Browse Source

Land #5550, custom exe_filename for to_exe_vba

William Vu 4 years ago
parent
commit
dc07938668
No account linked to committer's email address
1 changed files with 28 additions and 28 deletions
  1. 28
    28
      lib/msf/util/exe.rb

+ 28
- 28
lib/msf/util/exe.rb View File

@@ -671,7 +671,7 @@ require 'msf/core/exe/segment_appender'
671 671
 
672 672
     msi = self.get_file_contents(template)
673 673
 
674
-    section_size =	2**(msi[30..31].unpack('v')[0])
674
+    section_size = 2**(msi[30..31].unpack('v')[0])
675 675
 
676 676
     # This table is one of the few cases where signed values are needed
677 677
     sector_allocation_table = msi[section_size..section_size*2].unpack('l<*')
@@ -978,24 +978,24 @@ require 'msf/core/exe/segment_appender'
978 978
 
979 979
   def self.to_vba(framework,code,opts = {})
980 980
     hash_sub = {}
981
-    hash_sub[:var_myByte]		  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
982
-    hash_sub[:var_myArray]		  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
983
-    hash_sub[:var_rwxpage]  	  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
984
-    hash_sub[:var_res]      	  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
985
-    hash_sub[:var_offset] 		  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
981
+    hash_sub[:var_myByte]             = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
982
+    hash_sub[:var_myArray]            = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
983
+    hash_sub[:var_rwxpage]            = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
984
+    hash_sub[:var_res]                = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
985
+    hash_sub[:var_offset]             = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
986 986
     hash_sub[:var_lpThreadAttributes] = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
987 987
     hash_sub[:var_dwStackSize]        = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
988 988
     hash_sub[:var_lpStartAddress]     = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
989 989
     hash_sub[:var_lpParameter]        = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
990
-    hash_sub[:var_dwCreationFlags]	  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
990
+    hash_sub[:var_dwCreationFlags]    = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
991 991
     hash_sub[:var_lpThreadID]         = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
992 992
     hash_sub[:var_lpAddr]             = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
993 993
     hash_sub[:var_lSize]              = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
994 994
     hash_sub[:var_flAllocationType]   = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
995 995
     hash_sub[:var_flProtect]          = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
996
-    hash_sub[:var_lDest]	          = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
997
-    hash_sub[:var_Source]	 	  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
998
-    hash_sub[:var_Length]		  = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
996
+    hash_sub[:var_lDest]              = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
997
+    hash_sub[:var_Source]             = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
998
+    hash_sub[:var_Length]             = Rex::Text.rand_text_alpha(rand(7)+3).capitalize
999 999
 
1000 1000
     # put the shellcode bytes into an array
1001 1001
     hash_sub[:bytes] = Rex::Text.to_vbapplication(code, hash_sub[:var_myArray])
@@ -1035,16 +1035,16 @@ require 'msf/core/exe/segment_appender'
1035 1035
     persist = opts[:persist] || false
1036 1036
 
1037 1037
     hash_sub = {}
1038
+    hash_sub[:exe_filename]  = opts[:exe_filename] || Rex::Text.rand_text_alpha(rand(8)+8) << '.exe'
1038 1039
     hash_sub[:var_shellcode] = Rex::Text.rand_text_alpha(rand(8)+8)
1039
-    hash_sub[:exe_filename] = Rex::Text.rand_text_alpha(rand(8)+8) << '.exe'
1040
-    hash_sub[:var_fname]   = Rex::Text.rand_text_alpha(rand(8)+8)
1041
-    hash_sub[:var_func]    = Rex::Text.rand_text_alpha(rand(8)+8)
1042
-    hash_sub[:var_stream]  = Rex::Text.rand_text_alpha(rand(8)+8)
1043
-    hash_sub[:var_obj]     = Rex::Text.rand_text_alpha(rand(8)+8)
1044
-    hash_sub[:var_shell]   = Rex::Text.rand_text_alpha(rand(8)+8)
1045
-    hash_sub[:var_tempdir] = Rex::Text.rand_text_alpha(rand(8)+8)
1046
-    hash_sub[:var_tempexe] = Rex::Text.rand_text_alpha(rand(8)+8)
1047
-    hash_sub[:var_basedir] = Rex::Text.rand_text_alpha(rand(8)+8)
1040
+    hash_sub[:var_fname]     = Rex::Text.rand_text_alpha(rand(8)+8)
1041
+    hash_sub[:var_func]      = Rex::Text.rand_text_alpha(rand(8)+8)
1042
+    hash_sub[:var_stream]    = Rex::Text.rand_text_alpha(rand(8)+8)
1043
+    hash_sub[:var_obj]       = Rex::Text.rand_text_alpha(rand(8)+8)
1044
+    hash_sub[:var_shell]     = Rex::Text.rand_text_alpha(rand(8)+8)
1045
+    hash_sub[:var_tempdir]   = Rex::Text.rand_text_alpha(rand(8)+8)
1046
+    hash_sub[:var_tempexe]   = Rex::Text.rand_text_alpha(rand(8)+8)
1047
+    hash_sub[:var_basedir]   = Rex::Text.rand_text_alpha(rand(8)+8)
1048 1048
 
1049 1049
     hash_sub[:hex_shellcode] = exes.unpack('H*').join('')
1050 1050
 
@@ -1081,13 +1081,13 @@ require 'msf/core/exe/segment_appender'
1081 1081
 
1082 1082
   def self.to_exe_aspx(exes = '', opts = {})
1083 1083
     hash_sub = {}
1084
-    hash_sub[:var_file] 	= Rex::Text.rand_text_alpha(rand(8)+8)
1085
-    hash_sub[:var_tempdir] 	= Rex::Text.rand_text_alpha(rand(8)+8)
1086
-    hash_sub[:var_basedir]	= Rex::Text.rand_text_alpha(rand(8)+8)
1084
+    hash_sub[:var_file]     = Rex::Text.rand_text_alpha(rand(8)+8)
1085
+    hash_sub[:var_tempdir]  = Rex::Text.rand_text_alpha(rand(8)+8)
1086
+    hash_sub[:var_basedir]  = Rex::Text.rand_text_alpha(rand(8)+8)
1087 1087
     hash_sub[:var_filename] = Rex::Text.rand_text_alpha(rand(8)+8)
1088
-    hash_sub[:var_tempexe] 	= Rex::Text.rand_text_alpha(rand(8)+8)
1088
+    hash_sub[:var_tempexe]  = Rex::Text.rand_text_alpha(rand(8)+8)
1089 1089
     hash_sub[:var_iterator] = Rex::Text.rand_text_alpha(rand(8)+8)
1090
-    hash_sub[:var_proc]	= Rex::Text.rand_text_alpha(rand(8)+8)
1090
+    hash_sub[:var_proc] = Rex::Text.rand_text_alpha(rand(8)+8)
1091 1091
 
1092 1092
     hash_sub[:shellcode] = Rex::Text.to_csharp(exes,100,hash_sub[:var_file])
1093 1093
 
@@ -1729,8 +1729,8 @@ require 'msf/core/exe/segment_appender'
1729 1729
 
1730 1730
     set_handler:
1731 1731
       xor eax,eax
1732
-;		  push dword [fs:eax]
1733
-;		  mov dword [fs:eax], esp
1732
+;     push dword [fs:eax]
1733
+;     mov dword [fs:eax], esp
1734 1734
       push eax               ; LPDWORD lpThreadId (NULL)
1735 1735
       push eax               ; DWORD dwCreationFlags (0)
1736 1736
       push eax               ; LPVOID lpParameter (NULL)
@@ -1741,10 +1741,10 @@ require 'msf/core/exe/segment_appender'
1741 1741
       call ebp               ; Spawn payload thread
1742 1742
 
1743 1743
       pop eax                ; Skip
1744
-;		  pop eax                ; Skip
1744
+;     pop eax                ; Skip
1745 1745
       pop eax                ; Skip
1746 1746
       popad                  ; Get our registers back
1747
-;		  sub esp, 44             ; Move stack pointer back past the handler
1747
+;     sub esp, 44             ; Move stack pointer back past the handler
1748 1748
     ^
1749 1749
 
1750 1750
     stub_final = %Q^

Loading…
Cancel
Save