Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

egghunter.rb 1.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. # -*- coding: binary -*-
  2. require 'rex/exploitation/egghunter'
  3. module Msf
  4. ###
  5. #
  6. # This mixin provides an interface to generating egghunters for various
  7. # platforms using the Rex::Exploitation::Egghunter class.
  8. #
  9. # Originally written by skape
  10. # BadChar support added by David Rude
  11. # Updated to take the payload and options by Joshua J. Drake
  12. #
  13. ###
  14. module Exploit::Egghunter
  15. #
  16. # Creates an instance of an exploit that uses an Egghunter overwrite.
  17. #
  18. def initialize(info = {})
  19. super
  20. end
  21. #
  22. # Generates an egghunter stub based on the current target's architecture
  23. # and operating system.
  24. #
  25. def generate_egghunter(payload, badchars = nil, opts = {})
  26. # Prefer the target's platform/architecture information, but use
  27. # the module's if no target specific information exists
  28. los = target_platform
  29. larch = target_arch || ARCH_X86
  30. # If we found a platform list, then take the first platform
  31. los = los.names[0] if (los.kind_of?(Msf::Module::PlatformList))
  32. # Use the first architecture if one was specified
  33. larch = larch[0] if (larch.kind_of?(Array))
  34. if los.nil?
  35. raise RuntimeError, "No platform restrictions were specified -- cannot select egghunter"
  36. end
  37. badchars ||= payload_badchars
  38. egg = Rex::Exploitation::Egghunter.new(los, larch)
  39. bunny = egg.generate(payload, payload_badchars, opts)
  40. if (bunny.nil?)
  41. print_error("The egghunter could not be generated")
  42. raise ArgumentError
  43. end
  44. return bunny
  45. end
  46. #
  47. # Set the wfs_delay setting for all exploits using the Egghunter
  48. #
  49. def wfs_delay
  50. 30
  51. end
  52. end
  53. end