Joshua Drake
6d1e7bdaa5
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP created a TFTPServer mixin created Msf::Exploit::EXE mixin to generate executables updated all uses of CmdStager to use CmdStagerVBS for the time being add exploit for cve-2001-0333 using CmdStagerTFTP updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm) git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
60 lines
1.2 KiB
Ruby
60 lines
1.2 KiB
Ruby
##
|
|
# $Id$
|
|
##
|
|
|
|
###
|
|
#
|
|
# This module exposes a simple method to create an payload in an executable.
|
|
#
|
|
###
|
|
|
|
module Msf
|
|
module Exploit::EXE
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_advanced_options(
|
|
[
|
|
OptString.new( 'EXETEMPLATE', [ false, 'The executable template file name.' ]),
|
|
OptBool.new( 'EXEINJECT', [ false, 'Set to preserve the original EXE function' ])
|
|
], self.class)
|
|
end
|
|
|
|
def generate_exe(opts = {})
|
|
if (altexe = datastore['EXETEMPLATE'])
|
|
opts.merge!({ :template => altexe })
|
|
end
|
|
if (datastore['EXEINJECT'])
|
|
opts.merge!({ :inject => true })
|
|
end
|
|
|
|
# Prefer the target's platform/architecture information, but use
|
|
# the module's if no target specific information exists
|
|
lplat ||= target_platform
|
|
lplat ||= platform
|
|
|
|
larch ||= target_arch
|
|
larch ||= arch
|
|
|
|
# Ensure we have an array
|
|
if not larch.kind_of? Array
|
|
larch = [larch]
|
|
end
|
|
|
|
# Fall back to x86...
|
|
if (larch.length < 1)
|
|
larch = [ARCH_X86]
|
|
end
|
|
|
|
# Transform the PlatformList
|
|
if (lplat.kind_of? Msf::Module::PlatformList)
|
|
lplat = lplat.platforms
|
|
end
|
|
|
|
Msf::Util::EXE.to_executable(framework, larch, lplat, payload.encoded, opts)
|
|
end
|
|
|
|
end
|
|
end
|