Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/util/exe/linux/x86.rb
57477 views
1
# -*- coding: binary -*-

2
module Msf::Util::EXE::Linux::X86

3
  include Msf::Util::EXE::Common

4
  include Msf::Util::EXE::Linux::Common

5


6


7
  def self.included(base)

8
    base.extend(ClassMethods)

9
  end

10
  

11
  module ClassMethods

12


13
    # Create a 32-bit Linux ELF containing the payload provided in +code+

14
    # to_linux_x86_elf

15
    #

16
    # @param framework  [Msf::Framework]  The framework of you want to use

17
    # @param code       [String]

18
    # @param opts       [Hash]

19
    # @option           [String] :template

20
    # @return           [String] Returns an elf

21
    def to_linux_x86_elf(framework, code, opts = {})

22
      default = true unless opts[:template]

23


24
      return to_exe_elf(framework, opts, "template_x86_linux.bin", code) if default

25
      return to_linux_x86_custom_elf(framework, code, opts)

26
    end

27


28
    # Create a 32-bit Linux ELF containing the payload provided in +code+ with custom template

29
    # to_linux_x86_custom_elf

30
    #

31
    # @param framework [Msf::Framework]

32
    # @param code       [String]

33
    # @param opts       [Hash]

34
    # @option           [String] :template

35
    # @return           [String] Returns an elf

36
    def to_linux_x86_custom_elf(framework, code, opts = {})

37
      # Use set_template_default to normalize the :template key. It will just end up doing

38
      # opts[:template] = File.join(opts[:template_path], opts[:template])

39
      # for us, check if the file exists.

40
      set_template_default(opts, 'template_x86_linux.bin')

41


42
      # If this isn't our normal template, we have to do some fancy

43
      # header patching to mark the .text section rwx before putting our

44
      # payload into the entry point.

45


46
      # read in the template and parse it

47
      e = Metasm::ELF.decode_file(opts[:template])

48


49
      # This will become a modified copy of the template's original phdr

50
      new_phdr = Metasm::EncodedData.new

51
      e.segments.each { |s|

52
        # Be lazy and mark any executable segment as writable.  Doing

53
        # it this way means we don't have to care about which one

54
        # contains .text

55
        s.flags += [ "W" ] if s.flags.include? "X"

56
        new_phdr << s.encode(e)

57
      }

58


59
      # Copy the original file

60
      elf = get_file_contents(opts[:template], "rb")

61


62
      # Replace the header with our rwx modified version

63
      elf[e.header.phoff, new_phdr.data.length] = new_phdr.data

64


65
      # Replace code at the entrypoint with our payload

66
      entry_off = e.addr_to_off(e.label_addr('entrypoint'))

67
      elf[entry_off, code.length] = code

68
    end

69


70


71
    # Create a 32-bit Linux ELF_DYN containing the payload provided in +code+

72
    # to_linux_x86_elf_dll

73
    #

74
    # @param framework [Msf::Framework]

75
    # @param code       [String]

76
    # @param opts       [Hash]

77
    # @option           [String] :template

78
    # @return           [String] Returns an elf

79
    def to_linux_x86_elf_dll(framework, code, opts = {})

80
      to_exe_elf(framework, opts, "template_x86_linux_dll.bin", code)

81
    end

82
  end

83


84
  class << self

85
    include ClassMethods

86
  end

87


88
end

89


90