MIPS Payload updates#21445
Open
dledda-r7 wants to merge 10 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Metasploit’s Linux MIPS payload set by introducing a new linux/mips64/exec single payload, modernizing the existing mipsle/mipsbe exec payloads (including prepend support), and correcting MIPS64 ELF generation/template metadata to better match expected endianness and header values.
Changes:
- Add a new
linux/mips64/execsingle payload and a corresponding cached-size spec. - Update
mipsle/mipsbeexec payloads to support prepend stubs and to run/bin/shwhenCMDis unset. - Enable Linux prepend stubs (set*uid) for MIPS LE/BE/MIPS64 and adjust MIPS64 ELF generation/template header values.
Impact Analysis:
- Blast radius: medium; affects users generating Linux MIPS64 executables (EXE generation) and users selecting
linux/mips{le,be,mips64}/execpayloads; downstream impact Unknown. - Data and contract effects: payload behavior changes when
CMDis unset (now spawns/bin/shfor mipsle/mipsbe/mips64 exec); MIPS64 ELF template/header interpretation changes via endianness handling. - Rollback and test focus: rollback is straightforward (revert payload/template/util changes); focus testing on generated MIPS64 ELF validity/executability and verifying exec payload behavior for both empty
CMDand non-emptyCMD, with/without prepend options.
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| spec/modules/payloads_spec.rb | Adds cached-size consistency coverage for the new linux/mips64/exec payload. |
| modules/payloads/singles/linux/mipsle/exec.rb | Updates MIPSLE exec payload to spawn /bin/sh when CMD is empty and adds prepend support. |
| modules/payloads/singles/linux/mipsbe/exec.rb | Updates MIPSBE exec payload to spawn /bin/sh when CMD is empty and adds prepend support. |
| modules/payloads/singles/linux/mips64/exec.rb | Introduces a new MIPS64 exec payload supporting /bin/sh and -c CMD forms with prepends. |
| lib/msf/util/exe/linux/mips64.rb | Adjusts MIPS64 ELF generation to pass big-endian handling into the common ELF builder. |
| lib/msf/core/payload/linux/mipsle/prepends.rb | Enables set*uid prepend options and provides MIPSLE syscall stubs. |
| lib/msf/core/payload/linux/mipsbe/prepends.rb | Enables set*uid prepend options and provides MIPSBE syscall stubs. |
| lib/msf/core/payload/linux/mips64/prepends.rb | Enables set*uid prepend options and provides MIPS64 syscall stubs. |
| data/templates/src/elf/exe/elf_mips64_template.s | Updates MIPS64 ELF header fields (version/flags) in the source template. |
Comment on lines
18
to
21
| # @return [String] Returns an elf | ||
| def to_linux_mips64_elf(framework, code, opts = {}) | ||
| Msf::Util::EXE::Common.to_exe_elf(framework, opts, "template_mips64_linux.bin", code) | ||
| Msf::Util::EXE::Common.to_exe_elf(framework, opts, "template_mips64_linux.bin", code, true) | ||
| end |
dledda-r7
commented
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
MIPS64 exec payload, mipsle and mipsbe exec payload update, and prepends for everybody.