Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Linux Stageless Payload to be Shellcodes #19799

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
+3,142 −2,094
Open

Fix Linux Stageless Payload to be Shellcodes #19799

Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
1b6d502
fix: removing unnecessary elf parsing in linux/x86/meterpreter
dledda-r7 Jan 10, 2025
6bc4575
feat(payload): linux/x86 in_memory_loader for stageless meterpreter
dledda-r7 Jan 13, 2025
0087ca6
feat(payload): linux/x86 in_memory_loader itoa improvement
dledda-r7 Jan 14, 2025
ce72e9f
feat(payload): linux/x64 in_memory_loader for stageless meterpreter
dledda-r7 Jan 14, 2025
2814dee
Shellcode for memfd_create for ARM
msutovsky-r7 Jan 15, 2025
b88bf45
Armbe draft and ARM64 functional payload for memfd_create
msutovsky-r7 Jan 16, 2025
2386e25
Adding itoa for ARMle stageless payload
msutovsky-r7 Jan 17, 2025
429adbe
Adding itoa function for ARM64 and ARMbe
msutovsky-r7 Jan 17, 2025
4d5509c
Adding itoa function for ARM64 and ARMbe
msutovsky-r7 Jan 17, 2025
be7ea24
feat(payload): linux/mipsel in_memory_loader for stageless meterpreter
dledda-r7 Jan 23, 2025
128ac84
feat(payload): linux/mips in_memory_loader for stageless meterpreter
dledda-r7 Jan 23, 2025
f3729d5
fix: move meterpreter_loader into separate mixin
dledda-r7 Feb 10, 2025
f25980d
fix: move x64 meterpreter_loader into separate mixin
dledda-r7 Feb 10, 2025
ed7d472
fix: move mipsbe and mipsle meterpreter_loader into separate mixin
dledda-r7 Feb 10, 2025
58ed763
PPC64le init
msutovsky-r7 Jan 24, 2025
bccc00f
PPC64 shellcode added, adding PPC initial work
msutovsky-r7 Jan 27, 2025
7bf9038
PPC progress
msutovsky-r7 Jan 30, 2025
d865c72
PowerPC stageless payload
msutovsky-r7 Feb 3, 2025
59e066a
feat: add mips64 elf template and meterpreter_loader
dledda-r7 Feb 12, 2025
f4d49da
fix: fix exe after merge issue
dledda-r7 Feb 12, 2025
eb4abf6
ARMBe and Zarch stageless payload
msutovsky-r7 Feb 13, 2025
c384f40
Code refactor, loader delivery update
msutovsky-r7 Feb 13, 2025
354d124
fix: improved x86 and x64 shellcodes
dledda-r7 Feb 14, 2025
9ed20df
fix: updated mettle payload generation and cached_size
dledda-r7 Feb 14, 2025
59003a3
fix: updated mettle payload generation and cached_size
dledda-r7 Feb 14, 2025
02ed866
Fixed missing payload length for AARCH64
msutovsky-r7 Mar 17, 2025
722e488
Update CachedSize for Aarch64
msutovsky-r7 Mar 20, 2025
575ae64
Rubocoping AARCH64 payload modules
msutovsky-r7 Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
PPC64le init
  • Loading branch information
@msutovsky-r7
msutovsky-r7 committed Feb 11, 2025

Verified

This commit was signed with the committer’s verified signature.
ramsay-t Ramsay Taylor
GPG key ID: F497C23744007E36
Verified
Learn about vigilant mode
commit 58ed76368e22817bda5fbc39be2eeffbae50fc06
39 changes: 39 additions & 0 deletions data/templates/src/elf/exe/elf_ppc64le_template.s
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
; build with:

BITS 64

org 0x400000

ehdr: ; Elf32_Ehdr
db 0x7F, "ELF", 2, 1, 1, 0 ; e_ident
db 0, 0, 0, 0, 0, 0, 0, 0 ;
dw 2 ; e_type = ET_EXEC for an executable
dw 0x15 ; e_machine = PowerPC
dd 0 ; e_version
dd _start ; e_entry
dd phdr - $$ ; e_phoff
dd 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
dw 0 ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx

ehdrsize equ $ - ehdr

phdr: ; Elf32_Phdr
dd 1 ; p_type = PT_LOAD
dd 7 ; p_flags = rwx
dd 0 ; p_offset
dd $$ ; p_vaddr
dd $$ ; p_paddr
dd 0xDEADBEEF ; p_filesz
dd 0xDEADBEEF ; p_memsz
dd 0x1000 ; p_align

phdrsize equ $ - phdr
global _start
_start:

Binary file added data/templates/src/elf/exe/template_ppc64le_linux.bin
View file
Binary file not shown.
Binary file added data/templates/src/elf/exe/template_ppc_linux.bin
View file
Binary file not shown.
4 changes: 3 additions & 1 deletion modules/payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb
View file
Original file line number Diff line number Diff line change
@@ -38,6 +38,8 @@ def generate(_opts = {})
scheme: 'tcp',
stageless: true
}.merge(mettle_logging_config)
MetasploitPayloads::Mettle.new('powerpc64le-linux-musl', generate_config(opts)).to_binary :exec
payload = MetasploitPayloads::Mettle.new('powerpc64le-linux-musl', generate_config(opts)).to_binary :exec
in_memory_loader_asm = [0x1422667c].pack("V*")
in_memory_loader_asm + payload
end
end