diff --git a/documentation/samples/vulnapps/testsrv/Makefile b/documentation/samples/vulnapps/testsrv/Makefile new file mode 100644 index 0000000000..849d779db9 --- /dev/null +++ b/documentation/samples/vulnapps/testsrv/Makefile @@ -0,0 +1,17 @@ + +SOURCES=testsrv.c +OPTIONS=-fno-stack-protector -Wa,--execstack -Wl,-z,execstack + +default:x86_32 x86_64 +all: x86_32 x86_64 + +x86_32: + gcc -m32 ${OPTIONS} -o testsrv32 ${SOURCES} +x86_64: + gcc -m64 ${OPTIONS} -o testsrv64 ${SOURCES} + +clean: + rm testsrv32 + rm testsrv64 + + diff --git a/documentation/samples/vulnapps/testsrv/testsrv.c b/documentation/samples/vulnapps/testsrv/testsrv.c index e477d23ce3..d7dc3217b8 100755 --- a/documentation/samples/vulnapps/testsrv/testsrv.c +++ b/documentation/samples/vulnapps/testsrv/testsrv.c @@ -94,8 +94,10 @@ int main(int argc, char **argv) { while (1) { +#if defined _WIN32 __try { +#endif len = sizeof(sin); new_s = accept(s, (struct sockaddr *)&sin, &len); @@ -104,14 +106,20 @@ int main(int argc, char **argv) { printf("recv'd %d\n", bytes); +#if defined _WIN32 __asm mov edi, new_s +#else + // TODO: add inlined assembly for "non windows" compiler +#endif funct = (int (*)()) buf; (int)(*funct)(); +#if defined _WIN32 } __except(EXCEPTION_EXECUTE_HANDLER) { fprintf(stderr, "Got exception: %lu\n", GetExceptionCode()); } +#endif } return (0); diff --git a/modules/payloads/singles/generic/debug_trap.rb b/modules/payloads/singles/generic/debug_trap.rb new file mode 100644 index 0000000000..b0dc4338e8 --- /dev/null +++ b/modules/payloads/singles/generic/debug_trap.rb @@ -0,0 +1,44 @@ +## +# $Id: shell_bind_tcp.rb 4419 2007-02-18 00:10:39Z hdm $ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/projects/Framework/ +## + + +require 'msf/core' +require 'msf/core/payload/generic' + +module Msf +module Payloads +module Singles +module Generic + +module DebugTrap + + include Msf::Payload::Single + + def initialize(info = {}) + super(merge_info(info, + 'Name' => 'Generic x86 Debug Trap', + 'Version' => '$Revision: 4419 $', + 'Description' => 'Generate a debug trap in the target process', + 'Author' => 'robert ', + 'Platform' => [ 'win', 'linux', 'bsd', 'solaris', 'bsdi', 'osx' ], + 'License' => MSF_LICENSE, + 'Arch' => ARCH_X86, + 'Payload' => + { + 'Payload' => + "\xcc" + } + )) + end + +end + +end end end end