Linux Execute Command - Metasploit
This page contains detailed information about how to use the payload/linux/x86/exec metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Linux Execute Command
Module: payload/linux/x86/exec
Source code: modules/payloads/singles/linux/x86/exec.rb
Disclosure date: -
Last modification time: 2021-03-11 19:11:34 +0000
Supported architecture(s): x86
Supported platform(s): Linux
Target service / protocol: -
Target network port(s): -
List of CVEs: -
Execute an arbitrary command or just a /bin/sh shell
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use payload/linux/x86/exec
msf payload(exec) > show options
... show and set options ...
msf payload(exec) > generate
To learn how to generate payload/linux/x86/exec with msfvenom, please read this.
Go back to menu.
Msfconsole Usage
Here is how the linux/x86/exec payload looks in the msfconsole:
msf6 > use payload/linux/x86/exec
msf6 payload(linux/x86/exec) > show info
Name: Linux Execute Command
Module: payload/linux/x86/exec
Platform: Linux
Arch: x86
Needs Admin: No
Total size: 20
Rank: Normal
Provided by:
vlad902 <[email protected]>
Geyslan G. Bem <[email protected]>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD no The command string to execute
Description:
Execute an arbitrary command or just a /bin/sh shell
Module Options
This is a complete list of options available in the linux/x86/exec payload:
msf6 payload(linux/x86/exec) > show options
Module options (payload/linux/x86/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD no The command string to execute
Advanced Options
Here is a complete list of advanced options supported by the linux/x86/exec payload:
msf6 payload(linux/x86/exec) > show advanced
Module advanced options (payload/linux/x86/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
MeterpreterDebugLevel 0 yes Set debug level for meterpreter 0-3 (Default output is strerr)
NullFreeVersion false yes Null-free shellcode version
PrependChrootBreak false no Prepend a stub that will break out of a chroot (includes setreuid to root)
PrependFork false no Prepend a stub that starts the payload in its own process via fork
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
RemoteMeterpreterDebugFile no Redirect Debug Info to a Log File
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
CMD length has to be smaller than %d
Here is a relevant code snippet related to the "CMD length has to be smaller than %d" error message:
80: # execve("/bin/sh", ["/bin/sh", "-c", "CMD"], NULL)
81: #
82: pushw_c_opt = "dd 0x632d6866" # pushw 0x632d (metasm doesn't support pushw)
83: if nullfreeversion
84: if cmd.length > 0xffff
85: raise RangeError, "CMD length has to be smaller than %d" % 0xffff, caller()
86: end
87: if cmd.length <= 0xff # 255
88: breg = "bl"
89: else
90: breg = "bx"
Go back to menu.
Related Pull Requests
- #14661 Merged Pull Request: payload/x86/exec.rb - refactoring, metasm, new NullFreeVersion option
- #8716 Merged Pull Request: Print_Status -> Print_Good (And OCD bits 'n bobs)
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #5838 Merged Pull Request: Instantiate payload modules so parameter validation occurs
- #5367 Merged Pull Request: Create new UUID stagers
- #4918 Merged Pull Request: Reworks how payload prepends work internally, see #1674
- #4894 Merged Pull Request: Implement payload size caching, speeding up framework loads
- #2525 Merged Pull Request: Change module boilerplate
- #1241 Merged Pull Request: Removed all $Id$ and $Revision$ occurences
References
- CVE: Not available
- https://github.com/geyslan/SLAE/blob/master/4th.assignment/tiny_execve_sh.asm
- https://github.com/geyslan/SLAE/blob/master/improvements/x86_execve_dyn.asm
See Also
Check also the following modules related to this module:
- payload/linux/x86/adduser
- payload/linux/x86/chmod
- payload/linux/x86/meterpreter/bind_ipv6_tcp
- payload/linux/x86/meterpreter/bind_ipv6_tcp_uuid
- payload/linux/x86/meterpreter/bind_nonx_tcp
- payload/linux/x86/meterpreter/bind_tcp
- payload/linux/x86/meterpreter/bind_tcp_uuid
- payload/linux/x86/meterpreter/find_tag
- payload/linux/x86/meterpreter_reverse_http
- payload/linux/x86/meterpreter_reverse_https
- payload/linux/x86/meterpreter/reverse_ipv6_tcp
- payload/linux/x86/meterpreter/reverse_nonx_tcp
- payload/linux/x86/meterpreter/reverse_tcp
- payload/linux/x86/meterpreter_reverse_tcp
- payload/linux/x86/meterpreter/reverse_tcp_uuid
- payload/linux/x86/metsvc_bind_tcp
- payload/linux/x86/metsvc_reverse_tcp
- payload/linux/x86/read_file
- payload/linux/x86/shell/bind_ipv6_tcp
- payload/linux/x86/shell_bind_ipv6_tcp
- payload/linux/x86/shell/bind_ipv6_tcp_uuid
- payload/linux/x86/shell/bind_nonx_tcp
- payload/linux/x86/shell/bind_tcp
- payload/linux/x86/shell_bind_tcp
- payload/linux/x86/shell_bind_tcp_random_port
- payload/linux/x86/shell/bind_tcp_uuid
- payload/linux/x86/shell_find_port
- payload/linux/x86/shell/find_tag
- payload/linux/x86/shell_find_tag
- payload/linux/x86/shell/reverse_ipv6_tcp
- payload/linux/x86/shell/reverse_nonx_tcp
- payload/linux/x86/shell/reverse_tcp
- payload/linux/x86/shell_reverse_tcp
- payload/linux/x86/shell_reverse_tcp_ipv6
- payload/linux/x86/shell/reverse_tcp_uuid
Authors
- vlad902
- Geyslan G. Bem <geyslan[at]gmail.com>
Version
This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.