1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Land #6013, add mainframe as a platform and architecture

This commit is contained in:
Brent Cook 2015-09-29 13:28:23 -05:00
commit 54f9a3b25a
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
10 changed files with 220 additions and 3 deletions

View File

@ -524,4 +524,12 @@ class Msf::Module::Platform
Rank = 100
Alias = "firefox"
end
#
# Mainframe
#
class Mainframe < Msf::Module::Platform
Rank = 100
Alias = "mainframe"
end
end

View File

@ -30,6 +30,7 @@ class Payload < Msf::Module
require 'msf/core/payload/java'
require 'msf/core/payload/dalvik'
require 'msf/core/payload/firefox'
require 'msf/core/payload/mainframe'
##
#

View File

@ -0,0 +1,33 @@
# -*- coding: binary -*-
require 'msf/core'
###
#
# This class is here to implement advanced features for mainframe based
# payloads. Mainframe payloads are expected to include this module if
# they want to support these features.
#
###
module Msf::Payload::Mainframe
#
# Z notes
# Z notes
#
def initialize(info = {})
ret = super(info)
end
#
# Returns a list of compatible encoders based on mainframe architecture
# most will not work because of the different architecture
# an XOR-based encoder will be defined soon
#
def compatible_encoders
encoders = super()
encoders2 = ['/generic\/none/','none']
return encoders2
end
end

View File

@ -18,6 +18,7 @@ module Arch
#
require 'rex/arch/x86'
require 'rex/arch/sparc'
require 'rex/arch/zarch'
#
# This routine adjusts the stack pointer for a given architecture.
@ -64,6 +65,8 @@ module Arch
[addr].pack('V')
when ARCH_ARMBE
[addr].pack('N')
when ARCH_ZARCH
[addr].pack('Q>')
end
end
@ -95,6 +98,8 @@ module Arch
return ENDIAN_LITTLE
when ARCH_ARMBE
return ENDIAN_BIG
when ARCH_ZARCH
return ENDIAN_BIG
end
return ENDIAN_LITTLE

17
lib/rex/arch/zarch.rb Normal file
View File

@ -0,0 +1,17 @@
# -*- coding: binary -*-
module Rex
module Arch
#
# base module for ZARCH creation 8/13/15
# Author: BeS Bigendian Smalls
#
module ZARCH
end
end end

View File

@ -88,6 +88,7 @@ ARCH_DALVIK = 'dalvik'
ARCH_PYTHON = 'python'
ARCH_NODEJS = 'nodejs'
ARCH_FIREFOX = 'firefox'
ARCH_ZARCH = 'zarch'
ARCH_TYPES =
[
ARCH_X86,
@ -110,7 +111,8 @@ ARCH_TYPES =
ARCH_DALVIK,
ARCH_PYTHON,
ARCH_NODEJS,
ARCH_FIREFOX
ARCH_FIREFOX,
ARCH_ZARCH,
]
ARCH_ALL = ARCH_TYPES

View File

@ -45,6 +45,93 @@ module Text
DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ]
# The Iconv translation table for IBM's mainframe / System Z
# (z/os, s390, mvs, etc) - This is a different implementation
# of EBCDIC than the Iconv_EBCDIC below.
# It is technically referred to as Code Page IBM1047.
# This will be net new (until Ruby supports 1047 code page)
# for all Mainframe / SystemZ based modules
# that need to convert ASCII to EBCDIC
#
# The bytes are indexed by ASCII conversion number
# e.g. Iconv_IBM1047[0x41] == \xc1 for letter "A"
#
# Note the characters CANNOT be assumed to be in any logical
# order. Nor are the tables reversible. Lookups must be for each byte
# https://gist.github.com/bigendiansmalls/b08483ecedff52cc8fa3
#
Iconv_IBM1047 = [
"\x00","\x01","\x02","\x03","\x37","\x2d","\x2e","\x2f",
"\x16","\x05","\x15","\x0b","\x0c","\x0d","\x0e","\x0f","\x10",
"\x11","\x12","\x13","\x3c","\x3d","\x32","\x26","\x18","\x19",
"\x3f","\x27","\x1c","\x1d","\x1e","\x1f","\x40","\x5a","\x7f",
"\x7b","\x5b","\x6c","\x50","\x7d","\x4d","\x5d","\x5c","\x4e",
"\x6b","\x60","\x4b","\x61","\xf0","\xf1","\xf2","\xf3","\xf4",
"\xf5","\xf6","\xf7","\xf8","\xf9","\x7a","\x5e","\x4c","\x7e",
"\x6e","\x6f","\x7c","\xc1","\xc2","\xc3","\xc4","\xc5","\xc6",
"\xc7","\xc8","\xc9","\xd1","\xd2","\xd3","\xd4","\xd5","\xd6",
"\xd7","\xd8","\xd9","\xe2","\xe3","\xe4","\xe5","\xe6","\xe7",
"\xe8","\xe9","\xad","\xe0","\xbd","\x5f","\x6d","\x79","\x81",
"\x82","\x83","\x84","\x85","\x86","\x87","\x88","\x89","\x91",
"\x92","\x93","\x94","\x95","\x96","\x97","\x98","\x99","\xa2",
"\xa3","\xa4","\xa5","\xa6","\xa7","\xa8","\xa9","\xc0","\x4f",
"\xd0","\xa1","\x07","\x20","\x21","\x22","\x23","\x24","\x25",
"\x06","\x17","\x28","\x29","\x2a","\x2b","\x2c","\x09","\x0a",
"\x1b","\x30","\x31","\x1a","\x33","\x34","\x35","\x36","\x08",
"\x38","\x39","\x3a","\x3b","\x04","\x14","\x3e","\xff","\x41",
"\xaa","\x4a","\xb1","\x9f","\xb2","\x6a","\xb5","\xbb","\xb4",
"\x9a","\x8a","\xb0","\xca","\xaf","\xbc","\x90","\x8f","\xea",
"\xfa","\xbe","\xa0","\xb6","\xb3","\x9d","\xda","\x9b","\x8b",
"\xb7","\xb8","\xb9","\xab","\x64","\x65","\x62","\x66","\x63",
"\x67","\x9e","\x68","\x74","\x71","\x72","\x73","\x78","\x75",
"\x76","\x77","\xac","\x69","\xed","\xee","\xeb","\xef","\xec",
"\xbf","\x80","\xfd","\xfe","\xfb","\xfc","\xba","\xae","\x59",
"\x44","\x45","\x42","\x46","\x43","\x47","\x9c","\x48","\x54",
"\x51","\x52","\x53","\x58","\x55","\x56","\x57","\x8c","\x49",
"\xcd","\xce","\xcb","\xcf","\xcc","\xe1","\x70","\xdd","\xde",
"\xdb","\xdc","\x8d","\x8e","\xdf"
]
#
# This is the reverse of the above, converts EBCDIC -> ASCII
# The bytes are indexed by IBM1047(EBCDIC) conversion number
# e.g. Iconv_ISO8859_1[0xc1] = \x41 for letter "A"
#
# Note the characters CANNOT be assumed to be in any logical (e.g. sequential)
# order. Nor are the tables reversible. Lookups must be done byte by byte
#
Iconv_ISO8859_1 = [
"\x00","\x01","\x02","\x03","\x9c","\x09","\x86","\x7f",
"\x97","\x8d","\x8e","\x0b","\x0c","\x0d","\x0e","\x0f","\x10",
"\x11","\x12","\x13","\x9d","\x0a","\x08","\x87","\x18","\x19",
"\x92","\x8f","\x1c","\x1d","\x1e","\x1f","\x80","\x81","\x82",
"\x83","\x84","\x85","\x17","\x1b","\x88","\x89","\x8a","\x8b",
"\x8c","\x05","\x06","\x07","\x90","\x91","\x16","\x93","\x94",
"\x95","\x96","\x04","\x98","\x99","\x9a","\x9b","\x14","\x15",
"\x9e","\x1a","\x20","\xa0","\xe2","\xe4","\xe0","\xe1","\xe3",
"\xe5","\xe7","\xf1","\xa2","\x2e","\x3c","\x28","\x2b","\x7c",
"\x26","\xe9","\xea","\xeb","\xe8","\xed","\xee","\xef","\xec",
"\xdf","\x21","\x24","\x2a","\x29","\x3b","\x5e","\x2d","\x2f",
"\xc2","\xc4","\xc0","\xc1","\xc3","\xc5","\xc7","\xd1","\xa6",
"\x2c","\x25","\x5f","\x3e","\x3f","\xf8","\xc9","\xca","\xcb",
"\xc8","\xcd","\xce","\xcf","\xcc","\x60","\x3a","\x23","\x40",
"\x27","\x3d","\x22","\xd8","\x61","\x62","\x63","\x64","\x65",
"\x66","\x67","\x68","\x69","\xab","\xbb","\xf0","\xfd","\xfe",
"\xb1","\xb0","\x6a","\x6b","\x6c","\x6d","\x6e","\x6f","\x70",
"\x71","\x72","\xaa","\xba","\xe6","\xb8","\xc6","\xa4","\xb5",
"\x7e","\x73","\x74","\x75","\x76","\x77","\x78","\x79","\x7a",
"\xa1","\xbf","\xd0","\x5b","\xde","\xae","\xac","\xa3","\xa5",
"\xb7","\xa9","\xa7","\xb6","\xbc","\xbd","\xbe","\xdd","\xa8",
"\xaf","\x5d","\xb4","\xd7","\x7b","\x41","\x42","\x43","\x44",
"\x45","\x46","\x47","\x48","\x49","\xad","\xf4","\xf6","\xf2",
"\xf3","\xf5","\x7d","\x4a","\x4b","\x4c","\x4d","\x4e","\x4f",
"\x50","\x51","\x52","\xb9","\xfb","\xfc","\xf9","\xfa","\xff",
"\x5c","\xf7","\x53","\x54","\x55","\x56","\x57","\x58","\x59",
"\x5a","\xb2","\xd4","\xd6","\xd2","\xd3","\xd5","\x30","\x31",
"\x32","\x33","\x34","\x35","\x36","\x37","\x38","\x39","\xb3",
"\xdb","\xdc","\xd9","\xda","\x9f"
]
# The Iconv translation table. The Iconv gem is deprecated in favor of
# String#encode, yet there is no encoding for EBCDIC. See #4525
Iconv_EBCDIC = [
@ -396,7 +483,7 @@ module Text
new_str.join
end
# A native implementation of the EBCIDC to ASCII conversion table, since
# A native implementation of the EBCDIC to ASCII conversion table, since
# EBCDIC isn't available to String#encode as of Ruby 2.1
#
# @param str [String] an EBCDIC encoded string
@ -414,6 +501,39 @@ module Text
new_str.join
end
#
# The next two are the same as the above, except strictly for z/os
# conversions
# strictly for IBM1047 -> ISO8859-1
# A native implementation of the IBM1047(EBCDIC) -> ISO8859-1(ASCII)
# conversion table, since EBCDIC isn't available to String#encode as of Ruby 2.1
# all 256 bytes are defined
#
def self.to_ibm1047(str)
return str if str.nil?
new_str = []
str.each_byte do |x|
new_str << Iconv_IBM1047[x.ord]
end
new_str.join
end
#
# The next two are the same as the above, except strictly for z/os
# conversions
# strictly for ISO8859-1 -> IBM1047
# A native implementation of the ISO8859-1(ASCII) -> IBM1047(EBCDIC)
# conversion table, since EBCDIC isn't available to String#encode as of Ruby 2.1
#
def self.from_ibm1047(str)
return str if str.nil?
new_str = []
str.each_byte do |x|
new_str << Iconv_ISO8859_1[x.ord]
end
new_str.join
end
#
# Returns the words in +str+ as an Array.
#

View File

@ -30,7 +30,7 @@ class Metasploit3 < Msf::Exploit::Remote
'BadChars' => '',
'DisableNops' => true,
},
'Platform' => %w{ android bsd java js linux osx nodejs php python ruby solaris unix win },
'Platform' => %w{ android bsd java js linux osx nodejs php python ruby solaris unix win mainframe },
'Arch' => ARCH_ALL,
'Targets' => [ [ 'Wildcard Target', { } ] ],
'DefaultTarget' => 0

View File

@ -0,0 +1,17 @@
# -*- coding:binary -*-
require 'spec_helper'
require 'rex/arch'
describe Rex::Arch do
describe ".pack_addr" do
subject { described_class.pack_addr(arch, addr) }
context "when arch is ARCH_ZARCH" do
let(:arch) { ARCH_ZARCH }
let(:addr) { 0xdeadbeefbe655321 }
it "packs addr as 64-bit unsigned, big-endian" do
is_expected.to eq("\xDE\xAD\xBE\xEF\xBEeS!")
end
end
end
end

View File

@ -22,6 +22,20 @@ describe Rex::Text do
end
end
context ".to_ibm1047" do
it "should convert ASCII to mainfram EBCDIC (cp1047)" do
described_class.to_ibm1047(%q[^[](){}%!$#1234567890abcde'"`~]).should
eq("_\xAD\xBDM]\xC0\xD0lZ[{\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8\xF9\xF0\x81\x82\x83\x84\x85}\x7Fy\xA1")
end
end
context ".from_1047" do
it "should convert mainframe EBCDIC (cp1047) to ASCII (ISO-8859-1)" do
described_class.from_ibm1047(%q[^[](){}%!$#1234567890abcde'"`~]).should
eq(";$)\x88\x89#'\x85\x81\x84\x83\x91\x16\x93\x94\x95\x96\x04\x98\x99\x90/\xC2\xC4\xC0\xC1\e\x82-=")
end
end
context ".to_utf8" do
it "should convert a string to UTF-8, skipping badchars" do
described_class.to_utf8("Hello, world!").should eq("Hello, world!")