added support to msfpayload to use elf so payload target

Author: thenavs

lib/msf/util/exe.rb

@@ -911,6 +911,12 @@ def self.to_linux_x64_elf(framework, code, opts={})
     return elf
   end
 
+  # Create a 64-bit Linux ELF_DYN containing the payload provided in +code+
+  def self.to_linux_x64_elf_dll(framework, code, opts={})
+    elf = to_exe_elf(framework, opts, "template_x64_linux_dll.bin", code)
+    return elf
+  end
+
   def self.to_linux_armle_elf(framework, code, opts={})
     elf = to_exe_elf(framework, opts, "template_armle_linux.bin", code)
     return elf
@@ -1896,6 +1902,13 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
           end
       end
 
+    when 'elf-so'
+      if (not plat or (plat.index(Msf::Module::Platform::Linux)))
+        output = case arch
+          when ARCH_X86_64  then to_linux_x64_elf_dll(framework, code, exeopts)
+          end
+      end
+
     when 'macho', 'osx-app'
       output = case arch
         when ARCH_X86,nil then to_osx_x86_macho(framework, code, exeopts)
@@ -1949,6 +1962,7 @@ def self.to_executable_fmt_formats
       "aspx-exe",
       "dll",
       "elf",
+      "elf-so",
       "exe",
       "exe-only",
       "exe-service",

msfpayload

@@ -30,7 +30,7 @@ $args = Rex::Parser::Arguments.new(
 #
 def usage
   $stderr.puts("\n" +
-    "    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>\n" +
+    "    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]|s[O]>\n" +
     $args.usage)
   exit
 end
@@ -125,10 +125,10 @@ end
 
 payload.datastore.merge! options
 
-if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
+if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n|o)$/)
   fmt = 'perl' if (cmd =~ /^p$/)
   fmt = 'ruby' if (cmd =~ /^y$/)
-  fmt = 'raw' if (cmd =~ /^(r|x|d)$/)
+  fmt = 'raw' if (cmd =~ /^(r|x|d|o)$/)
   fmt = 'raw' if (cmd =~ /^v$/)
   fmt = 'c' if (cmd =~ /^c$/)
   fmt = 'csharp' if (cmd =~ /^h$/)
@@ -208,6 +208,24 @@ if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
     exit(-1)
   end
 
+  if (cmd =~ /^o$/)
+    so = Msf::Util::EXE.to_linux_x64_elf_dll($framework, buf)
+    note =
+       "Created by msfpayload (http://www.metasploit.com).\r\n" +
+       "Payload: " + payload.refname + "\r\n" +
+       " Length: " + buf.length.to_s + "\r\n" +
+       "Options: " + options.inspect + "\r\n"
+
+    if(so)
+      $stderr.puts(note)
+      $stdout.write(so)
+      exit(0)
+    end
+
+    $stderr.puts "Failed to build dll"
+    exit(-1)
+  end
+
   if(cmd =~ /^w$/)
     note =
       "Created by msfpayload (http://www.metasploit.com).\n" +

spec/support/shared/contexts/msf/util/exe.rb

@@ -48,6 +48,7 @@
     "linux" => [
       { :format => "elf", :arch => "x86",    :file_fp => /ELF 32.*SYSV/ },
       { :format => "elf", :arch => "x64",    :file_fp => /ELF 64.*SYSV/ },
+      { :format => "elf-so", :arch => "x64", :file_fp => /ELF 64.*SYSV/ },
       { :format => "elf", :arch => "armle",  :file_fp => /ELF 32.*ARM/ },
       { :format => "elf", :arch => "mipsbe", :file_fp => /ELF 32-bit MSB executable, MIPS/ },
       { :format => "elf", :arch => "mipsle", :file_fp => /ELF 32-bit LSB executable, MIPS/ },