From 793048c8790cf786f418d07d820d30edd2f02942 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Mon, 7 May 2007 04:42:11 +0000
Subject: [PATCH] This patch adds support for java byte array output (useful
 for sticking shellcode into java applets).

git-svn-id: file:///home/svn/framework3/trunk@4880 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/base/simple/buffer.rb |  4 ++++
 lib/rex/text.rb               | 23 +++++++++++++++++++++++
 msfpayload                    |  3 ++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb
index 9448013b73..efe4aa0ed5 100644
--- a/lib/msf/base/simple/buffer.rb
+++ b/lib/msf/base/simple/buffer.rb
@@ -29,6 +29,8 @@ module Buffer
 				buf = Rex::Text.to_unescape(buf, ENDIAN_BIG)
 			when 'js_le'
 				buf = Rex::Text.to_unescape(buf, ENDIAN_LITTLE)
+			when 'java'
+				buf = Rex::Text.to_java(buf)
 			else
 				raise ArgumentError, "Unsupported buffer format: #{fmt}", caller
 		end
@@ -51,6 +53,8 @@ module Buffer
 				buf = Rex::Text.to_c_comment(buf)
 			when 'js_be', 'js_le'
 				buf = Rex::Text.to_js_comment(buf)
+			when 'java'
+				buf = Rex::Text.to_c_comment(buf)
 			else
 				raise ArgumentError, "Unsupported buffer format: #{fmt}", caller
 		end
diff --git a/lib/rex/text.rb b/lib/rex/text.rb
index 8ce7928919..a91b4a1c32 100644
--- a/lib/rex/text.rb
+++ b/lib/rex/text.rb
@@ -106,6 +106,29 @@ module Text
 		return hexify(str, wrap, '"', '" .', '', '";')
 	end
 
+	#
+	# Converts a raw string into a java byte array
+	#
+	def self.to_java(str)
+		buff = "byte shell[] = new byte[]\n{\n"
+		cnt = 0
+		max = 0
+		str.unpack('C*').each do |c|
+			buff << ", " if max > 0
+			buff << "\t" if max == 0
+			buff << sprintf('(byte) 0x%.2x', c)
+			max +=1
+			cnt +=1 
+			
+			if (max > 7)	
+				buff << ",\n" if cnt != str.length 
+				max = 0
+			end
+		end
+		buff << "\n};\n"
+		return buff	
+	end
+	
 	#
 	# Creates a perl-style comment
 	#
diff --git a/msfpayload b/msfpayload
index a2dc2d0be9..4bc26b9e48 100755
--- a/msfpayload
+++ b/msfpayload
@@ -56,12 +56,13 @@ cmd = ARGV.pop.downcase
 # Populate the framework datastore
 options = ARGV.join(',')
 
-if (cmd =~ /^(p|r|c|j|x)/)
+if (cmd =~ /^(p|r|c|j|x|b)/)
 	fmt = 'perl' if (cmd =~ /^p/)
 	fmt = 'raw' if (cmd =~ /^(r|x)/)
 	fmt = 'c' if (cmd == 'c')
 	fmt = 'js_be' if (cmd =~ /^j/ and Rex::Arch.endian(payload.arch) == ENDIAN_BIG)
 	fmt = 'js_le' if (cmd =~ /^j/ and ! fmt)
+	fmt = 'java'  if (cmd =~ /^b/)
 		
 	begin
 		buf = payload.generate_simple(