bcoles
Add Linux RISC-V 32-bit/64-bit TCP bind shell payloads. # Source * https://modexp.wordpress.com/2022/05/02/shellcode-risc-v-linux/ * https://web.archive.org/web/20230326161514/https://github.com/odzhan/shellcode/commit/d3ee25a6ebcdd21a21d0e6eccc979e45c24a9a1d * https://github.com/bcoles/shellcode/blob/main/riscv32/bindshell/bind.s # Verification Tested with QEMU. For other test environments, see https://github.com/rapid7/metasploit-framework/pull/19518#issuecomment-2385330975. Generate a Linux...
Executing a command with a trailing new line (`\n`) using `cmd_exec` kills Linux `ssh` sessions. The following will kill a SSH session (`Reason: Died`): ```ruby puts cmd_exec("id\n") ``` The same...
`read_file` returns zero bytes for some files on iOS. Tested with a ~990KB SQLite database via `ssh_login` shell session. Subsequent interaction with the session (`sessions -i`) after attempting `read_file` causes...
``` msf5 auxiliary(scanner/oracle/oracle_login) > run [*] Nmap: Setting up credential file... [*] Nmap: Starting Oracle bruteforce with 568 credentials against SID 'XE'... [*] Using RPORTS range 1521 [*] Nmap: Starting...
1. Get a `solaris/x86/shell_reverse_tcp` session on Solaris (tested on Solaris 10u2) 2. Run a module which reads a file, or create a module which uses `readable?` / `exists?` / `read_file`...
The `post/windows/manage/rpcapd_start` module describes `p` and `prog` parameters to be used in the `run_rpcapd` method. https://github.com/rapid7/metasploit-framework/blob/b5129fe19874e74d5a103bb9d1372fb30f618b32/modules/post/windows/manage/rpcapd_start.rb#L63-L87 The program file path `prog` is used to add a firewall rule. The `p`...