Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer Rex::Text.dehex over Rex::Text.hex_to_raw in msfvenom #12108

Merged
merged 1 commit into from
Jul 22, 2019
Merged

Prefer Rex::Text.dehex over Rex::Text.hex_to_raw in msfvenom #12108

merged 1 commit into from
Jul 22, 2019

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Jul 19, 2019
edited
Loading

Rex::Text.dehex allows character literals interleaved with escaped hex, while Rex::Text.hex_to_raw takes only escaped hex. Enhances -b/--bad-chars and --encrypt-key.

Please see rapid7/rex-text#22 and #9869.

-b/--bad-chars

wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$ ./msfvenom -p generic/custom -e generic/none -b " " PAYLOADSTR="hello world"
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of generic/none
generic/none failed with Encoding failed due to a bad character (index=5, char=0x20)
Error: An encoding exception occurred.
wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$

--encrypt-key

wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$ ./msfvenom -p generic/custom --encrypt xor --encrypt-key "\x0f" PAYLOADSTR="hello world"
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 11 bytes
gjcc`/x`}ck
wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$

wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$ ./msfvenom -p generic/custom --encrypt xor --encrypt-key "\x00\x00\x00\x00\x00\x0c" PAYLOADSTR="hello world"
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 11 bytes
hello,world
wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$

wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$ ./msfvenom -p generic/custom --encrypt xor --encrypt-key "hello world" PAYLOADSTR="hello world" | xxd -g 1
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 11 bytes

00000000: 00 00 00 00 00 00 00 00 00 00 00                 ...........
wvu@kharak:/rapid7/metasploit-framework:feature/msfvenom$

Fixes e344adb.

@wvu
Prefer Rex::Text.dehex over Rex::Text.hex_to_raw
8ef7668 
The former allows character literals interleaved with escaped hex.
@wvu wvu requested review from wchen-r7 and asoto-r7 July 19, 2019 23:17
@wvu wvu mentioned this pull request Jul 19, 2019
Merged
@asoto-r7 asoto-r7 self-assigned this Jul 22, 2019
@asoto-r7 asoto-r7 merged commit 8ef7668 into rapid7:master Jul 22, 2019
asoto-r7 added a commit that referenced this pull request Jul 22, 2019
@asoto-r7
Land #12108, Prefer Rex::Text.dehex over hex_to_raw in msfvenom
77a17f3
@wvu wvu deleted the feature/msfvenom branch July 22, 2019 22:21
jmartin-tech pushed a commit that referenced this pull request Jul 22, 2019
@asoto-r7 @jmartin-tech
Land #12108, Prefer Rex::Text.dehex over hex_to_raw in msfvenom
cd6d3c5
@wvu
Copy link
Contributor Author

wvu commented Jul 23, 2019
edited by tdoan-r7
Loading

Release Notes

The msfvenom's bad character and encryption key specification now accepts character literals and escaped hex.

@wvu wvu mentioned this pull request Jul 23, 2019
Merged
@tdoan-r7 tdoan-r7 added the rn-enhancement release notes enhancement label Aug 7, 2019
@wvu wvu mentioned this pull request Aug 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wchen-r7 wchen-r7 Awaiting requested review from wchen-r7

@asoto-r7 asoto-r7 Awaiting requested review from asoto-r7

Assignees
No one assigned
Labels
enhancement msfvenom rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wvu @tdoan-r7 @asoto-r7