Land #5838, @bcook-r7's fixes for paylaod cached sizes

lib/msf/util/payload_cached_size.rb

@@ -14,6 +14,27 @@ module Util
 
 class PayloadCachedSize
 
+  OPTS = {
+    'Format'      => 'raw',
+    'Options'     => {
+      'CPORT' => 4444,
+      'LPORT' => 4444,
+      'LHOST' => '255.255.255.255',
+      'KHOST' => '255.255.255.255',
+      'AHOST' => '255.255.255.255',
+      'CMD' => '/bin/sh',
+      'URL' => 'http://a.com',
+      'PATH' => '/',
+      'BUNDLE' => 'data/isight.bundle',
+      'DLL' => 'external/source/byakugan/bin/XPSP2/detoured.dll',
+      'RC4PASSWORD' => 'Metasploit',
+      'DNSZONE' => 'corelan.eu',
+      'PEXEC' => '/bin/sh'
+    },
+    'Encoder'     => nil,
+    'DisableNops' => true
+  }
+
   # Insert a new CachedSize value into the text of a payload module
   #
   # @param data [String] The source code of a payload module
@@ -60,7 +81,7 @@ def self.update_module_cached_size(mod)
   # @return [Fixnum]
   def self.compute_cached_size(mod)
     return ":dynamic" if is_dynamic?(mod)
-    return mod.new.size
+    return mod.generate_simple(OPTS).size
   end
 
   # Determines whether a payload generates a static sized output
@@ -69,18 +90,19 @@ def self.compute_cached_size(mod)
   # @param generation_count [Fixnum] The number of iterations to use to
   #   verify that the size is static.
   # @return [Fixnum]
-  def self.is_dynamic?(mod,generation_count=5)
-    [*(1..generation_count)].map{|x| mod.new.size}.uniq.length != 1
+  def self.is_dynamic?(mod, generation_count=5)
+    [*(1..generation_count)].map{|x|
+      mod.generate_simple(OPTS).size}.uniq.length != 1
   end
 
   # Determines whether a payload's CachedSize is up to date
   #
   # @param mod [Msf::Payload] The class of the payload module to update
   # @return [Boolean]
   def self.is_cached_size_accurate?(mod)
-    return true if mod.dynamic_size?
+    return true if mod.dynamic_size? && is_dynamic?(mod)
     return false if mod.cached_size.nil?
-    mod.cached_size == mod.new.size
+    mod.cached_size == mod.generate_simple(OPTS).size
   end
 
 end

modules/payloads/singles/bsd/x64/exec.rb

@@ -17,7 +17,7 @@
 ###
 module Metasploit3
 
-  CachedSize = 23
+  CachedSize = 31
 
   include Msf::Payload::Single
   include Msf::Payload::Bsd

modules/payloads/singles/bsd/x64/shell_bind_tcp.rb

@@ -40,7 +40,7 @@ def initialize(info = {})
 
   # build the shellcode payload dynamically based on the user-provided CMD
   def generate
-    cmd  = (datastore['CMD'] || '') << "\x00"
+    cmd  = (datastore['CMD'] || '') + "\x00"
     port = [datastore['LPORT'].to_i].pack('n')
     call = "\xe8" + [cmd.length].pack('V')
     payload =

modules/payloads/singles/bsd/x64/shell_reverse_tcp.rb

@@ -49,7 +49,7 @@ def generate
       raise ArgumentError, "LHOST must be in IPv4 format."
     end
 
-    cmd  = (datastore['CMD'] || '') << "\x00"
+    cmd  = (datastore['CMD'] || '') + "\x00"
     port = [datastore['LPORT'].to_i].pack('n')
     ipaddr = [lhost.split('.').inject(0) {|t,v| (t << 8 ) + v.to_i}].pack("N")
 

modules/payloads/singles/bsd/x86/exec.rb

@@ -17,7 +17,7 @@
 ###
 module Metasploit3
 
-  CachedSize = 16
+  CachedSize = 24
 
   include Msf::Payload::Single
   include Msf::Payload::Bsd

modules/payloads/singles/cmd/unix/generic.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 0
+  CachedSize = 8
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 100
+  CachedSize = 130
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_awk.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 95
+  CachedSize = 110
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_lua.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 209
+  CachedSize = 224
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_netcat_gaping.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 20
+  CachedSize = 35
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_nodejs.rb

@@ -11,7 +11,7 @@
 
 module Metasploit3
 
-  CachedSize = 1911
+  CachedSize = 1971
 
   include Msf::Payload::Single
   include Msf::Payload::NodeJS

modules/payloads/singles/cmd/unix/reverse_openssl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 152
+  CachedSize = 182
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_perl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 219
+  CachedSize = 234
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 129
+  CachedSize = 144
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_php_ssl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 117
+  CachedSize = 132
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_python_ssl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 567
+  CachedSize = 587
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_ruby.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 118
+  CachedSize = 133
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 170
+  CachedSize = 185
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 106
+  CachedSize = 136
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/unix/reverse_zsh.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 95
+  CachedSize = 110
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/adduser.rb

@@ -9,7 +9,7 @@
 
 module Metasploit3
 
-  CachedSize = 258
+  CachedSize = 97
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/generic.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 0
+  CachedSize = 8
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/powershell_bind_tcp.rb

@@ -11,7 +11,7 @@
 
 module Metasploit3
 
-  CachedSize = 1510
+  CachedSize = 1518
 
   include Msf::Payload::Single
   include Rex::Powershell::Command

modules/payloads/singles/cmd/windows/powershell_reverse_tcp.rb

@@ -11,7 +11,7 @@
 
 module Metasploit3
 
-  CachedSize = 1518
+  CachedSize = 1526
 
   include Msf::Payload::Single
   include Rex::Powershell::Command

modules/payloads/singles/cmd/windows/reverse_lua.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 209
+  CachedSize = 224
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/reverse_perl.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 133
+  CachedSize = 148
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/reverse_powershell.rb

@@ -11,7 +11,7 @@
 
 module Metasploit3
 
-  CachedSize = 1189
+  CachedSize = 1204
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/cmd/windows/reverse_ruby.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 111
+  CachedSize = 126
 
   include Msf::Payload::Single
   include Msf::Sessions::CommandShellOptions

modules/payloads/singles/firefox/exec.rb

@@ -7,7 +7,7 @@
 
 module Metasploit3
 
-  CachedSize = :dynamic
+  CachedSize = 1019
 
   include Msf::Payload::Single
   include Msf::Payload::Firefox

modules/payloads/singles/java/jsp_shell_reverse_tcp.rb

@@ -11,7 +11,7 @@
 
 module Metasploit3
 
-  CachedSize = 0
+  CachedSize = 1501
 
   include Msf::Payload::Single
   include Msf::Payload::JSP

modules/payloads/singles/java/shell_reverse_tcp.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 7748
+  CachedSize = 7761
 
   include Msf::Payload::Single
   include Msf::Payload::Java

modules/payloads/singles/linux/armle/exec.rb

@@ -15,7 +15,7 @@
 ###
 module Metasploit3
 
-  CachedSize = 22
+  CachedSize = 29
 
   include Msf::Payload::Single
   include Msf::Payload::Linux

modules/payloads/singles/linux/mipsbe/exec.rb

@@ -7,7 +7,7 @@
 
 module Metasploit3
 
-  CachedSize = 48
+  CachedSize = 52
 
   include Msf::Payload::Single
   include Msf::Payload::Linux

modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 0
+  CachedSize = 184
 
   include Msf::Payload::Single
   include Msf::Payload::Linux

modules/payloads/singles/linux/mipsle/exec.rb

@@ -7,7 +7,7 @@
 
 module Metasploit3
 
-  CachedSize = 48
+  CachedSize = 52
 
   include Msf::Payload::Single
   include Msf::Payload::Linux

modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb

@@ -10,7 +10,7 @@
 
 module Metasploit3
 
-  CachedSize = 0
+  CachedSize = 184
 
   include Msf::Payload::Single
   include Msf::Payload::Linux

modules/payloads/singles/linux/x64/exec.rb

@@ -8,7 +8,7 @@
 
 module Metasploit3
 
-  CachedSize = 40
+  CachedSize = 47
 
   include Msf::Payload::Single
   include Msf::Payload::Linux
@@ -29,7 +29,7 @@ def initialize(info = {})
   end
 
   def generate_stage(opts={})
-    cmd = (datastore['CMD'] || '') << "\x00"
+    cmd = (datastore['CMD'] || '') + "\x00"
     call = "\xe8" + [cmd.length].pack('V')
     payload =
       "\x6a\x3b"                     + # pushq  $0x3b