Land #5370, support specifying maximum encoder space with msfvenom

2024-10-29 18:07:27 +01:00 · 2015-05-18 16:43:12 -05:00 · 2015-05-18 16:43:12 -05:00 · 84060bbaeb
commit 84060bbaeb
parent 5d085a3e13 fb43ef4494
2 changed files with 39 additions and 29 deletions
--- a/lib/msf/core/payload_generator.rb
+++ b/lib/msf/core/payload_generator.rb
@ -64,6 +64,9 @@ module Msf
    # @!attribute  space
    #   @return [Fixnum] The maximum size in bytes of the payload
    attr_accessor :space
+    # @!attribute  encoder_space
+    #   @return [Fixnum] The maximum size in bytes of the encoded payload
+    attr_accessor :encoder_space
    # @!attribute  stdin
    #   @return [String] The raw bytes of a payload taken from STDIN
    attr_accessor :stdin
@ -85,6 +88,7 @@ module Msf
    # @option opts [String] :badchars (see #badchars)
    # @option opts [String] :template (see #template)
    # @option opts [Fixnum] :space (see #space)
+    # @option opts [Fixnum] :encoder_space (see #encoder_space)
    # @option opts [Fixnum] :nops (see #nops)
    # @option opts [String] :add_code (see #add_code)
    # @option opts [Boolean] :keep (see #keep)
@ -109,6 +113,7 @@ module Msf
      @stdin      = opts.fetch(:stdin, nil)
      @template   = opts.fetch(:template, '')
      @var_name   = opts.fetch(:var_name, 'buf')
+      @encoder_space = opts.fetch(:encoder_space, @space)

      @framework  = opts.fetch(:framework)

@ -200,7 +205,7 @@ module Msf
        encoder_list.each do |encoder_mod|
          cli_print "Attempting to encode payload with #{iterations} iterations of #{encoder_mod.refname}"
          begin
-            encoder_mod.available_space = @space
+            encoder_mod.available_space = @encoder_space
            return run_encoder(encoder_mod, shellcode.dup)
          rescue ::Msf::EncoderSpaceViolation => e
            cli_print "#{encoder_mod.refname} failed with #{e.message}"
@ -395,7 +400,7 @@ module Msf
      iterations.times do |x|
        shellcode = encoder_module.encode(shellcode.dup, badchars, nil, platform_list)
        cli_print "#{encoder_module.refname} succeeded with size #{shellcode.length} (iteration=#{x})"
-        if shellcode.length > space
+        if shellcode.length > encoder_space
          raise EncoderSpaceViolation, "encoder has made a buffer that is too big"
        end
      end
--- a/59
+++ b/59
@ -58,7 +58,8 @@ require 'msf/core/payload_generator'
    opt.separator('')
    opt.separator('Options:')

-    opt.on('-p', '--payload    <payload>', String, 'Payload to use. Specify a \'-\' or stdin to use custom payloads') do |p|
+    opt.on('-p', '--payload       <payload>', String,
+      'Payload to use. Specify a \'-\' or stdin to use custom payloads') do |p|
      if p == '-'
        opts[:payload] = 'stdin'
      else
@ -66,50 +67,67 @@ require 'msf/core/payload_generator'
      end
    end

-    opt.on('-l', '--list       [module_type]', Array, 'List a module type. Options are: payloads, encoders, nops, all') do |l|
+    opt.on('--payload-options', "List the payload's standard options") do
+      opts[:list_options] = true
+    end
+
+    opt.on('-l', '--list          [type]', Array, 'List a module type. Options are: payloads, encoders, nops, all') do |l|
      if l.nil? or l.empty?
        l = ["all"]
      end
      opts[:list] = l
    end

-    opt.on('-n', '--nopsled    <length>', Integer, 'Prepend a nopsled of [length] size on to the payload') do |n|
+    opt.on('-n', '--nopsled       <length>', Integer, 'Prepend a nopsled of [length] size on to the payload') do |n|
      opts[:nops] = n.to_i
    end

-    opt.on('-f', '--format     <format>', String, "Output format (use --help-formats for a list)") do |f|
+    opt.on('-f', '--format        <format>', String, "Output format (use --help-formats for a list)") do |f|
      opts[:format] = f
    end

-    opt.on('-e', '--encoder    [encoder]', String, 'The encoder to use') do |e|
+    opt.on('--help-formats', String, "List available formats") do
+      init_framework(:module_types => [])
+      msg = "Executable formats\n" +
+            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" +
+            "Transform formats\n" +
+            "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ")
+      raise UsageError, msg
+    end
+
+    opt.on('-e', '--encoder       <encoder>', String, 'The encoder to use') do |e|
      opts[:encoder] = e
    end

-    opt.on('-a', '--arch       <architecture>', String, 'The architecture to use') do |a|
+    opt.on('-a', '--arch          <arch>', String, 'The architecture to use') do |a|
      opts[:arch] = a
    end

-    opt.on('--platform   <platform>', String, 'The platform of the payload') do |l|
+    opt.on('--platform      <platform>', String, 'The platform of the payload') do |l|
      opts[:platform] = l
    end

-    opt.on('-s', '--space      <length>', Integer, 'The maximum size of the resulting payload') do |s|
+    opt.on('-s', '--space         <length>', Integer, 'The maximum size of the resulting payload') do |s|
      opts[:space] = s
    end

-    opt.on('-b', '--bad-chars  <list>', String, 'The list of characters to avoid example: \'\x00\xff\'') do |b|
+    opt.on('--encoder-space <length>', Integer, 'The maximum size of the encoded payload (defaults to the -s value)') do |s|
+      opts[:encoder_space] = s
+    end
+
+    opt.on('-b', '--bad-chars     <list>', String, 'The list of characters to avoid example: \'\x00\xff\'') do |b|
      opts[:badchars] = Rex::Text.hex_to_raw(b)
    end

-    opt.on('-i', '--iterations <count>', Integer, 'The number of times to encode the payload') do |i|
+    opt.on('-i', '--iterations    <count>', Integer, 'The number of times to encode the payload') do |i|
      opts[:iterations] = i
    end

-    opt.on('-c', '--add-code   <path>', String, 'Specify an additional win32 shellcode file to include') do |x|
+    opt.on('-c', '--add-code      <path>', String, 'Specify an additional win32 shellcode file to include') do |x|
      opts[:add_code] = x
    end

-    opt.on('-x', '--template   <path>', String, 'Specify a custom executable file to use as a template') do |x|
+    opt.on('-x', '--template      <path>', String, 'Specify a custom executable file to use as a template') do |x|
      opts[:template] = x
    end

@ -117,15 +135,11 @@ require 'msf/core/payload_generator'
      opts[:keep] = true
    end

-    opt.on('--payload-options', "List the payload's standard options") do
-      opts[:list_options] = true
-    end
-
-    opt.on('-o', '--out   <path>', 'Save the payload') do |x|
+    opt.on('-o', '--out           <path>', 'Save the payload') do |x|
      opts[:out] = x
    end

-    opt.on('-v', '--var-name <name>', String, 'Specify a custom variable name to use for certain output formats') do |x|
+    opt.on('-v', '--var-name      <name>', String, 'Specify a custom variable name to use for certain output formats') do |x|
      opts[:var_name] = x
    end

@ -133,15 +147,6 @@ require 'msf/core/payload_generator'
      raise UsageError, "#{opt}"
    end

-    opt.on_tail('--help-formats', String, "List available formats") do
-      init_framework(:module_types => [])
-      msg = "Executable formats\n" +
-            "\t" + ::Msf::Util::EXE.to_executable_fmt_formats.join(", ") + "\n" +
-            "Transform formats\n" +
-            "\t" + ::Msf::Simple::Buffer.transform_formats.join(", ")
-      raise UsageError, msg
-    end
-
    begin
      opt.parse!(args)
    rescue OptionParser::InvalidOption => e