Merge patch and module from Robert, adds a x86 int3 payload for debugging, patches for the testsrv

git-svn-id: file:///home/svn/framework3/trunk@5660 4d416f70-5f16-0410-b530-b9f4589650da
2008-09-15 19:38:50 +00:00 · 2008-09-15 19:38:50 +00:00 · 07c838e4e0
parent 87c9cd9547
commit 07c838e4e0
3 changed files with 69 additions and 0 deletions
--- a/documentation/samples/vulnapps/testsrv/Makefile
+++ b/documentation/samples/vulnapps/testsrv/Makefile
@ -0,0 +1,17 @@
+
+SOURCES=testsrv.c
+OPTIONS=-fno-stack-protector -Wa,--execstack -Wl,-z,execstack
+
+default:x86_32 x86_64
+all:	x86_32 x86_64
+
+x86_32:
+	gcc -m32 ${OPTIONS} -o testsrv32 ${SOURCES}
+x86_64:
+	gcc -m64 ${OPTIONS} -o testsrv64 ${SOURCES}
+
+clean:
+	rm testsrv32
+	rm testsrv64
+
+
--- a/documentation/samples/vulnapps/testsrv/testsrv.c
+++ b/documentation/samples/vulnapps/testsrv/testsrv.c
@ -94,8 +94,10 @@ int main(int argc, char **argv) {

 	while (1)
 	{
+#if defined _WIN32
 		__try
 		{
+#endif
 			len = sizeof(sin);
 			new_s = accept(s, (struct sockaddr *)&sin, &len);

@ -104,14 +106,20 @@ int main(int argc, char **argv) {

 			printf("recv'd %d\n", bytes);

+#if defined _WIN32
 			__asm mov edi, new_s
+#else
+			// TODO: add inlined assembly for "non windows" compiler
+#endif

 			funct = (int (*)()) buf;
 			(int)(*funct)();
+#if defined _WIN32
 		} __except(EXCEPTION_EXECUTE_HANDLER)
 		{
 			fprintf(stderr, "Got exception: %lu\n", GetExceptionCode());
 		}
+#endif
 	}
 	
 	return (0);
--- a/modules/payloads/singles/generic/debug_trap.rb
+++ b/modules/payloads/singles/generic/debug_trap.rb
@ -0,0 +1,44 @@
+##
+# $Id: shell_bind_tcp.rb 4419 2007-02-18 00:10:39Z hdm $
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to 
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/
+##
+
+
+require 'msf/core'
+require 'msf/core/payload/generic'
+
+module Msf
+module Payloads
+module Singles
+module Generic
+
+module DebugTrap
+
+	include Msf::Payload::Single
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'Generic x86 Debug Trap',
+			'Version'       => '$Revision: 4419 $',
+			'Description'   => 'Generate a debug trap in the target process',
+			'Author'        => 'robert <robertmetasploit [at] gmail.com>',
+			'Platform'	=> [ 'win', 'linux', 'bsd', 'solaris', 'bsdi', 'osx' ],
+			'License'       => MSF_LICENSE,
+			'Arch'		=> ARCH_X86,
+			'Payload'	=> 
+				{
+					'Payload' => 
+							"\xcc"
+				}
+			))
+	end
+
+end
+
+end end end end