload generator 
was passing platform string instead of the
platform lsit when formatting the payload
 2014-02-25 15:51:06 -06:00
David Maloney 4565be18e3 require active_support numeric 
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
 2014-02-12 13:20:13 -06:00
David Maloney f189b753e5 use more clear syntax for space 
use 1.gigabyte as kronicdeth suggested, for great awesomeness
 2014-02-07 15:52:19 -06:00
David Maloney aa3985c5e3 relign attribute tags 2014-02-07 11:04:17 -06:00
David Maloney 5d8dc76f48 put verbose messages to stderr 
egypt pointed out we'll stomp on the payload output
otherwise. Good catch
 2014-02-07 10:22:39 -06:00
David Maloney 9d9305d2c0 more yardtag cleanup 2014-02-06 11:16:00 -06:00
David Maloney 34c4718e95 more style fixups 
further kronicdeth appeasement
 2014-02-05 18:12:44 -06:00
David Maloney 1bf11e5b92 some alpha-sorting 
begining to appease KronicDeth
 2014-02-05 17:47:32 -06:00
David Maloney ca48fb6590 fix encoding cycle if all encoders fail 
we need to raise an exception if all encoders fail
 2014-02-05 15:25:14 -06:00
David Maloney 1227a47342 fix exe template 
don't pass an emtpy string for templates
this causes read errors. pass no value instead
 2014-02-05 12:10:14 -06:00
David Maloney 508f251db2 add cli compat 
add cli capability to putut verbose info to the console
 2014-02-05 11:00:57 -06:00
David Maloney 293c231dfe alpha-sort methods for ease 
lexically sorted methods to make it easier to
look through code
 2014-02-04 18:05:03 -06:00
David Maloney fc9105d862 final generation and specs 
generation wrapped method complete with specs
 2014-02-04 17:52:20 -06:00
David Maloney 4dcae920f8 add specs for generate_java_payload 
pretty self-explanatory
 2014-02-04 17:40:59 -06:00
David Maloney 70d8246791 finish wiring up the final generation 
formating and main generate methods wired up
still need to add some final tests
 2014-02-04 15:52:18 -06:00
David Maloney c8b7dc30b4 added encoding routines 
now has a method for encoding the shellcode
and tests to go with
 2014-02-03 17:51:22 -06:00
David Maloney 3b648346da starting in on encoders 
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
 2014-02-03 00:59:08 -06:00
David Maloney 4a82bc74cf added nop sled generator 
added code to prepend a nop sled
with tests to match
 2014-02-02 22:51:12 -06:00
David Maloney bb5f5542f0 generating raw payload bits now 
added raw payload generation, arch selection,
and specs for everything thus far
 2014-02-02 21:09:17 -06:00
David Maloney f9c31f988e test platform selection 
added tests around platform selection
 2014-02-02 16:52:41 -06:00
David Maloney f5d730e874 write specs around initialiser 
added specs around object initialisation
 2014-02-02 16:05:11 -06:00
David Maloney e265d6f54c begining of payload generator 
started basics of generator
started adding specs
added option to simple framework to disable logging
 2014-02-02 14:35:16 -06:00