Metasploit mailing list archives
Linux ARMLE exe Template.
From: Civ <framework () 8thdaytech com>
Date: Thu, 20 May 2010 00:22:05 -0500
Hi All, I've attached what I've used to get a usable template. The only difference with this and the x86 template and assembly source are just that here the ARM arch set and the starting address is different. Included also is a patch for exe.rb so ./msfpayload <payload> X will use the template. Just created a new function and copied the functionality for the linux x86 elf function. Hope to have the reverse_shell_tcp and a few other payloads and linux/arm specific patches done soon. --Civ .bin for inclusion in data/templates/ .s for inclusion in data/templates/src/elf/exe/
Attachment:
template_armle_linux.bin
Description:
; build with: ; nasm elf_armle_template.s -f bin -o template_armle_linux.bin BITS 32 org 0x8000 ehdr: ; Elf32_Ehdr db 0x7F, "ELF", 1, 1, 1, 0 ; e_ident db 0, 0, 0, 0, 0, 0, 0, 0 ; dw 2 ; e_type = ET_EXEC for an executable dw 0x28 ; e_machine = ARM dd 1 ; e_version dd _start ; e_entry dd phdr - $$ ; e_phoff dd 0 ; e_shoff dd 0 ; e_flags dw ehdrsize ; e_ehsize dw phdrsize ; e_phentsize dw 1 ; e_phnum dw 0 ; e_shentsize dw 0 ; e_shnum dw 0 ; e_shstrndx ehdrsize equ $ - ehdr phdr: ; Elf32_Phdr dd 1 ; p_type = PT_LOAD dd 0 ; p_offset dd $$ ; p_vaddr dd $$ ; p_paddr dd 0xDEADBEEF ; p_filesz dd 0xDEADBEEF ; p_memsz dd 7 ; p_flags = rwx dd 0x1000 ; p_align phdrsize equ $ - phdr _start:
Index: lib/msf/util/exe.rb =================================================================== --- lib/msf/util/exe.rb (revision 9326) +++ lib/msf/util/exe.rb (working copy) @@ -57,7 +57,11 @@ if(plat.index(Msf::Module::Platform::OSX)) return to_osx_arm_macho(framework, code) end - # XXX: Add Linux here + if(plat.index(Msf::Module::Platform::Linux)) + return to_linux_armle_elf(framework, code) + end + + # XXX: Add remaining ARMLE systems here end if(arch.index(ARCH_PPC)) @@ -437,6 +441,24 @@ return mo end + def self.to_linux_armle_elf(framework, code) + mo = '' + + fd = File.open(File.join(File.dirname(__FILE__), "..", "..", "..", "data", "templates", "template_armle_linux.bin"), "rb") + mo = fd.read(fd.stat.size) + fd.close + + # The template is just an ELF header with its entrypoint set to the + # end of the file, so just append shellcode to it and fixup p_filesz + # and p_memsz in the header for a working ELF executable. + mo << code + mo[0x44,4] = [mo.length + code.length].pack('V') + mo[0x48,4] = [mo.length + code.length].pack('V') + + return mo + + end + def self.to_exe_vba(exes='') exe = exes.unpack('C*') vba = ""
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Linux ARMLE exe Template. Civ (May 20)