MOSDEF is a large part of the core of Canvas. MOSDEF is a C compiler that supports dynamic remote code linking written in Python. In short, it allows the user to inject code in exploited processes and report back. MOSDEF can allow the user to inject control in the target host in a new way, making it possible to do on-the-fly shellcode payload. Possible applications for MOSDEF include, but are not limited to:
Sock proxying
Password-cracking
File transferring
Breaking root
Executing command and keeping full job control
Distributed processing over multiple target hosts
It is possible to extend the functionality of the tasks performed on a target host in Canvas by using the MOSDEF engine. Since MOSDEF is a compiler, it allows the user to create shellcode that can not only be polymorphic, but can also be semantically polymorphic by changing the structure of the code and its meaning, thus achieving the same end result. Using MOSDEF, it is possible to add functionality to the backdoor by adding normal function calls in C that are compiled by the Python compiler; for example:
def lcreat(self,filename):
"""
inputs: the filename to open
outputs: returns −1 on failure, otherwise a file handle
truncates the file if possible and it exists
"""
request=self.compile("""
#import "remote","Kernel32._lcreat" as "_lcreat"
#import "local","sendint" as "sendint"
#import "string","filename" as "filename"
//start of code in C using
void main( )
{
int i;
i=_lcreat(filename,0);
sendint(i);
}
""")
self.sendrequest(request)
fd=self.readint( )
return fd
*code snippet from the MOSDEF presentation of immunity security *If you are interested in adding such features, read the documentation from Immunity Security.