This is a repackaging effort for the work i originally pushed in
6035. This segment of the PR provides UDP session handlers for
bind and reverse sessions, a Windows Metasm stager (really the
TCP stager with a small change), and a pair of socat payloads for
testing simple UDP shells. Netcat or any scripting language with
a sockets library is sufficient to use these sessions as they are
stateless and simple.
Testing of this PR requires rex/core #1 and rex/socket #2
The SSL testing which was being done on 6035 is backed out, left
for a later time when we can do DTLS properly.
Use R to connect back from a unix shell.
Notes:
We need to DRY this up - tons of copy pasta here, when we should
really be instantiating the language specific payloads and just
wrapping them with CLI execution strings.
Testing:
None, yet, just did the quick port to wrap this and push to CI
now that rex-arch #4 is in.
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager. A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
The shell does exactly the same as the previous, just made the code read much
better so as to not severely anger the gray beards and other lesser
mainframe deities. The only architectural change is the payload uses the
spawn system call vs exec - this provides for a cleaner exit in some cases.
PR7007 centralized JCL job card for any JCL cmd payload. This PR simply
uses that new format for existing JCL cmd payloads. No functionality
for these payloads was changed, added or deleted.
Added a JCL-based reverse shell. Uses the same source code as the
shellcode version does. Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s