adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

116 Commits

Author SHA1 Message Date
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Spencer McIntyre dcaeb5266c Define the system_block module function 2025-05-30 09:06:38 -04:00
bcoles 03f4c46010 modules/payloads/singles: Resolve RuboCop violations 2025-04-20 02:57:34 +10:00
Ashley Donaldson 1b169efe3d Update payload dependencies 2024-10-14 15:27:15 +11:00
jvoisin b7fff5926b Use php_preamble/php_system_block instead of system in payloads/singles/php/ 
The `php_preamble`/`php_system_block` combo has builtin low-hanging evasion for
PHP's `disabled_functions` configuration (eg. `system` might not be available
but `shell_exec` is), so use it instead of hardcoding `system`.

This commit also brings modules/payloads/singles/php/reverse_perl.rb's style
more in line with the other uses of `php_preamble`/`php_system_block`.

Oh, and it makes lib/msf/core/payload/php.rb work on older Ruby version as
well.

Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com>
 2024-09-18 12:40:55 +02:00
adfoster-r7 0d9cca79b4 Fix crash when generating payload sizes 2022-11-04 02:10:58 +00:00
dwelch-r7 0df1f58480 Update cached sizes 2022-05-24 16:04:00 +01:00
sjanusz b5dd215cee Update cached PHP Meterpreter payload size 2022-04-13 13:09:00 +01:00
sjanusz 5fdf82ff76 Add toggleable logging to console & file to PHP Meterpreter 2022-04-12 17:15:06 +01:00
dwelch-r7 bad5ccbc49 Remove msf/base requires 2021-01-05 14:59:46 +00:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
Jeffrey Martin a8d41c59e2 update payload sizes from 2.0.22 gem 2020-10-21 16:35:43 -05:00
Spencer McIntyre 1b77d01f23 Fix a payload cache size generation issue and bump the gem 2020-09-04 15:43:55 -04:00
Spencer McIntyre dc9764a6ff Bump metasploit-payloads to 2.0.5 and updates payload sizes 2020-06-19 12:20:01 -04:00
Brent Cook 6ec8e942c2 update sizes 2020-06-09 08:59:51 +10:00
bwatters-r7 49c7fe8906 Update payload cache size 2019-09-03 18:25:26 -05:00
David Yates e706e2b58d Remove harmful default command to execute 2018-11-21 11:09:13 +02:00
Jeffrey Martin 380aaf7889 bump payloads gem 2018-10-22 18:20:45 -05:00
Jeffrey Martin 26481d503e one more payload size adjustment 2018-03-07 18:48:10 -06:00
Brent Cook b977b1c951 bump payload sizes 2018-03-07 17:41:58 -06:00
Brent Cook 50c533a452 update cached sizes 2017-10-23 23:04:02 -05:00
Brent Cook 430251b8f6 fix compatibility with php meterpreter 2017-08-21 15:37:31 -05:00
Brent Cook b864083cbd update payload sizes 2017-08-20 19:03:53 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Brent Cook 838b066abe Merge branch 'master' into land-8716 2017-07-24 05:51:44 -07:00
Brent Cook 8444038c62 Add eval alternative to PHP Meterpreter to bypass suhosin 
See https://suhosin.org/stories/index.html for more information on this system.
 2017-07-23 22:04:09 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
OJ 5588d0f7b2 Update payload cached sizes 2017-06-23 13:45:04 +10:00
Brent Cook fda2e8c73d Land #8523, Add support for session GUIDs 2017-06-22 20:10:10 -05:00
William Vu 5f74da9023 Move php_preamble before $ipaddr and $port 
php_preamble contains a <?php tag now, so we need to move it to the top.
 2017-06-15 19:50:57 -05:00
OJ a3f3dc0a70 Upload payloads/mettle gems, update cache sizes 
Updated both the metasploit-payload and metasploit-payload-mettle gems
to the versions that match for the session GUID pull requests. Updated
the payload cached sizes to match the new payloads.
 2017-06-09 17:15:52 +10:00
OJ 37b9cd07a2 Add support for the session GUID in the UI 
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
 2017-06-06 17:15:57 +10:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
James Lee 83cb65d3a2 Don't spin CPU if an fopen fails 
Because PHP is happy to continue on just fine in that case and the loop
below will run unbounded spewing warnings about reading from `false`.
 2017-02-02 19:07:58 -06:00
James Lee 3c7f78167a Push up the preamble and modernize style 2017-02-02 17:57:03 -06:00
James Lee ff20cf911c Move the preamble above all other code 2017-02-02 14:53:53 -06:00
bwatters-r7 2f5845bdd7 Update cached size for payloads 2017-01-25 10:26:46 -06:00
Brent Cook 7346223a65 update payloads 2016-12-06 07:16:44 -06:00
Brent Cook 0a3acf57d1 update payload sizes 2016-11-20 19:47:17 -06:00
wchen-r7 2a91a876ff Update php/meterpreter_reverse_tcp size 2016-04-27 16:14:38 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook ff1cb4a2a4 update payload sizes 2016-02-10 22:44:17 -06:00
wchen-r7 a3cafc3bae Update PHP meterpreter size 2016-01-22 15:14:18 -06:00
Brent Cook d2a17074b1 update payload sizes 2015-09-16 17:24:41 -05:00
Brent Cook 56a1cfd9c8 updated cached payload sizes 2015-09-01 18:02:16 -05:00
Brent Cook 593f501571 finish move of php / python meterpreters to metasploit-payloads 2015-08-27 11:34:22 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs 
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
 2015-08-14 11:35:39 -05:00
OJ 1c73c190fc Add machine_id support to windows php meterp 2015-05-22 14:55:29 +10:00
OJ 5963a5833a Fix up php stageless payload includes 2015-05-20 16:50:00 +10:00