compatible payloads

m-1-k-3 · m-1-k-3 · commit c5e358c9c3d3 · 2013-03-29T20:54:35.000+01:00
diff --git a/modules/exploits/linux/http/linksys_e1500_up_exec.rb b/modules/exploits/linux/http/linksys_e1500_up_exec.rb
@@ -35,41 +35,29 @@ def initialize(info = {})
 			#'Platform'       => 'linux',
 			#'Arch'           => ARCH_MIPSLE,
 			'Targets'        =>
-				[
-					[ 'Unix CMD',
-						{
-							'Arch' => ARCH_CMD,
-							'Platform' => 'unix',
-							#only payload cmd/unix/generic should be possible
-							'Payload'        =>
-								{
-								'Compat'   =>
-									{
-									#not working :(
-									'PayloadType' => 'cmd',
-									'RequiredCmd' => 'generic'
-									}
-								},
-						}
-					],
-					[ 'Linux Payload',
-						{
-							'Arch' => ARCH_MIPSLE,
-							'Platform' => 'linux',
-							'DisableNops' => true,
-							#only mipsel payloads working ...
-							'Payload'        =>
-								{
-								'Compat'   =>
-									{
-									#not working :(
-									'PayloadType' => 'mipsle',
-									'RequiredCmd' => 'shell'
-									}
-								},
-						}
-					],
+			[
+				[ 'CMD',
+					{
+					'Arch' => ARCH_CMD,
+					'Platform' => 'unix',
+					}
+				],
+				[ 'Linux Mipsel Payload',
+					{
+					'Arch' => ARCH_MIPSLE,
+					'Platform' => 'linux',
+					'DisableNops' => true,
+					}
 				],
+			],
+			'Payload'        =>
+				{
+				'Compat'   =>
+					{
+					'PayloadType' => 'cmd mipsle',
+					'RequiredCmd' => 'generic shell_bind_tcp shell_reverse_tcp'
+					},
+			},
 			'DefaultTarget'  => 1,
 			))
 
@@ -156,8 +144,7 @@ def exploit
 			request(cmd,user,pass,uri)
 
 		else
-			#lets get some shells ...
-
+			#thx to Juan for his awesome work on the mipsel payloads
 			@pl = generate_payload_exe
 
 			#
diff --git a/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_bind_tcp.rb
@@ -26,6 +26,8 @@ def initialize(info = {})
 			'Arch'          => ARCH_MIPSLE,
 			'Handler'       => Msf::Handler::BindTcp,
 			'Session'       => Msf::Sessions::CommandShellUnix,
+			'PayloadType'   => 'mipsle',
+			'RequiredCmd' 	=> 'shell_bind_tcp',
 			'Payload'       =>
 				{
 					'Offsets' => {} ,
diff --git a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb
@@ -29,6 +29,8 @@ def initialize(info = {})
 			'Arch'          => ARCH_MIPSLE,
 			'Handler'       => Msf::Handler::ReverseTcp,
 			'Session'       => Msf::Sessions::CommandShellUnix,
+			'PayloadType'   => 'mipsle',
+			'RequiredCmd'   => 'shell_reverse_tcp',
 			'Payload'       =>
 				{
 					'Offsets' => { },

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,8 @@ def initialize(info = {})`
`26`	`26`	`'Arch' => ARCH_MIPSLE,`
`27`	`27`	`'Handler' => Msf::Handler::BindTcp,`
`28`	`28`	`'Session' => Msf::Sessions::CommandShellUnix,`
	`29`	`+ 'PayloadType' => 'mipsle',`
	`30`	`+ 'RequiredCmd' => 'shell_bind_tcp',`
`29`	`31`	`'Payload' =>`
`30`	`32`	`{`
`31`	`33`	`'Offsets' => {} ,`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,8 @@ def initialize(info = {})`
`29`	`29`	`'Arch' => ARCH_MIPSLE,`
`30`	`30`	`'Handler' => Msf::Handler::ReverseTcp,`
`31`	`31`	`'Session' => Msf::Sessions::CommandShellUnix,`
	`32`	`+ 'PayloadType' => 'mipsle',`
	`33`	`+ 'RequiredCmd' => 'shell_reverse_tcp',`
`32`	`34`	`'Payload' =>`
`33`	`35`	`{`
`34`	`36`	`'Offsets' => { },`