RFC: Support Payload Types & Standardized Type Command Line Flags

[terrorbyte]

As discussed on our call, add a new payload "type" option that allows for the exploit author to specify what type of payload is supported by the exploit. This will also need to have a set of reserved flags for the supported payload types, both allowing the exploit to check for the type of payload and also for the user to have an understanding of what they will need before exploit execution.

The theory here is we need to make support for custom payload binaries or command line flags passed to specific payloads types.

My current plan is to create a new payload.Types or similar that can be added to the config.Config from exploit setup. Combine that with a way to easily check for -o being set then select the sub payload.Types for influencing the payload generation. An example of payload.Types would be similar to:

• WindowsEXE
• WindowsDLL
• WindowsCommand
• LinuxELF
• LinuxSO
• LinuxCommand
• ... Adding more over time and variants for things like in-memory types will be a lot easier vs trying to retrofit and guess on top of C2Type

This will probably need to reserve -payload, -payload-type, and/or -command as well as a sub-type of way to interact with those new payload types.

More details to come.

[j-baines]

Cale said all the important bits on how, the why is to better support "Bring your own payload". I think the way I originally thought of this was "expert X wrote this exploit, why deviate?" But the reasons for deviation are almost innumerable. I have no idea what I was thinking.

[terrorbyte]

Yeah what Jake said.

[terrorbyte]

Another piece of food-for-thought. This might be the way we can add metadata about payloads as well, potentially allowing a exploit to change add a config.Config variable with information about what the exploit will do with the payload: ie will the payload change configs, will it need cleanup, badchars, if cleanup is necessary.

Then we could potentially let the exploit developer tie that metadata to the payload type setup and trickle into -details so that users can get information about payload requirements and usage impacts ahead of time.