Feature #2306

ARM payload - Linux Execute Command

Added by Jonathan Salwan over 1 year ago. Updated 11 months ago.

Status:Assigned Start date:07/26/2010
Priority:Normal Due date:
Assignee:HD Moore % Done:

90%
Category:payloads
Target version:Open Backlog
Resolution: How To Use:
Release Note:

Description

Hi,

The Metasploit project don't have a ARM payloads.
The attached file is a "Linux Execute Command" on ARM

regards,

exec.rb - modules/payloads/singles/linux/armle/exec.rb (1.1 kB) Jonathan Salwan, 07/26/2010 12:46 am

exec.rb - modules/payloads/singles/linux/armle/exec.rb (1.1 kB) Jonathan Salwan, 07/26/2010 12:48 am

demo.txt - demonstration to work (3.7 kB) Jonathan Salwan, 08/25/2010 03:59 pm

demo2.txt (827 Bytes) Jonathan Salwan, 08/26/2010 01:42 pm

exec.rb - Upgrade (1 kB) Jonathan Salwan, 09/01/2010 02:26 am

History

#1
Updated by Jonathan Salwan over 1 year ago

Hi,

The Metasploit project doesn't have a ARM payloads.
The attached file is a "Linux Execute Command" on ARM

regards,

#2
Updated by Joshua J. Drake over 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from HD Moore to Joshua J. Drake
  • Target version set to Metasploit 3.5.0
  • % Done changed from 100 to 90

Jonathan,

I merged your payload but it didn't work in my test. See r10152.

#3
Updated by Jonathan Salwan over 1 year ago

Hi,

See attached file "demo.txt"

regards,

#4
Updated by Joshua J. Drake over 1 year ago

I tested on android and it was a no-go. I don't (nor do I expect many others to) have a copy of Ubuntu or ArchLinux for ARM.

Have you tried with Android?

#5
Updated by Jonathan Salwan over 1 year ago

No, I don't tested with Android.

So, I have generate payload on my original os (archlinux-x86) and I have tested with qemu-arm the generated code.(Ubuntu-Versatile | http://people.canonical.com/~ogra/arm/qemu/kernel/)

#6
Updated by Joshua J. Drake over 1 year ago

Perhaps your payload depends on a particular starting context to succeed?

#7
Updated by Joshua J. Drake over 1 year ago

Also, I tested using:

bash$ msfpayload linux/armle/exec CMD=/bin/date x > testme.elf

Can you try the resulting binary on your arm box?

#8
Updated by Jonathan Salwan over 1 year ago

Hi,

I have tested and it works. see attached file "demo2.txt"

#9
Updated by Joshua J. Drake over 1 year ago

Hrm. There is some disconnect between Android and the ARM Linux you're using then. I'll have to look deeper into it. Perhaps its NX related..

#10
Updated by Jonathan Salwan over 1 year ago

Hi Joshua,

Try with new attached file.

regards,

#11
Updated by Joshua J. Drake over 1 year ago

Well, I managed to get a debugger on this thing, but the only think I know for sure now is that it is crashing AFTER executing the binary. I'm guessing something from the environment has been corrupted or messed up some how leading to the crash...

Any ideas are welcome.

#12
Updated by Joshua J. Drake over 1 year ago

  • Target version changed from Metasploit 3.5.0 to Metasploit 3.5.1

Punting to post-3.5

#13
Updated by Jonathan Salwan about 1 year ago

Hi Joshua,

  • Target version changed from Metasploit 3.5.0 to Metasploit 3.5.1

It's done, no?

https://www.metasploit.com/redmine/projects/framework/repository/revisions/10152/show/modules/payloads/singles/linux/armle

#14
Updated by Joshua J. Drake about 1 year ago

We can call it done, but it still doesn't work properly on android.

#15
Updated by Joshua J. Drake about 1 year ago

  • Target version changed from Metasploit 3.5.1 to Open Backlog

#16
Updated by Joshua J. Drake 11 months ago

  • Assignee changed from Joshua J. Drake to HD Moore

Also available in: Atom PDF