Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

executable file 241 lines (188 sloc) 5.104 kb
#!/usr/bin/env ruby
# -*- coding: binary -*-
#
# $Id$
# $Revision$
#
msfbase = __FILE__
while File.symlink?(msfbase)
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
end
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
require 'fastlib'
require 'msfenv'
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
require 'rex'
$args = Rex::Parser::Arguments.new(
"-h" => [ false, "Help banner" ],
"-l" => [ false, "List available payloads" ]
)
#
# Nuff said.
#
def usage
$stderr.puts("\n" +
" Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar>\n" +
$args.usage)
exit
end
cmd = nil
rest = []
# Parse the argument and rock that shit.
$args.parse(ARGV) { |opt, idx, val|
#puts "opt[%d]: #{opt.inspect} / #{val.inspect}" % idx
case opt
when "-l"
cmd = "list"
break
# Non-option (don't begin with '-') are processed here
when nil
rest << val
end
}
if (cmd != "list" and rest.length < 2)
usage
end
require 'msf/ui'
require 'msf/base'
#
# Dump the list of payloads
#
def dump_payloads
tbl = Rex::Ui::Text::Table.new(
'Indent' => 4,
'Header' => "Framework Payloads (#{$framework.stats.num_payloads} total)",
'Columns' =>
[
"Name",
"Description"
])
$framework.payloads.each_module { |name, mod|
tbl << [ name, mod.new.description ]
}
"\n" + tbl.to_s + "\n"
end
# Initialize the simplified framework instance.
$framework = Msf::Simple::Framework.create(
:module_types => [ Msf::MODULE_PAYLOAD, Msf::MODULE_NOP ],
'DisableDatabase' => true
)
if cmd == "list"
puts dump_payloads
exit
end
# Get the payload name we'll be using
payload_name = rest.shift
# Process special var/val pairs...
Msf::Ui::Common.process_cli_arguments($framework, rest)
# Create the payload instance
payload = $framework.payloads.create(payload_name)
if (payload == nil)
$stderr.puts "Invalid payload: #{payload_name}"
exit
end
# Evalulate the command
cmd = rest.pop.downcase
# Populate the framework datastore
options = {}
rest.each do |x|
k,v = x.split("=", 2)
options[k] = v.to_s
end
payload.datastore.merge! options
if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w)/)
fmt = 'perl' if (cmd =~ /^p/)
fmt = 'ruby' if (cmd =~ /^y/)
fmt = 'raw' if (cmd =~ /^(r|x|d)/)
fmt = 'raw' if (cmd =~ /^v/)
fmt = 'c' if (cmd == 'c')
fmt = 'js_be' if (cmd =~ /^j/ and Rex::Arch.endian(payload.arch) == ENDIAN_BIG)
fmt = 'js_le' if (cmd =~ /^j/ and ! fmt)
fmt = 'java' if (cmd =~ /^b/)
fmt = 'raw' if (cmd =~ /^w/)
enc = options['ENCODER']
begin
buf = payload.generate_simple(
'Format' => fmt,
'Options' => options,
'Encoder' => enc)
rescue
$stderr.puts "Error generating payload: #{$!}"
exit
end
$stdout.binmode
if (cmd =~ /^x/)
note =
"Created by msfpayload (http://www.metasploit.com).\n" +
"Payload: " + payload.refname + "\n" +
" Length: " + buf.length.to_s + "\n" +
"Options: " + options.inspect + "\n"
arch = payload.arch
plat = payload.platform.platforms
exe = Msf::Util::EXE.to_executable($framework, arch, plat, buf)
if(!exe and plat.index(Msf::Module::Platform::Java))
exe = payload.generate_jar.pack
end
if(exe)
$stderr.puts(note)
$stdout.write(exe)
exit(0)
end
$stderr.puts "No executable format support for this arch/platform"
exit(-1)
end
if(cmd =~ /^v/)
exe = Msf::Util::EXE.to_win32pe($framework, buf)
note =
"'Created by msfpayload (http://www.metasploit.com).\r\n" +
"'Payload: " + payload.refname + "\r\n" +
"' Length: " + buf.length.to_s + "\r\n" +
"'Options: " + options.inspect + "\r\n"
vba = note + "\r\n" + Msf::Util::EXE.to_exe_vba(exe)
$stdout.write(vba)
exit(0)
end
if(cmd =~ /^d/)
dll = Msf::Util::EXE.to_win32pe_dll($framework, buf)
note =
"Created by msfpayload (http://www.metasploit.com).\r\n" +
"Payload: " + payload.refname + "\r\n" +
" Length: " + buf.length.to_s + "\r\n" +
"Options: " + options.inspect + "\r\n"
if(dll)
$stderr.puts(note)
$stdout.write(dll)
exit(0)
end
$stderr.puts "Failed to build dll"
exit(-1)
end
if(cmd =~ /^w/)
note =
"Created by msfpayload (http://www.metasploit.com).\n" +
"Payload: " + payload.refname + "\n" +
" Length: " + buf.length.to_s + "\n" +
"Options: " + options.inspect + "\n"
arch = payload.arch
plat = payload.platform.platforms
exe = Msf::Util::EXE.to_executable($framework, arch, plat, buf)
if(!exe and plat.index(Msf::Module::Platform::Java))
exe = payload.generate_war.pack
else
exe = Msf::Util::EXE.to_jsp_war(exe)
end
if(exe)
$stderr.puts(note)
$stdout.write(exe)
exit(0)
end
$stderr.puts "No executable format support for this arch/platform"
exit(-1)
end
$stdout.write(buf)
elsif (cmd =~ /^(s|o)/)
payload.datastore.import_options_from_s(rest.join('_|_'), '_|_')
puts Msf::Serializer::ReadableText.dump_module(payload)
else
$stderr.puts "Invalid command: #{cmd.inspect}"
end
Jump to Line
Something went wrong with that request. Please try again.