Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tell payloads and encoders how much space they have to work with #4876

Merged
merged 3 commits into from
Mar 9, 2015
Merged

Tell payloads and encoders how much space they have to work with #4876

merged 3 commits into from
Mar 9, 2015

Conversation

hdm
Copy link
Contributor

@hdm hdm commented Mar 5, 2015

This change allows payload and encoder modules to become much more dynamic by providing an available_space accessor that is set by the EncodedPayload wrapper. As it stands today, this does nothing, but it opens the door for evasive encoders and payloads that can enable features and randomization based on available room. The actual payloads that use this are being implemented in the complex payload branch.

@hdm hdm added the library label Mar 5, 2015
@hdm hdm mentioned this pull request Mar 8, 2015
Open
19 tasks
@bcook-r7 bcook-r7 self-assigned this Mar 9, 2015
@bcook-r7
Copy link
Contributor

bcook-r7 commented Mar 9, 2015

Do we want available_space to be initialized to anything in the encoder/payload base class? Spot checking the generate method, I see it is called once with available_space=nil, then a second time with it set when generating with mfsvenom.

./msfvenom -p windows/meterpreter/reverse_https 2>&1 |grep bytes
 bytes available
1073741824 bytes available

Maybe something like this?

diff --git a/lib/msf/core/encoder.rb b/lib/msf/core/encoder.rb
index eea5de9..d45c273 100644
--- a/lib/msf/core/encoder.rb
+++ b/lib/msf/core/encoder.rb
@@ -17,6 +17,7 @@ class EncoderState
   def initialize(key = nil)
     @orig_buf = nil
     @buf = nil
+    @available_space = 1.gigabyte
     reset(key)
   end

diff --git a/lib/msf/core/payload.rb b/lib/msf/core/payload.rb
index 06146e4..01bdf80 100644
--- a/lib/msf/core/payload.rb
+++ b/lib/msf/core/payload.rb
@@ -86,6 +86,8 @@ class Payload < Msf::Module
       @staged = false
     end

+    @available_space = 1.gigabyte
+
     # Update the module info hash with the connection type
     # that is derived from the handler for this payload.  This is
     # used for compatibility filtering purposes.

@hdm
Copy link
Contributor Author

hdm commented Mar 9, 2015

@bcall-r7 This is somewhat intentional (it preserves the old behavior when the caller isn't aware of the option). The reason you see first nil then 1Gb is because of the call to generate() on module load [ something we can fix with #4894] before the second call to generate() from msfvenom. The msfvenom -s parameter controls the available space passed to this field.

@bcook-r7
Copy link
Contributor

bcook-r7 commented Mar 9, 2015

Alright. Tested the -s too, landing.

./msfvenom -p windows/meterpreter/reverse_https -s 4 2>&1 |grep bytes
4 bytes available

@bcook-r7 bcook-r7 merged commit c3479ba into rapid7:master Mar 9, 2015
bcook-r7 pushed a commit that referenced this pull request Mar 9, 2015
Land #4876, @hmoore-r7 give encoders and payloads space available
6031791
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bcook-r7 bcook-r7

Labels
library
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hdm @bcook-r7