Fixes rapid7#5361 by adding --encoder-space to msfvenom

HD Moore · HD Moore · commit a82168d7bb89 · 2015-05-18T14:27:52.000-05:00
diff --git a/lib/msf/core/payload_generator.rb b/lib/msf/core/payload_generator.rb
@@ -64,6 +64,9 @@ class PayloadGenerator
     # @!attribute  space
     #   @return [Fixnum] The maximum size in bytes of the payload
     attr_accessor :space
+    # @!attribute  encoder_space
+    #   @return [Fixnum] The maximum size in bytes of the encoded payload
+    attr_accessor :encoder_space
     # @!attribute  stdin
     #   @return [String] The raw bytes of a payload taken from STDIN
     attr_accessor :stdin
@@ -85,6 +88,7 @@ class PayloadGenerator
     # @option opts [String] :badchars (see #badchars)
     # @option opts [String] :template (see #template)
     # @option opts [Fixnum] :space (see #space)
+    # @option opts [Fixnum] :encoder_space (see #encoder_space)
     # @option opts [Fixnum] :nops (see #nops)
     # @option opts [String] :add_code (see #add_code)
     # @option opts [Boolean] :keep (see #keep)
@@ -109,6 +113,7 @@ def initialize(opts={})
       @stdin      = opts.fetch(:stdin, nil)
       @template   = opts.fetch(:template, '')
       @var_name   = opts.fetch(:var_name, 'buf')
+      @encoder_space = opts.fetch(:encoder_space, @space)
 
       @framework  = opts.fetch(:framework)
 
@@ -200,7 +205,7 @@ def encode_payload(shellcode)
         encoder_list.each do |encoder_mod|
           cli_print "Attempting to encode payload with #{iterations} iterations of #{encoder_mod.refname}"
           begin
-            encoder_mod.available_space = @space
+            encoder_mod.available_space = @encoder_space
             return run_encoder(encoder_mod, shellcode.dup)
           rescue ::Msf::EncoderSpaceViolation => e
             cli_print "#{encoder_mod.refname} failed with #{e.message}"
@@ -395,7 +400,7 @@ def run_encoder(encoder_module, shellcode)
       iterations.times do |x|
         shellcode = encoder_module.encode(shellcode.dup, badchars, nil, platform_list)
         cli_print "#{encoder_module.refname} succeeded with size #{shellcode.length} (iteration=#{x})"
-        if shellcode.length > space
+        if shellcode.length > encoder_space
           raise EncoderSpaceViolation, "encoder has made a buffer that is too big"
         end
       end
diff --git a/msfvenom b/msfvenom
@@ -97,6 +97,10 @@ require 'msf/core/payload_generator'
       opts[:space] = s
     end
 
+    opt.on('--encoder-space      <length>', Integer, 'The maximum size of the encoded payload (defaults to the -s value)') do |s|
+      opts[:encoder_space] = s
+    end
+
     opt.on('-b', '--bad-chars  <list>', String, 'The list of characters to avoid example: \'\x00\xff\'') do |b|
       opts[:badchars] = Rex::Text.hex_to_raw(b)
     end
