Class: Msf::Payload
Overview
This class represents the base class for a logical payload. The framework automatically generates payload combinations at runtime which are all extended from this Payload as a base class.
Defined Under Namespace
Modules: Adapter, Aix, Android, Bsd, Firefox, Generic, Hardware, JSP, Java, Linux, Mainframe, Multi, Netware, NodeJS, Osx, Php, Pingback, Python, R, Ruby, Single, Solaris, Stager, TransportConfig, Type, Windows Classes: Apk, MachO, UUID
Constant Summary
Constants inherited from Module
Module::REPLICANT_EXTENSION_DS_KEY
Constants included from Module::ModuleInfo
Module::ModuleInfo::UpdateableOptions
Instance Attribute Summary collapse
-
#append ⇒ Object
This attribute holds the string that should be appended to the buffer when it's generated.
-
#assoc_exploit ⇒ Object
If this payload is associated with an exploit, the assoc_exploit attribute will point to that exploit instance.
-
#available_space ⇒ Object
The amount of space available to the payload, which may be nil, indicating that the smallest possible payload should be used.
-
#prepend ⇒ Object
This attribute holds the string that should be prepended to the buffer when it's generated.
-
#prepend_encoder ⇒ Object
This attribute holds the string that should be prepended to the encoded version of the payload (in front of the encoder as well).
Attributes inherited from Module
#error, #job_id, #license, #platform, #privileged, #references, #user_data
Attributes included from Framework::Offspring
Attributes included from Module::UUID
Attributes included from Rex::Ui::Subscriber::Input
Attributes included from Rex::Ui::Subscriber::Output
Attributes included from Module::Privileged
Attributes included from Module::Options
Attributes included from Module::ModuleStore
Attributes included from Module::ModuleInfo
Attributes included from Module::FullName
Attributes included from Module::DataStore
Attributes included from Module::Author
Attributes included from Module::Arch
Attributes included from Module::Alert
#alerts, #you_have_been_warned
Class Method Summary collapse
-
.cached_size ⇒ Object
This method returns an optional cached size value.
-
.dynamic_size? ⇒ Boolean
This method returns whether the payload generates variable-sized output.
-
.type ⇒ Object
Returns MODULE_PAYLOAD to indicate that this is a payload module.
Instance Method Summary collapse
-
#apply_prepends(raw) ⇒ Object
A placeholder stub, to be overriden by mixins.
-
#assembly ⇒ Object
Returns the assembly string that describes the payload if one exists.
-
#assembly=(asm) ⇒ Object
Sets the assembly string that describes the payload If this method is used to define the payload, a payload with no offsets will be created.
-
#badchars ⇒ Object
Returns the string of bad characters for this payload, if any.
-
#build(asm, off = {}) ⇒ String
protected
If the payload has assembly that needs to be compiled, do so now.
-
#cached_size ⇒ Object
This method returns an optional cached size value.
-
#compatible_encoders ⇒ Object
Returns the array of compatible encoders for this payload instance.
-
#compatible_nops ⇒ Object
Returns the array of compatible nops for this payload instance.
-
#connection_type ⇒ Object
Returns the module's connection type, such as reverse, bind, noconn, or whatever else the case may be.
-
#convention ⇒ Object
Returns the staging convention that the payload uses, if any.
-
#dependencies ⇒ Object
Returns the compiler dependencies if the payload has one.
-
#dynamic_size? ⇒ Boolean
This method returns whether the payload generates variable-sized output.
-
#generate(_opts = {}) ⇒ Object
Generates the payload and returns the raw buffer to the caller.
-
#generate_complete ⇒ Object
Generates the payload and returns the raw buffer to the caller, handling any post-processing tasks, such as prepended code stubs.
-
#handler_klass ⇒ Object
Return the connection associated with this payload, or none if there isn't one.
-
#initialize(info = {}) ⇒ Payload
constructor
Creates an instance of a payload module using the supplied information.
-
#internal_generate ⇒ Object
protected
Generate the payload using our local payload blob and offsets.
-
#merge_name(info, val) ⇒ Object
protected
Merge the name to prefix the existing one and separate them with a comma.
-
#offsets ⇒ Object
Returns the offsets to variables that must be substitute, if any.
-
#on_session(session) ⇒ Object
Once an exploit completes and a session has been created on behalf of the payload, the framework will call the payload's on_session notification routine to allow it to manipulate the session prior to handing off control to the user.
-
#payload ⇒ Object
Returns the raw payload that has not had variable substitution occur.
-
#payload_type ⇒ Object
Returns the type of payload, either single or staged.
-
#payload_type_s ⇒ Object
Returns the string version of the payload type.
-
#raw_to_db(raw) ⇒ Object
Convert raw bytes to metasm-ready 'db' encoding format eg.
-
#replace_var(raw, name, offset, pack) ⇒ Object
Replaces an individual variable in the supplied buffer at an offset using the given pack type.
-
#save_registers ⇒ Object
The list of registers that should be saved by any NOP generators or encoders, if possible.
-
#session ⇒ Object
Returns the session class that is associated with this payload and will be used to create a session as necessary.
-
#size ⇒ Object
Returns the payload's size.
-
#staged? ⇒ Boolean
This method returns whether or not this payload uses staging.
-
#substitute_vars(raw, offsets) ⇒ Object
Substitutes variables with values from the module's datastore in the supplied raw buffer for a given set of named offsets.
-
#symbol_lookup ⇒ Object
Returns the method used by the payload to resolve symbols for the purpose of calling functions, such as ws2ord.
-
#type ⇒ Object
Returns MODULE_PAYLOAD to indicate that this is a payload module.
Methods inherited from Module
#black_listed_auth_filenames, cached?, #debugging?, #default_cred?, #fail_with, #file_path, #framework, #has_check?, #orig_cls, #owner, #perform_extensions, #platform?, #platform_to_s, #post_auth?, #register_extensions, #register_parent, #replicant, #required_cred_options, #set_defaults, #workspace
Methods included from Module::Reliability
#reliability, #reliability_to_s
Methods included from Module::Stability
Methods included from Module::SideEffects
#side_effects, #side_effects_to_s
Methods included from Module::UUID
Methods included from Module::UI
Methods included from Module::UI::Message
#print_error, #print_good, #print_prefix, #print_status, #print_warning
Methods included from Module::UI::Message::Verbose
#vprint_error, #vprint_good, #vprint_status, #vprint_warning
Methods included from Module::UI::Line
#print_line, #print_line_prefix
Methods included from Module::UI::Line::Verbose
Methods included from Rex::Ui::Subscriber
Methods included from Rex::Ui::Subscriber::Input
Methods included from Rex::Ui::Subscriber::Output
#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning
Methods included from Module::Type
#auxiliary?, #encoder?, #evasion?, #exploit?, #nop?, #payload?, #post?
Methods included from Module::Ranking
Methods included from Module::Privileged
Methods included from Module::Options
#deregister_options, #register_advanced_options, #register_evasion_options, #register_options, #validate
Methods included from Module::Network
#comm, #support_ipv6?, #target_host, #target_port
Methods included from Module::ModuleStore
Methods included from Module::ModuleInfo
#alias, #description, #disclosure_date, #info_fixups, #merge_check_key, #merge_info, #merge_info_advanced_options, #merge_info_alias, #merge_info_description, #merge_info_evasion_options, #merge_info_name, #merge_info_options, #merge_info_string, #merge_info_version, #name, #notes, #update_info
Methods included from Module::FullName
#aliases, #fullname, #promptname, #realname, #refname, #shortname
Methods included from Module::DataStore
#import_defaults, #import_target_defaults, #share_datastore
Methods included from Module::Compatibility
#compat, #compatible?, #init_compat
Methods included from Module::Author
Methods included from Module::Auth
Methods included from Module::Arch
#arch?, #arch_to_s, #each_arch
Methods included from Module::Alert
#add_alert, #add_error, #add_warning, #alert_user, #errors, #get_alerts, included, #is_usable?, #warnings
Constructor Details
#initialize(info = {}) ⇒ Payload
Creates an instance of a payload module using the supplied information.
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/msf/core/payload.rb', line 53 def initialize(info = {}) super # # Gets the Dependencies if the payload requires external help # to work # self.module_info['Dependencies'] = self.module_info['Dependencies'] || [] # If this is an adapted or staged payload but there is no stage information, # then this is actually a stager + single combination. Set up the # information hash accordingly. if (self.class.include?(Msf::Payload::Adapter) || self.class.include?(Msf::Payload::Single)) and self.class.include?(Msf::Payload::Stager) self.module_info['Stage'] = {} if self.module_info['Payload'] self.module_info['Stage']['Payload'] = self.module_info['Payload']['Payload'] || "" self.module_info['Stage']['Assembly'] = self.module_info['Payload']['Assembly'] || "" self.module_info['Stage']['Offsets'] = self.module_info['Payload']['Offsets'] || {} else self.module_info['Stage']['Payload'] = "" self.module_info['Stage']['Assembly'] = "" self.module_info['Stage']['Offsets'] = {} end @staged = true else @staged = false end # Update the module info hash with the connection type # that is derived from the handler for this payload. This is # used for compatibility filtering purposes. self.module_info['ConnectionType'] = connection_type end |
Instance Attribute Details
#append ⇒ Object
This attribute holds the string that should be appended to the buffer when it's generated.
525 526 527 |
# File 'lib/msf/core/payload.rb', line 525 def append @append end |
#assoc_exploit ⇒ Object
If this payload is associated with an exploit, the assoc_exploit attribute will point to that exploit instance.
536 537 538 |
# File 'lib/msf/core/payload.rb', line 536 def assoc_exploit @assoc_exploit end |
#available_space ⇒ Object
The amount of space available to the payload, which may be nil, indicating that the smallest possible payload should be used.
542 543 544 |
# File 'lib/msf/core/payload.rb', line 542 def available_space @available_space end |
#prepend ⇒ Object
This attribute holds the string that should be prepended to the buffer when it's generated.
520 521 522 |
# File 'lib/msf/core/payload.rb', line 520 def prepend @prepend end |
#prepend_encoder ⇒ Object
This attribute holds the string that should be prepended to the encoded version of the payload (in front of the encoder as well).
530 531 532 |
# File 'lib/msf/core/payload.rb', line 530 def prepend_encoder @prepend_encoder end |
Class Method Details
.cached_size ⇒ Object
This method returns an optional cached size value
160 161 162 163 |
# File 'lib/msf/core/payload.rb', line 160 def self.cached_size csize = (const_defined?('CachedSize')) ? const_get('CachedSize') : nil csize == :dynamic ? nil : csize end |
.dynamic_size? ⇒ Boolean
This method returns whether the payload generates variable-sized output
168 169 170 171 |
# File 'lib/msf/core/payload.rb', line 168 def self.dynamic_size? csize = (const_defined?('CachedSize')) ? const_get('CachedSize') : nil csize == :dynamic end |
.type ⇒ Object
Returns MODULE_PAYLOAD to indicate that this is a payload module.
99 100 101 |
# File 'lib/msf/core/payload.rb', line 99 def self.type return Msf::MODULE_PAYLOAD end |
Instance Method Details
#apply_prepends(raw) ⇒ Object
A placeholder stub, to be overriden by mixins
469 470 471 |
# File 'lib/msf/core/payload.rb', line 469 def apply_prepends(raw) raw end |
#assembly ⇒ Object
Returns the assembly string that describes the payload if one exists.
213 214 215 |
# File 'lib/msf/core/payload.rb', line 213 def assembly return module_info['Payload'] ? module_info['Payload']['Assembly'] : nil end |
#assembly=(asm) ⇒ Object
Sets the assembly string that describes the payload If this method is used to define the payload, a payload with no offsets will be created
221 222 223 224 |
# File 'lib/msf/core/payload.rb', line 221 def assembly=(asm) module_info['Payload'] ||= {'Offsets' => {} } module_info['Payload']['Assembly'] = asm end |
#badchars ⇒ Object
Returns the string of bad characters for this payload, if any.
113 114 115 |
# File 'lib/msf/core/payload.rb', line 113 def badchars return self.module_info['BadChars'] end |
#build(asm, off = {}) ⇒ String (protected)
If the payload has assembly that needs to be compiled, do so now.
Blobs will be cached in the framework's PayloadSet
555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 |
# File 'lib/msf/core/payload.rb', line 555 def build(asm, off={}) if(asm.nil? or asm.empty?) raise ArgumentError, "Assembly must not be empty" end # Use the refname so blobs can be flushed when the module gets # reloaded and use the hash value to ensure that we're actually # getting the right blob for the given assembly. cache_key = refname + asm.hash.to_s cache_entry = framework.payloads.check_blob_cache(cache_key) off.each_pair { |option, val| if (val[1] == 'RAW') asm = asm.gsub(/#{option}/){ datastore[option] } off.delete(option) end } # If there is a valid cache entry, then we don't need to worry about # rebuilding the assembly if cache_entry # Update the local offsets from the cache off.each_key { |option| off[option] = cache_entry[1][option] } # Return the cached payload blob return cache_entry[0].dup end # Assemble the payload from the assembly a = self.arch if a.kind_of? Array a = self.arch.first end cpu = case a when ARCH_X86 then Metasm::Ia32.new when ARCH_X64 then Metasm::X86_64.new when ARCH_PPC then Metasm::PowerPC.new when ARCH_ARMLE then Metasm::ARM.new when ARCH_MIPSLE then Metasm::MIPS.new(:little) when ARCH_MIPSBE then Metasm::MIPS.new(:big) else elog("Broken payload #{refname} has arch unsupported with assembly: #{module_info["Arch"].inspect}") elog("Call stack:\n#{caller.join("\n")}") return "" end sc = Metasm::Shellcode.assemble(cpu, asm).encoded # Calculate the actual offsets now that it's been built off.each_pair { |option, val| off[option] = [ sc.offset_of_reloc(option) || val[0], val[1] ] } # Cache the payload blob framework.payloads.add_blob_cache(cache_key, sc.data, off) # Return a duplicated copy of the assembled payload sc.data.dup end |
#cached_size ⇒ Object
This method returns an optional cached size value
176 177 178 |
# File 'lib/msf/core/payload.rb', line 176 def cached_size self.class.cached_size end |
#compatible_encoders ⇒ Object
Returns the array of compatible encoders for this payload instance.
441 442 443 444 445 446 447 448 449 450 |
# File 'lib/msf/core/payload.rb', line 441 def compatible_encoders encoders = [] framework.encoders.each_module_ranked( 'Arch' => self.arch, 'Platform' => self.platform) { |name, mod| encoders << [ name, mod ] } return encoders end |
#compatible_nops ⇒ Object
Returns the array of compatible nops for this payload instance.
455 456 457 458 459 460 461 462 463 464 |
# File 'lib/msf/core/payload.rb', line 455 def compatible_nops nops = [] framework.nops.each_module_ranked( 'Arch' => self.arch) { |name, mod| nops << [ name, mod ] } return nops end |
#connection_type ⇒ Object
Returns the module's connection type, such as reverse, bind, noconn, or whatever else the case may be.
254 255 256 |
# File 'lib/msf/core/payload.rb', line 254 def connection_type handler_klass.general_handler_type end |
#convention ⇒ Object
Returns the staging convention that the payload uses, if any. This is used to make sure that only compatible stagers and stages are built (where assumptions are made about register/environment initialization state and hand-off).
246 247 248 |
# File 'lib/msf/core/payload.rb', line 246 def convention module_info['Convention'] end |
#dependencies ⇒ Object
Returns the compiler dependencies if the payload has one
236 237 238 |
# File 'lib/msf/core/payload.rb', line 236 def dependencies module_info['Dependencies'] end |
#dynamic_size? ⇒ Boolean
This method returns whether the payload generates variable-sized output
183 184 185 |
# File 'lib/msf/core/payload.rb', line 183 def dynamic_size? self.class.dynamic_size? end |
#generate(_opts = {}) ⇒ Object
Generates the payload and returns the raw buffer to the caller.
291 292 293 |
# File 'lib/msf/core/payload.rb', line 291 def generate(_opts = {}) internal_generate end |
#generate_complete ⇒ Object
Generates the payload and returns the raw buffer to the caller, handling any post-processing tasks, such as prepended code stubs.
298 299 300 |
# File 'lib/msf/core/payload.rb', line 298 def generate_complete apply_prepends(generate) end |
#handler_klass ⇒ Object
Return the connection associated with this payload, or none if there isn't one.
270 271 272 |
# File 'lib/msf/core/payload.rb', line 270 def handler_klass return module_info['Handler'] || Msf::Handler::None end |
#internal_generate ⇒ Object (protected)
Generate the payload using our local payload blob and offsets
619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 |
# File 'lib/msf/core/payload.rb', line 619 def internal_generate # Build the payload, either by using the raw payload blob defined in the # module or by actually assembling it if assembly and !assembly.empty? raw = build(assembly, offsets) else raw = payload.dup end # If the payload is generated and there are offsets to substitute, # do that now. if (raw and offsets) substitute_vars(raw, offsets) end return raw end |
#merge_name(info, val) ⇒ Object (protected)
Merge the name to prefix the existing one and separate them with a comma
647 648 649 650 651 652 653 |
# File 'lib/msf/core/payload.rb', line 647 def merge_name(info, val) if (info['Name']) info['Name'] = val + ',' + info['Name'] else info['Name'] = val end end |
#offsets ⇒ Object
Returns the offsets to variables that must be substitute, if any.
229 230 231 |
# File 'lib/msf/core/payload.rb', line 229 def offsets return module_info['Payload'] ? module_info['Payload']['Offsets'] : nil end |
#on_session(session) ⇒ Object
Once an exploit completes and a session has been created on behalf of the payload, the framework will call the payload's on_session notification routine to allow it to manipulate the session prior to handing off control to the user.
485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 |
# File 'lib/msf/core/payload.rb', line 485 def on_session(session) # If this payload is associated with an exploit, inform the exploit # that a session has been created and potentially shut down any # open sockets. This allows active exploits to continue hammering # on a service until a session is created. if (assoc_exploit) # Signal that a new session is created by calling the exploit's # on_new_session handler. The default behavior is to set an # instance variable, which the exploit will have to check. begin assoc_exploit.on_new_session(session) rescue ::Exception => e dlog("#{assoc_exploit.refname}: on_new_session handler triggered exception: #{e.class} #{e} #{e.backtrace}", 'core', LEV_1) rescue nil end # Set the abort sockets flag only if the exploit is not passive # and the connection type is not 'find' if ( (assoc_exploit.exploit_type == Exploit::Type::Remote) and (assoc_exploit.passive? == false) and (connection_type != 'find') ) assoc_exploit.abort_sockets end end end |
#payload ⇒ Object
Returns the raw payload that has not had variable substitution occur.
206 207 208 |
# File 'lib/msf/core/payload.rb', line 206 def payload return module_info['Payload'] ? module_info['Payload']['Payload'] : nil end |
#payload_type ⇒ Object
Returns the type of payload, either single or staged. Stage is the default because singles and stagers are encouraged to include the Single and Stager mixin which override the payload_type.
130 131 132 |
# File 'lib/msf/core/payload.rb', line 130 def payload_type return Type::Stage end |
#payload_type_s ⇒ Object
Returns the string version of the payload type
137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'lib/msf/core/payload.rb', line 137 def payload_type_s case payload_type when Type::Stage return "stage" when Type::Stager return "stager" when Type::Single return "single" else return "unknown" end end |
#raw_to_db(raw) ⇒ Object
Convert raw bytes to metasm-ready 'db' encoding format eg. “x90xCC” => “db 0x90,0xCC”
308 309 310 |
# File 'lib/msf/core/payload.rb', line 308 def raw_to_db(raw) raw.unpack("C*").map {|c| "0x%.2x" % c}.join(",") end |
#replace_var(raw, name, offset, pack) ⇒ Object
Replaces an individual variable in the supplied buffer at an offset using the given pack type. This is here to allow derived payloads the opportunity to replace advanced variables.
427 428 429 |
# File 'lib/msf/core/payload.rb', line 427 def replace_var(raw, name, offset, pack) return false end |
#save_registers ⇒ Object
The list of registers that should be saved by any NOP generators or encoders, if possible.
121 122 123 |
# File 'lib/msf/core/payload.rb', line 121 def save_registers return self.module_info['SaveRegisters'] end |
#session ⇒ Object
Returns the session class that is associated with this payload and will be used to create a session as necessary.
278 279 280 |
# File 'lib/msf/core/payload.rb', line 278 def session return module_info['Session'] end |
#size ⇒ Object
Returns the payload's size. If the payload is staged, the size of the first stage is returned.
191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/msf/core/payload.rb', line 191 def size pl = nil begin pl = generate() rescue Metasploit::Framework::Compiler::Mingw::UncompilablePayloadError rescue NoCompatiblePayloadError rescue PayloadItemSizeError end pl ||= '' pl.length end |
#staged? ⇒ Boolean
This method returns whether or not this payload uses staging.
153 154 155 |
# File 'lib/msf/core/payload.rb', line 153 def staged? (@staged or payload_type == Type::Stager or payload_type == Type::Stage) end |
#substitute_vars(raw, offsets) ⇒ Object
Substitutes variables with values from the module's datastore in the supplied raw buffer for a given set of named offsets. For instance, RHOST is substituted with the RHOST value from the datastore which will have been populated by the framework.
Supported packing types:
-
ADDR (foo.com, 1.2.3.4)
-
ADDR6 (foo.com, fe80::1234:5678:8910:1234)
-
ADDR16MSB, ADD16LSB, ADDR22MSB, ADD22LSB (foo.com, 1.2.3.4) Advanced packing types for 16/16 and 22/10 bits substitution. The 16 bits types uses two offsets indicating where the 16 bits pair will be substituted, while the 22 bits types uses two offsets indicating the instructions where the 22/10 bits pair will be substituted. Normally these are offsets to “sethi” and “or” instructions on SPARC architecture.
-
HEX (0x12345678, “x41x42x43x44”)
-
RAW (raw bytes)
331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 |
# File 'lib/msf/core/payload.rb', line 331 def substitute_vars(raw, offsets) offsets.each_pair { |name, info| offset, pack = info # Give the derived class a chance to substitute this variable next if (replace_var(raw, name, offset, pack) == true) # Now it's our turn... if ((val = datastore[name])) if (pack == 'ADDR') val = Rex::Socket.resolv_nbo(val) # Someone gave us a funky address (ipv6?) if(val.length == 16) raise RuntimeError, "IPv6 address specified for IPv4 payload." end elsif (pack == 'ADDR6') val = Rex::Socket.resolv_nbo(val) # Convert v4 to the v6ish address if(val.length == 4) nip = "fe80::5efe:" + val.unpack("C*").join(".") val = Rex::Socket.resolv_nbo(nip) end elsif (['ADDR16MSB', 'ADDR16LSB', 'ADDR22MSB', 'ADDR22LSB'].include?(pack)) val = Rex::Socket.resolv_nbo(val) # Someone gave us a funky address (ipv6?) if(val.length == 16) raise RuntimeError, "IPv6 address specified for IPv4 payload." end elsif (pack == 'RAW') # Just use the raw value... else # Check to see if the value is a hex string. If so, convert # it. if val.kind_of?(String) if val =~ /^\\x/n val = [ val.gsub(/\\x/n, '') ].pack("H*").unpack(pack)[0] elsif val =~ /^0x/n val = val.hex end end # NOTE: # Packing assumes integer format at this point, should fix... val = [ val.to_i ].pack(pack) end # Substitute it if (['ADDR16MSB', 'ADDR16LSB'].include?(pack)) if (offset.length != 2) raise RuntimeError, "Missing value for payload offset, there must be two offsets." end if (pack == 'ADDR16LSB') val = val.unpack('N').pack('V') end raw[offset[0], 2] = val[0, 2] raw[offset[1], 2] = val[2, 2] elsif (['ADDR22MSB', 'ADDR22LSB'].include?(pack)) if (offset.length != 2) raise RuntimeError, "Missing value for payload offset, there must be two offsets." end if (pack == 'ADDR22LSB') val = val.unpack('N').pack('V') end hi = (0xfffffc00 & val) >> 10 lo = 0x3ff & val ins = raw[offset[0], 4] raw[offset[0], 4] = ins | hi ins = raw[offset[1], 4] raw[offset[1], 4] = ins | lo else raw[offset, val.length] = val end else wlog("Missing value for payload offset #{name}, skipping.", 'core', LEV_3) end } end |
#symbol_lookup ⇒ Object
Returns the method used by the payload to resolve symbols for the purpose of calling functions, such as ws2ord.
262 263 264 |
# File 'lib/msf/core/payload.rb', line 262 def symbol_lookup module_info['SymbolLookup'] end |
#type ⇒ Object
Returns MODULE_PAYLOAD to indicate that this is a payload module.
106 107 108 |
# File 'lib/msf/core/payload.rb', line 106 def type return Msf::MODULE_PAYLOAD end |