[framework] using hex strings as options
mmiller at hick.org
mmiller at hick.org
Mon Oct 16 14:18:48 CDT 2006
Committed support to do this for all payloads. Basically, the way you
should handle this is by passing 'V' as the pack type instead of 'HEX'.
It will automatically detect that the values you passed in are hex
strings and convert them as necessary.
Data can be specified in the following formats:
0x12345678
\x78\x56\x34\x12
Let us know if you run into problems.
On Mon, Oct 16, 2006 at 04:28:44PM +0200, Alok Menghrajani wrote:
> Hi,
>
> Let's imagine our exploit hard codes the addresses of LoadLibrary and
> GetProcAddress...
>
> 'Offsets' => {
> 'LOADLIBRARY' => [ 16, 'HEX' ],
> 'GETPROCADDRESS' => [ 33, 'HEX' ],
> },
>
> register_options([
> OptString.new('LOADLIBRARY', [ true,
> "Address of LoadLibraryA", "0x7C801D77" ]),
> OptString.new('GETPROCADDRESS', [ true,
> "Address of GetProcAddress", "0x7C80AC28"])
> ], Msf::Payloads::Singles::Windows::AlokSample)
>
>
> It would be convenient if I could use hex strings in my options (so I
> can easily edit them with the console).So far, the only clean way I have
> found is the following:
>
> def replace_var(raw, name, offset, pack)
> if pack == "HEX"
> val = datastore[name]
> val = val.to_s.hex
> val = [ val.to_i ].pack("V")
> raw[offset, val.length] = val
> return true
> else
> return false
> end
> end
>
>
> Is this the right way to do things ? If yes, shouldn't this little piece
> of code be included in the payload.rb file ?
>
> Thanks for your feedback,
> Alok.
More information about the framework
mailing list