 Valentin Lobstein
|
db3654eebf
|
Fix: Address Copilot review feedback and fix cmd/dropper targets
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
@unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
|
2026-03-13 23:38:30 +01:00 |
|