Metasploit mailing list archives
using hex strings as options
From: alok.menghrajani at ilionsecurity.ch (Alok Menghrajani)
Date: Mon, 16 Oct 2006 16:28:44 +0200
Hi, Let's imagine our exploit hard codes the addresses of LoadLibrary and GetProcAddress... 'Offsets' => { 'LOADLIBRARY' => [ 16, 'HEX' ], 'GETPROCADDRESS' => [ 33, 'HEX' ], }, register_options([ OptString.new('LOADLIBRARY', [ true, "Address of LoadLibraryA", "0x7C801D77" ]), OptString.new('GETPROCADDRESS', [ true, "Address of GetProcAddress", "0x7C80AC28"]) ], Msf::Payloads::Singles::Windows::AlokSample) It would be convenient if I could use hex strings in my options (so I can easily edit them with the console).So far, the only clean way I have found is the following: def replace_var(raw, name, offset, pack) if pack == "HEX" val = datastore[name] val = val.to_s.hex val = [ val.to_i ].pack("V") raw[offset, val.length] = val return true else return false end end Is this the right way to do things ? If yes, shouldn't this little piece of code be included in the payload.rb file ? Thanks for your feedback, Alok.
Current thread:
- using hex strings as options Alok Menghrajani (Oct 16)
- using hex strings as options mmiller at hick.org (Oct 16)
- using hex strings as options mmiller at hick.org (Oct 16)
- using hex strings as options Alok Menghrajani (Oct 17)