Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

using hex strings as options

From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 16 Oct 2006 09:58:50 -0500
Hi Alok,

I've actually run into a similar need for this lately as well, so I'll
look into integrating support for it.  I'll send another response when
it's in SVN.

On Mon, Oct 16, 2006 at 04:28:44PM +0200, Alok Menghrajani wrote:

Hi,

Let's imagine our exploit hard codes the addresses of LoadLibrary and
GetProcAddress...

      'Offsets' => {
              'LOADLIBRARY' => [ 16, 'HEX' ],
              'GETPROCADDRESS' => [ 33, 'HEX' ],
      },

      register_options([
              OptString.new('LOADLIBRARY', [ true,
                      "Address of LoadLibraryA", "0x7C801D77" ]),
              OptString.new('GETPROCADDRESS', [ true,
                      "Address of GetProcAddress", "0x7C80AC28"])
      ], Msf::Payloads::Singles::Windows::AlokSample)


It would be convenient if I could use hex strings in my options (so I
can easily edit them with the console).So far, the only clean way I have
found is the following:

      def replace_var(raw, name, offset, pack)
              if pack == "HEX"
                      val = datastore[name]
                      val = val.to_s.hex
                      val = [ val.to_i ].pack("V")
                      raw[offset, val.length] = val
                      return true
              else
                      return false
              end
      end


Is this the right way to do things ? If yes, shouldn't this little piece
of code be included in the payload.rb file ?

Thanks for your feedback,
Alok.
Previous By Date Next
Previous By Thread Next

Current thread: