@@ -6,68 +6,86 @@ module Msf
66 module Ui
77 module Console
88 module CommandDispatcher
9- ###
10- #
11- # Payload module command dispatcher.
12- #
13- ###
14- class Payload
15-
16- include Msf ::Ui ::Console ::ModuleCommandDispatcher
9+ ###
10+ # Payload module command dispatcher.
11+ ###
12+ class Payload
13+ include Msf ::Ui ::Console ::ModuleCommandDispatcher
14+
15+ # Load supported formats
16+ supported_formats = \
17+ Msf ::Simple ::Buffer . transform_formats + \
18+ Msf ::Util ::EXE . to_executable_fmt_formats
19+
20+ @@generate_opts = Rex ::Parser ::Arguments . new (
21+ "-b" => [ true , "The list of characters to avoid: '\\ x00\\ xff'" ] ,
22+ "-E" => [ false , "Force encoding." ] ,
23+ "-e" => [ true , "The name of the encoder module to use." ] ,
24+ "-h" => [ false , "Help banner." ] ,
25+ "-o" => [ true , "A comma separated list of options in VAR=VAL format." ] ,
26+ "-s" => [ true , "NOP sled length." ] ,
27+ "-f" => [ true , "The output file name (otherwise stdout)" ] ,
28+ "-t" => [ true , "The output format: #{ supported_formats . join ( ',' ) } ] ,
29+ "-p" => [ true , "The Platform for output." ] ,
30+ "-k" => [ false , "Keep the template executable functional" ] ,
31+ "-x" => [ true , "The executable template to use" ] ,
32+ "-i" => [ true , "the number of encoding iterations." ]
33+ )
34+
35+ #
36+ # Returns the hash of commands specific to payload modules.
37+ #
38+ def commands
39+ super . update (
40+ "generate" => "Generates a payload" ,
41+ "to_handler" => "Creates a handler with the specified payload"
42+ )
43+ end
1744
18- # Load supported formats
19- supported_formats = Msf :: Simple :: Buffer . transform_formats + Msf :: Util :: EXE . to_executable_fmt_formats
45+ def cmd_to_handler ( * _args )
46+ handler = framework . modules . create ( 'exploit/multi/handler' )
2047
21- @@generate_opts = Rex ::Parser ::Arguments . new (
22- "-b" => [ true , "The list of characters to avoid: '\\ x00\\ xff'" ] ,
23- "-E" => [ false , "Force encoding." ] ,
24- "-e" => [ true , "The name of the encoder module to use." ] ,
25- "-h" => [ false , "Help banner." ] ,
26- "-o" => [ true , "A comma separated list of options in VAR=VAL format." ] ,
27- "-s" => [ true , "NOP sled length." ] ,
28- "-f" => [ true , "The output file name (otherwise stdout)" ] ,
29- "-t" => [ true , "The output format: #{ supported_formats . join ( ',' ) } ] ,
30- "-p" => [ true , "The Platform for output." ] ,
31- "-k" => [ false , "Keep the template executable functional" ] ,
32- "-x" => [ true , "The executable template to use" ] ,
33- "-i" => [ true , "the number of encoding iterations." ] )
48+ handler_opts = {
49+ 'Payload' => mod . refname ,
50+ 'LocalInput' => driver . input ,
51+ 'LocalOutput' => driver . output ,
52+ 'ExitOnSession' => false ,
53+ 'RunAsJob' => true
54+ }
3455
35- #
36- # Returns the hash of commands specific to payload modules.
37- #
38- def commands
39- super . update ( {
40- "generate" => "Generates a payload" ,
41- } )
42- end
43-
44- #
45- # Returns the command dispatcher name.
46- #
47- def name
48- return "Payload"
49- end
56+ handler . datastore . merge! ( mod . datastore )
57+ handler . exploit_simple ( handler_opts )
58+ job_id = handler . job_id
5059
51- #
52- # Generates a payload.
53- #
54- def cmd_generate ( *args )
60+ print_status "Payload Handler Started as Job #{ job_id }
61+ end
5562
56- # Parse the arguments
57- encoder_name = nil
58- sled_size = nil
59- option_str = nil
60- badchars = nil
61- type = "ruby"
62- ofile = nil
63- iter = 1
64- force = nil
65- template = nil
66- plat = nil
67- keep = false
63+ #
64+ # Returns the command dispatcher name.
65+ #
66+ def name
67+ "Payload"
68+ end
6869
69- @@generate_opts . parse ( args ) { |opt , idx , val |
70- case opt
70+ #
71+ # Generates a payload.
72+ #
73+ def cmd_generate ( *args )
74+ # Parse the arguments
75+ encoder_name = nil
76+ sled_size = nil
77+ option_str = nil
78+ badchars = nil
79+ type = "ruby"
80+ ofile = nil
81+ iter = 1
82+ force = nil
83+ template = nil
84+ plat = nil
85+ keep = false
86+
87+ @@generate_opts . parse ( args ) do |opt , _idx , val |
88+ case opt
7189 when '-b'
7290 badchars = Rex ::Text . hex_to_raw ( val )
7391 when '-e'
@@ -92,51 +110,48 @@ def cmd_generate(*args)
92110 template = val
93111 when '-h'
94112 print (
95- "Usage: generate [options]\n \n " +
113+ "Usage: generate [options]\n \n " \
96114 "Generates a payload.\n " +
97- @@generate_opts . usage )
115+ @@generate_opts . usage
116+ )
98117 return true
118+ end
119+ end
120+ if encoder_name . nil? && mod . datastore [ 'ENCODER' ]
121+ encoder_name = mod . datastore [ 'ENCODER' ]
99122 end
100- }
101- if ( encoder_name . nil? and mod . datastore [ 'ENCODER' ] )
102- encoder_name = mod . datastore [ 'ENCODER' ]
103- end
104-
105123
106- # Generate the payload
107- begin
108- buf = mod . generate_simple (
109- 'BadChars' => badchars ,
110- 'Encoder' => encoder_name ,
111- 'Format' => type ,
112- 'NopSledSize' => sled_size ,
113- 'OptionStr' => option_str ,
114- 'ForceEncode' => force ,
115- 'Template' => template ,
116- 'Platform' => plat ,
117- 'KeepTemplateWorking' => keep ,
118- 'Iterations' => iter )
119- rescue
120- log_error ( "Payload generation failed: #{ $!} )
121- return false
122- end
124+ # Generate the payload
125+ begin
126+ buf = mod . generate_simple (
127+ 'BadChars' => badchars ,
128+ 'Encoder' => encoder_name ,
129+ 'Format' => type ,
130+ 'NopSledSize' => sled_size ,
131+ 'OptionStr' => option_str ,
132+ 'ForceEncode' => force ,
133+ 'Template' => template ,
134+ 'Platform' => plat ,
135+ 'KeepTemplateWorking' => keep ,
136+ 'Iterations' => iter
137+ )
138+ rescue
139+ log_error ( "Payload generation failed: #{ $ERROR_INFO} )
140+ return false
141+ end
123142
124- if ( not ofile )
125- # Display generated payload
126- print ( buf )
127- else
128- print_status ( "Writing #{ buf . length } #{ ofile } )
129- fd = File . open ( ofile , "wb" )
130- fd . write ( buf )
131- fd . close
143+ if !ofile
144+ # Display generated payload
145+ print ( buf )
146+ else
147+ print_status ( "Writing #{ buf . length } #{ ofile } )
148+ fd = File . open ( ofile , "wb" )
149+ fd . write ( buf )
150+ fd . close
151+ end
152+ true
132153 end
133-
134- return true
135-
136154 end
137-
138- end
139-
140155 end
141156 end
142157 end
0 commit comments