New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#6100 : --pad-nops option for msfvenom #10872
Merged
Merged
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
1241041
[Issue 6100] Add --pad-size option to msfvenom to prepend nopsled giv…
58d4bcb
adds dump_pad_size to msfvenom
ffc193f
Issue #6100: Finalized changes to pass rake spec Msf::PayloadGenerator
3c0ee6b
Issue #6100: Remove dump_pad_nops calls in msfvenom
30bf716
Use --pad-nops as a boolean to make -n <size> the total payload size.
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,10 @@ class PayloadGeneratorError < StandardError | |
class EncoderSpaceViolation < PayloadGeneratorError | ||
end | ||
|
||
class PayloadSpaceViolation < PayloadGeneratorError | ||
class PadSizeViolation < PayloadGeneratorError | ||
end | ||
|
||
class PayloadSpaceViolation < PayloadGeneratorError | ||
end | ||
|
||
class IncompatibleArch < PayloadGeneratorError | ||
|
@@ -59,6 +62,9 @@ class PayloadGenerator | |
# @!attribute nops | ||
# @return [Integer] The size in bytes of NOP sled to prepend the payload with | ||
attr_accessor :nops | ||
# @!attribute padsize | ||
# @return [Integer] The size in bytes of final payload to achieve by filling with NOP sled | ||
attr_accessor :padsize | ||
# @!attribute payload | ||
# @return [String] The refname of the payload to generate | ||
attr_accessor :payload | ||
|
@@ -124,6 +130,7 @@ def initialize(opts={}) | |
@iterations = opts.fetch(:iterations, 1) | ||
@keep = opts.fetch(:keep, false) | ||
@nops = opts.fetch(:nops, 0) | ||
@padsize = opts.fetch(:padsize, 0) | ||
@payload = opts.fetch(:payload, '') | ||
@platform = opts.fetch(:platform, '') | ||
@space = opts.fetch(:space, 1.gigabyte) | ||
|
@@ -364,6 +371,9 @@ def generate_payload | |
encoded_payload = encode_payload(raw_payload) | ||
end | ||
encoded_payload = prepend_nops(encoded_payload) | ||
if(@padsize > 0) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same thing here. surprised msftidy didn't complain. |
||
encoded_payload = pad_size(encoded_payload, padsize - encoded_payload.length) | ||
end | ||
cli_print "Payload size: #{encoded_payload.length} bytes" | ||
gen_payload = format_payload(encoded_payload) | ||
end | ||
|
@@ -381,7 +391,6 @@ def generate_payload | |
end | ||
end | ||
|
||
|
||
# This method generates the raw form of the payload as generated by the payload module itself. | ||
# @raise [Msf::IncompatiblePlatform] if no platform was selected for a stdin payload | ||
# @raise [Msf::IncompatibleArch] if no arch was selected for a stdin payload | ||
|
@@ -477,15 +486,29 @@ def prepend_nops(shellcode) | |
nop = framework.nops.create(name) | ||
raw = nop.generate_sled(nops, {'BadChars' => badchars, 'SaveRegisters' => [ 'esp', 'ebp', 'esi', 'edi' ] }) | ||
if raw | ||
cli_print "Successfully added NOP sled from #{name}" | ||
cli_print "Successfully added NOP sled of size #{raw.length} from #{name}" | ||
return raw + shellcode | ||
end | ||
end | ||
end | ||
else | ||
shellcode | ||
end | ||
end | ||
|
||
# This method prepends a NOP sled onto the encoded payload with a size | ||
# based on a subtraction of the payload size from the padsize value | ||
# given to the generator. | ||
# @param shellcode [String] The shellcode to prepend the NOPs to | ||
# @param sub_nops [Integer] Value derived from a subtraction of the encoded payload length from the padsize. | ||
def pad_size(shellcode, sub_nops) | ||
if @padsize < shellcode.length | ||
raise PadSizeViolation, "pad-size value #{@padsize} is less than payload size." | ||
else | ||
@nops = sub_nops | ||
end | ||
return prepend_nops(shellcode) | ||
end | ||
|
||
# This method runs a specified encoder, for a number of defined iterations against the shellcode. | ||
# @param encoder_module [Msf::Encoder] The Encoder to run against the shellcode | ||
# @param shellcode [String] The shellcode to be encoded | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor whitespace issue here, I can fix that. Just be sure to use spaces instead of tabs in the future
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, sorry about this. I'll be more careful in the future.