adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

26 Commits

Author SHA1 Message Date
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Spencer McIntyre dcaeb5266c Define the system_block module function 2025-05-30 09:06:38 -04:00
Spencer McIntyre 9220360ed0 Add an ARCH_PHP -> ARCH_CMD adapter 2025-05-30 09:06:20 -04:00
jvoisin b7fff5926b Use php_preamble/php_system_block instead of system in payloads/singles/php/ 
The `php_preamble`/`php_system_block` combo has builtin low-hanging evasion for
PHP's `disabled_functions` configuration (eg. `system` might not be available
but `shell_exec` is), so use it instead of hardcoding `system`.

This commit also brings modules/payloads/singles/php/reverse_perl.rb's style
more in line with the other uses of `php_preamble`/`php_system_block`.

Oh, and it makes lib/msf/core/payload/php.rb work on older Ruby version as
well.

Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2024-09-18 12:40:55 +02:00
cgranleese-r7 f20dcb27dd Land #19443, Remove an old comment in lib/msf/core/payload/php.rb 2024-09-16 14:59:05 +01:00
jvoisin 6530720605 Minor improvements of lib/msf/core/payload/php.rb 
- Golf a condition
- Use the `shuffle` method instead of the weird `.sort_by` construct
 2024-09-12 15:50:14 +02:00
jvoisin ec8d2f8cc1 Remove an old comment in lib/msf/core/payload/php.rb 
The encoder has been implemented in modules/encoders/php/minify.rb
 2024-09-06 14:48:45 +02:00
jvoisin 3b66b3416f Golf a bit the php payload 
- Put all the error-disabling statements on a single line
- Remove some useless spaces
- Use `stristr(…)` (available since PHP4) instead of `strpos(strtolower(…))`
- Use `&&` instead of `and`
- Use backticks instead of `passthru`, since they're equivalent: https://www.php.net/manual/en/language.operators.execution.php
 2023-05-04 22:25:32 +02:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
jvoisin 62615298e1 Fix a php warning 
This should close #8670
 2017-07-16 15:20:30 +02:00
James Lee c9560b5aa8 Add error_reporting to preamble 2017-02-02 17:48:28 -06:00
OJ bf36b2c58e Fix preamble in bind_php to include php tag+escape 2016-06-21 10:07:42 +10:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
James Lee 34bc92584b Refactor WindowsServices 
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
  Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work

[See #1007]
[See #1012]
 2012-11-06 17:30:04 -06:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP 
And use it in three modules that had copy-paste versions of the same
idea.
 2012-10-12 02:57:41 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
James Lee b016d8944e whitespace at eol 
git-svn-id: file:///home/svn/framework3/trunk@14056 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 00:13:32 +00:00
James Lee 85cdc7ad78 ugh, i'm bouncing between too many languages, this syntax doesn't even work in php. fixes #2495 
git-svn-id: file:///home/svn/framework3/trunk@10240 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-05 16:13:17 +00:00
James Lee c94663c1fd check the os before adding output redirection to commands 
git-svn-id: file:///home/svn/framework3/trunk@10007 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-13 19:46:04 +00:00
James Lee 0dfe0c38be use quotes to avoid php warnings, encoders should take care of it anyway 
git-svn-id: file:///home/svn/framework3/trunk@9383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-01 16:26:48 +00:00
kris efe44ba6b5 bleh.. a bit of tabs vs spaces 
git-svn-id: file:///home/svn/framework3/trunk@7171 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-16 18:27:18 +00:00
Ramon de C Valle f124597a56 Code cleanups 
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-19 21:03:39 +00:00
James Lee 0c2f8537a1 re-enable randomization of basic blocks in php shells 
git-svn-id: file:///home/svn/framework3/trunk@5647 4d416f70-5f16-0410-b530-b9f4589650da
 2008-09-01 04:43:07 +00:00
James Lee 8800372e46 initial commit of browser_autopwn; 
revamp php payloads;
socks5 for IPv6 (untested)



git-svn-id: file:///home/svn/framework3/trunk@5546 4d416f70-5f16-0410-b530-b9f4589650da
 2008-07-01 01:44:56 +00:00
James Lee 2db9dd6ab2 Reversing over greedy commit. =( 
git-svn-id: file:///home/svn/framework3/trunk@5506 4d416f70-5f16-0410-b530-b9f4589650da
 2008-05-17 06:17:41 +00:00
James Lee 93199c5610 "set foo" prints the value of foo if it exists 
git-svn-id: file:///home/svn/framework3/trunk@5505 4d416f70-5f16-0410-b530-b9f4589650da
 2008-05-17 05:29:32 +00:00