Joshua Drake
001a6ffbdb
git-svn-id: file:///home/svn/framework3/trunk@10412 4d416f70-5f16-0410-b530-b9f4589650da
116 lines
2.6 KiB
Ruby
116 lines
2.6 KiB
Ruby
##
|
|
# $Id$
|
|
##
|
|
|
|
###
|
|
#
|
|
# This module exposes a simple method to create an payload in an executable.
|
|
#
|
|
###
|
|
|
|
module Msf
|
|
module Exploit::EXE
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_advanced_options(
|
|
[
|
|
OptString.new( 'EXE::Path', [ false, 'The directory in which to look for the executable template' ]),
|
|
OptString.new( 'EXE::Template', [ false, 'The executable template file name.' ]),
|
|
OptBool.new( 'EXE::Inject', [ false, 'Set to preserve the original EXE function' ]),
|
|
OptBool.new( 'EXE::OldMethod', [ false, 'Set to use the substitution EXE generation method.' ]),
|
|
OptBool.new( 'EXE::FallBack', [ false, 'Use the default template in case the specified one is missing' ])
|
|
], self.class)
|
|
end
|
|
|
|
def generate_payload_exe(opts = {})
|
|
exe_init_datastore(opts)
|
|
|
|
# Prefer the target's platform/architecture information, but use
|
|
# the module's if no target specific information exists
|
|
lplat ||= target_platform
|
|
lplat ||= platform
|
|
|
|
larch ||= opts[:arch]
|
|
larch ||= target_arch
|
|
larch ||= arch
|
|
|
|
# Ensure we have an array
|
|
if not larch.kind_of? Array
|
|
larch = [larch]
|
|
end
|
|
|
|
# Fall back to x86...
|
|
if (larch.length < 1)
|
|
larch = [ARCH_X86]
|
|
end
|
|
|
|
# Transform the PlatformList
|
|
if (lplat.kind_of? Msf::Module::PlatformList)
|
|
lplat = lplat.platforms
|
|
end
|
|
|
|
pl = opts[:code]
|
|
pl ||= payload.encoded
|
|
|
|
exe = Msf::Util::EXE.to_executable(framework, larch, lplat, pl, opts)
|
|
exe_post_generation(opts)
|
|
exe
|
|
end
|
|
|
|
def generate_payload_exe_service(opts = {})
|
|
exe_init_datastore(opts)
|
|
|
|
# NOTE: Only Windows is supported here.
|
|
pl = opts[:code]
|
|
pl ||= payload.encoded
|
|
|
|
if opts[:arch] and opts[:arch] == ARCH_X64
|
|
exe = Msf::Util::EXE.to_win64pe_service(framework, pl, opts)
|
|
else
|
|
exe = Msf::Util::EXE.to_win32pe_service(framework, pl, opts)
|
|
end
|
|
|
|
exe_post_generation(opts)
|
|
exe
|
|
end
|
|
|
|
def generate_payload_dll(opts = {})
|
|
exe_init_datastore(opts)
|
|
|
|
# NOTE: Only Windows is supported here.
|
|
pl = opts[:code]
|
|
pl ||= payload.encoded
|
|
|
|
if opts[:arch] and opts[:arch] == ARCH_X64
|
|
dll = Msf::Util::EXE.to_win64pe_dll(framework, pl, opts)
|
|
else
|
|
dll = Msf::Util::EXE.to_win32pe_dll(framework, pl, opts)
|
|
end
|
|
|
|
exe_post_generation(opts)
|
|
dll
|
|
end
|
|
|
|
protected
|
|
def exe_init_datastore(opts)
|
|
opts.merge!(
|
|
{
|
|
:template_path => datastore['EXE::Path'],
|
|
:template => datastore['EXE::Template'],
|
|
:inject => datastore['EXE::Inject'],
|
|
:fallback => datastore['EXE::FallBack'],
|
|
:sub_method => datastore['EXE::OldMethod']
|
|
})
|
|
end
|
|
|
|
def exe_post_generation(opts)
|
|
if (opts[:fellback])
|
|
print_status("Warning: Falling back to default template: #{opts[:fellback]}")
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|