Skip to content

Commit 34f29f2

Browse files
kernelsmithkernelsmith
committed
really resolve merge conflicts
2 parents 7cb4320 + bf63d85 commit 34f29f2

File tree

6 files changed

+491
-411
lines changed

6 files changed

+491
-411
lines changed

data/templates/src/elf/dll/elf_dll_x64_template.s

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
; build with:
2+
; nasm elf_dll_x64_template.s -f bin -o template_x64_linux_dll.bin
3+
4+
BITS 64
5+
org 0
6+
ehdr:
7+
db 0x7f, "ELF", 2, 1, 1, 0 ; e_ident
8+
db 0, 0, 0, 0, 0, 0, 0, 0
9+
dw 3 ; e_type = ET_DYN
10+
dw 62 ; e_machine = EM_X86_64
11+
dd 1 ; e_version = EV_CURRENT
12+
dq _start ; e_entry = _start
13+
dq phdr - $$ ; e_phoff
14+
dd shdr - $$ ; e_shoff
15+
dq 0 ; e_flags
16+
dw ehdrsize ; e_ehsize
17+
dw phdrsize ; e_phentsize
18+
dw 2 ; e_phnum
19+
dw shentsize ; e_shentsize
20+
dw 2 ; e_shnum
21+
dw 1 ; e_shstrndx
22+
ehdrsize equ $ - ehdr
23+
24+
phdr:
25+
dd 1 ; p_type = PT_LOAD
26+
dd 7 ; p_flags = rwx
27+
dq 0 ; p_offset
28+
dq $$ ; p_vaddr
29+
dq $$ ; p_paddr
30+
dq 0xDEADBEEF ; p_filesz
31+
dq 0xDEADBEEF ; p_memsz
32+
dq 0x1000 ; p_align
33+
phdrsize equ $ - phdr
34+
dd 2 ; p_type = PT_DYNAMIC
35+
dd 7 ; p_flags = rwx
36+
dq dynsection ; p_offset
37+
dq dynsection ; p_vaddr
38+
dq dynsection ; p_vaddr
39+
dq dynsz ; p_filesz
40+
dq dynsz ; p_memsz
41+
dq 0x1000 ; p_align
42+
43+
shdr:
44+
dd 1 ; sh_name
45+
dd 6 ; sh_type = SHT_DYNAMIC
46+
dq 0 ; sh_flags
47+
dq dynsection ; sh_addr
48+
dq dynsection ; sh_offset
49+
dq dynsz ; sh_size
50+
dd 0 ; sh_link
51+
dd 0 ; sh_info
52+
dq 8 ; sh_addralign
53+
dq dynsz ; sh_entsize
54+
shentsize equ $ - shdr
55+
dd 0 ; sh_name
56+
dd 3 ; sh_type = SHT_STRTAB
57+
dq 0 ; sh_flags
58+
dq strtab ; sh_addr
59+
dq strtab ; sh_offset
60+
dq strtabsz ; sh_size
61+
dd 0 ; sh_link
62+
dd 0 ; sh_info
63+
dq 0 ; sh_addralign
64+
dq 0 ; sh_entsize
65+
dynsection:
66+
; DT_INIT
67+
dq 0x0c
68+
dq _start
69+
; DT_HASH
70+
dq 0x04
71+
dq 0
72+
; DT_STRTAB
73+
dq 0x05
74+
dq strtab
75+
; DT_SYMTAB
76+
dq 0x06
77+
dq strtab
78+
; DT_STRSZ
79+
dq 0x0a
80+
dq strtabsz
81+
; DT_SYMENT
82+
dq 0x0b
83+
dq 0
84+
; DT_NULL
85+
dq 0x00
86+
dq 0
87+
dynsz equ $ - dynsection
88+
89+
strtab:
90+
db 0
91+
db 0
92+
strtabsz equ $ - strtab
93+
global _start
94+
_start:
95+

data/templates/template_x64_linux_dll.bin

418 Bytes
Binary file not shown.

lib/msf/core/exploit/exe.rb

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -42,9 +42,7 @@ def get_custom_exe(path=nil)
4242
path ||= datastore['EXE::Custom']
4343
print_status("Using custom payload #{path}, RHOST and RPORT settings will be ignored!")
4444
datastore['DisablePayloadHandler'] = true
45-
file = ::File.open(path,'rb')
46-
exe = file.read(file.stat.size)
47-
file.close
45+
::File.open(path,'rb') {|f| exe = f.read(f.stat.size)}
4846
exe
4947
end
5048

@@ -58,16 +56,13 @@ def generate_payload_exe(opts = {})
5856
pl ||= payload.encoded
5957

6058
# Fall back to x86...
61-
if not opts[:arch] or opts[:arch].length < 1
62-
opts[:arch] = [ ARCH_X86 ]
63-
end
59+
opts[:arch] = [ARCH_X86] if !opts[:arch] || opts[:arch].length < 1
60+
6461
# Ensure we have an array
65-
if not opts[:arch].kind_of? Array
66-
opts[:arch] = [ opts[:arch] ]
67-
end
62+
opts[:arch] = [opts[:arch]] unless opts[:arch].kind_of? Array
6863

6964
# Transform the PlatformList
70-
if (opts[:platform].kind_of? Msf::Module::PlatformList)
65+
if opts[:platform].kind_of? Msf::Module::PlatformList
7166
opts[:platform] = opts[:platform].platforms
7267
end
7368

@@ -89,7 +84,7 @@ def generate_payload_exe_service(opts = {})
8984
#Ensure opts[:arch] is an array
9085
opts[:arch] = [opts[:arch]] unless opts[:arch].kind_of? Array
9186

92-
if opts[:arch] and (opts[:arch].index(ARCH_X64) or opts[:arch].index(ARCH_X86_64))
87+
if opts[:arch] && (opts[:arch].index(ARCH_X64) or opts[:arch].index(ARCH_X86_64))
9388
exe = Msf::Util::EXE.to_win64pe_service(framework, pl, opts)
9489
else
9590
exe = Msf::Util::EXE.to_win32pe_service(framework, pl, opts)
@@ -104,18 +99,24 @@ def generate_payload_dll(opts = {})
10499
return get_eicar_exe if datastore['EXE::EICAR']
105100

106101
exe_init_options(opts)
107-
108-
# NOTE: Only Windows is supported here.
102+
plat = opts[:platform]
109103
pl = opts[:code]
110104
pl ||= payload.encoded
111105

112106
#Ensure opts[:arch] is an array
113107
opts[:arch] = [opts[:arch]] unless opts[:arch].kind_of? Array
114108

115-
if opts[:arch] and (opts[:arch].index(ARCH_X64) or opts[:arch].index(ARCH_X86_64))
116-
dll = Msf::Util::EXE.to_win64pe_dll(framework, pl, opts)
117-
else
118-
dll = Msf::Util::EXE.to_win32pe_dll(framework, pl, opts)
109+
# NOTE: Only x86_64 linux is supported here.
110+
if plat.index(Msf::Module::Platform::Linux)
111+
if opts[:arch] && (opts[:arch].index(ARCH_X64) || opts[:arch].index(ARCH_X86_64))
112+
dll = Msf::Util::EXE.to_linux_x64_elf_dll(framework, pl,opts)
113+
end
114+
elsif plat.index(Msf::Module::Platform::Windows)
115+
if opts[:arch] && (opts[:arch].index(ARCH_X64) || opts[:arch].index(ARCH_X86_64))
116+
dll = Msf::Util::EXE.to_win64pe_dll(framework, pl, opts)
117+
else
118+
dll = Msf::Util::EXE.to_win32pe_dll(framework, pl, opts)
119+
end
119120
end
120121

121122
exe_post_generation(opts)
@@ -134,9 +135,7 @@ def generate_payload_msi(opts = {})
134135
:uac => datastore['MSI::UAC']
135136
})
136137

137-
msi = Msf::Util::EXE.to_exe_msi(framework, exe, opts)
138-
139-
return msi
138+
Msf::Util::EXE.to_exe_msi(framework, exe, opts)
140139
end
141140

142141
protected

0 commit comments

Comments
 (0)