Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

using hex strings as options

From: alok.menghrajani at ilionsecurity.ch (Alok Menghrajani)
Date: Mon, 16 Oct 2006 16:28:44 +0200
Hi,

Let's imagine our exploit hard codes the addresses of LoadLibrary and
GetProcAddress...

        'Offsets' => {
                'LOADLIBRARY' => [ 16, 'HEX' ],
                'GETPROCADDRESS' => [ 33, 'HEX' ],
        },

        register_options([
                OptString.new('LOADLIBRARY', [ true,
                        "Address of LoadLibraryA", "0x7C801D77" ]),
                OptString.new('GETPROCADDRESS', [ true,
                        "Address of GetProcAddress", "0x7C80AC28"])
        ], Msf::Payloads::Singles::Windows::AlokSample)


It would be convenient if I could use hex strings in my options (so I
can easily edit them with the console).So far, the only clean way I have
found is the following:

        def replace_var(raw, name, offset, pack)
                if pack == "HEX"
                        val = datastore[name]
                        val = val.to_s.hex
                        val = [ val.to_i ].pack("V")
                        raw[offset, val.length] = val
                        return true
                else
                        return false
                end
        end


Is this the right way to do things ? If yes, shouldn't this little piece
of code be included in the payload.rb file ?

Thanks for your feedback,
Alok.
Previous By Date Next
Previous By Thread Next

Current thread: