Resolves #4380, check for warbird template
Resolves #4380. Adds a check for warbird (license verification) windows template. For reference please see: http://thisissecurity.net/2014/10/15/warbird-operation/
This commit is contained in:
parent
5be94c12b6
commit
5c582b76ca
|
@ -66,9 +66,23 @@ module Exe
|
|||
shellcode.encoded + @payload
|
||||
end
|
||||
|
||||
def is_warbird?(pe)
|
||||
pattern = /\x64\xA1\x30\x00\x00\x00\x2B\xCA\xD1\xF9\x8B\x40\x0C\x83\xC0\x0C/
|
||||
sections = {}
|
||||
pe.sections.each {|s| sections[s.name.to_s] = s}
|
||||
if sections['.text'].encoded.pattern_scan(pattern).blank?
|
||||
return false
|
||||
end
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
def generate_pe
|
||||
# Copy our Template into a new PE
|
||||
pe_orig = Metasm::PE.decode_file(template)
|
||||
if is_warbird?(pe_orig)
|
||||
raise RuntimeError, "The template to inject to appears to have license verification (warbird)"
|
||||
end
|
||||
pe = pe_orig.mini_copy
|
||||
|
||||
# Copy the headers and exports
|
||||
|
|
6
msfvenom
6
msfvenom
|
@ -274,7 +274,7 @@ if __FILE__ == $0
|
|||
begin
|
||||
generator_opts = parse_args(ARGV)
|
||||
rescue MsfVenomError, Msf::OptionValidateError => e
|
||||
$stderr.puts e.message
|
||||
$stderr.puts "Error: #{e.message}"
|
||||
exit(-1)
|
||||
end
|
||||
|
||||
|
@ -335,7 +335,7 @@ if __FILE__ == $0
|
|||
payload = venom_generator.generate_payload
|
||||
rescue ::Exception => e
|
||||
elog("#{e.class} : #{e.message}\n#{e.backtrace * "\n"}")
|
||||
$stderr.puts e.message
|
||||
$stderr.puts "Error: #{e.message}"
|
||||
end
|
||||
|
||||
# No payload generated, no point to go on
|
||||
|
@ -350,7 +350,7 @@ if __FILE__ == $0
|
|||
rescue ::Exception => e
|
||||
# If I can't save it, then I can't save it. I don't think it matters what error.
|
||||
elog("#{e.class} : #{e.message}\n#{e.backtrace * "\n"}")
|
||||
$stderr.puts e.message
|
||||
$stderr.puts "Error: #{e.message}"
|
||||
end
|
||||
else
|
||||
output_stream = $stdout
|
||||
|
|
Loading…
Reference in New Issue