msfpayload - framework2 (master)

Tree @master (Download .tar.gz)

msfpayload @master — raw · history · blame

#!/usr/bin/perl
###############

##
#         Name: msfpayload
#       Author: H D Moore <hdm [at] metasploit.com>
#      Version: $Revision: 3753 $
#  Description: Command line interface for generating Metasploit payloads
#      License:
#
#      This file is part of the Metasploit Exploit Framework
#      and is subject to the same licenses and copyrights as
#      the rest of this package.
#
##

require 5.6.0;

use strict;
use FindBin qw{$RealBin};
use lib "$RealBin/lib";

use Getopt::Std;
use POSIX;

use Msf::TextUI;
use Pex;

no utf8;
no locale;

Msf::UI::ActiveStateSucks();
Msf::UI::BrokenUTF8();

my $ui = Msf::TextUI->new($RealBin);
my $FRAMEVERSION = $ui->Version;
my $VERSION = '$Revision: 3753 $';

my %opts;
getopts('hv', \%opts);
Version() if($opts{'v'});

$ui->SetTempEnv('_MsfPayload', 1);
$ui->SetTempEnv('DebugLevel', 0);

my $exploits = { };
my $payloads = { };
my $payloadsIndex = $ui->LoadPayloads;

foreach my $key (keys(%{$payloadsIndex})) {
    $payloads->{$payloadsIndex->{$key}->SelfEndName} = $payloadsIndex->{$key};
}

$ui->SetTempEnv('_Payloads', $payloadsIndex);

my $sel = shift(@ARGV);
my $p = $payloads->{$sel};
Usage() if($opts{'h'});
Usage() if ! $p;

my $action = uc(pop(@ARGV));

foreach my $opt (@ARGV) {
  $ui->SetTempEnv(split('=', $opt));
}

$p->_Load;
$ui->SetTempEnv('_PayloadName', $sel);
$ui->SetTempEnv('_Payload', $p);

if (! $action || $action =~ /^S/)
{
    print "\n" . $ui->DumpPayloadSummary($p);
    exit(0);
}

Usage() if $action !~ /^(C|P|R|X|J)/;

if ($action =~ /^R/) { print $p->Build; exit; }

if ($p->Multistage) {
    print STDERR "Warning: Multistage payloads only return first stage\n";
}

if ($action =~ /^X/) {
	my (%pos, %parch);
	
	map {   $pos{$_}++ } @{ $p->OS };
	map { $parch{$_}++ } @{ $p->Arch };

	# Generate a PE image for Windows payloads
	if ($pos{'win32'} && $parch{'x86'}) {
		ExportWinPE();
	}
	
	# Generate a shell script if there is no architecture
	if (! scalar(keys(%parch))) {
		print "#!/bin/sh\n" . $p->Build;
		exit(0);
	}
	
	print STDERR "Error: No export format is implemented for this payload\n";
	exit(0);
}


# Needs to
if ($action =~ /^J/) {
	my $end = 'LE';
	my (%pos, %parch);
	map {   $pos{$_}++ } @{ $p->OS };
	map { $parch{$_}++ } @{ $p->Arch };
	
	if (! scalar(keys(%parch)) || $parch{'x86'}) {
		$end = 'LE';
	} else {
		$end = 'BE';
	}
	
	my $out = '';
	$out .= "// Created by msfpayload, a component of the Metasploit Framework ($FRAMEVERSION)\n";
	$out .= "// This variable contains the ".$p->SelfEndName." payload\n";
	$out .= "// Options:\n";
	$out .= "//\tEndian=".$end."\n";
	
	foreach (keys %{ $ui->GetTempEnv() }) {
		next if $_ =~ /^_/;
		$out .= "//\t" . $_ ."=". $ui->GetTempEnv($_)."\n";
	}
	$out .= "var shellcode = unescape('";
	$out .= Pex::Utils::JSUnescape($p->Build, $end);
	$out .= "');\n";	

	print STDOUT $out;
	exit(0);
}
my $r = $action =~ /^C/ ? Pex::Text::BufferC($p->Build) : Pex::Text::BufferPerl($p->Build);

print $r;
exit(0);

sub Usage
{
    print STDERR "\n   Usage: $0 <payload> [var=val] <S|C|P|R|X>\n\n";
    print STDERR "Payloads: \n";
    print STDERR $ui->DumpPayloads(2, $payloads);
    print STDERR "\n";
    exit(0);
}

sub ExportWinPE {
	# Comments are limited to 512 bytes
	# Payloads are limited to 8192 bytes
	
	my $bin = $p->Build;
	my $com = "Created by msfpayload, a component of the Metasploit Framework ($FRAMEVERSION). ".
			  "This executable contains the ".$p->SelfEndName." payload, ".
			  "generated with the following set of options: ";

	foreach (keys %{ $ui->GetTempEnv() }) {
		next if $_ =~ /^_/;
		$com .= $_ ."=". $ui->GetTempEnv($_)." ";
	}
	
	print STDOUT Pex::Utils::CreateWin32PE($bin, $com);
	exit(0);
}

sub Version {
    my $ver = Pex::Utils::Rev2Ver($VERSION);
    print STDERR qq{
   Framework Version:  $FRAMEVERSION
  Msfpayload Version:  $ver

};
  exit(0);
}