Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor (reduce) linux/x64/shell_bind_tcp_random_port #14621

Merged
merged 2 commits into from
Jan 21, 2021
Merged

Refactor (reduce) linux/x64/shell_bind_tcp_random_port #14621

merged 2 commits into from
Jan 21, 2021

Conversation

geyslan
Copy link
Contributor

@geyslan geyslan commented Jan 17, 2021
edited by bwatters-r7
Loading

This pull request modifies modules/payloads/singles/linux/x64/shell_bind_tcp_random_port.rb reducing its size in 4 bytes and refactoring it to easily embed nasm assembly.

Verification

  • Start msfconsole
  • use payload/linux/x64/shell_bind_tcp_random_port
  • generate

image

@geyslan
reduce to 53 bytes and refactor to embed nasm
5edb4cd 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
@geyslan
get rid of tabs
d0cf0ef 
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
@geyslan
Copy link
Contributor Author

geyslan commented Jan 19, 2021

Please let me know if I can help explaining or fixing the proposal. Thank you.

@bwatters-r7 bwatters-r7 self-assigned this Jan 19, 2021
@bwatters-r7
Copy link
Contributor

Honestly, you had me at metasm.

@bwatters-r7
Copy link
Contributor 

msf6 > use payload/linux/x64/shell_bind_tcp_random_port 
msf6 payload(linux/x64/shell_bind_tcp_random_port) > show options

Module options (payload/linux/x64/shell_bind_tcp_random_port):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

msf6 payload(linux/x64/shell_bind_tcp_random_port) > generate -f elf -o shellbindx64.elf
[*] Writing 173 bytes to shellbindx64.elf...
msf6 payload(linux/x64/shell_bind_tcp_random_port) > 



tmoose@ubuntu:~$ netstat -antp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
...
tcp        0      0 0.0.0.0:34989           0.0.0.0:*               LISTEN      5767/./shellbindx64 
...
tmoose@ubuntu:~$ nc 127.0.0.1 34989
dir
CODE_OF_CONDUCT.md
CONTRIBUTING.md
COPYING
CURRENT.md
Dockerfile
Gemfile
Gemfile.local.example
Gemfile.lock
Gemfile.lock.orig
LICENSE
LICENSE_GEMS
README.md
Rakefile
Vagrantfile
app
b64
client.rb
comments.txt

@bwatters-r7 bwatters-r7 merged commit 1ad7ae2 into rapid7:master Jan 21, 2021
@bwatters-r7
Copy link
Contributor

bwatters-r7 commented Jan 21, 2021
edited by pbarry-r7
Loading

Release notes

Reduced the size of the linux/x64/shell_bind_tcp_random_port payload while maintaining the functionality.

@adfoster-r7 adfoster-r7 added the rn-enhancement release notes enhancement label Jan 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bwatters-r7 bwatters-r7

Labels
enhancement payload rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@geyslan @bwatters-r7 @bcoles @adfoster-r7