1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-26 23:38:35 +01:00
Commit Graph

95 Commits

Author SHA1 Message Date
Jeffrey Martin
2a4a764969
Land #234, Implement TLS transport for PHP meterpreter 2018-10-22 15:23:40 -05:00
William Vu
ceb05b8dc4 Add PHP Meterpreter chmod 2018-09-21 00:38:01 -05:00
Pearce Barry
6c9bf01346
Minor tweak to ensure last requested length is accurate. 2018-03-01 17:26:52 -06:00
Brent Cook
913e254fea fix reliability for PHP packet dispatch
A bug in the read function would cause a too-large read when there are multiple
packets or other things in the control channel. This would cause the subsequent
packet to fail to parse, leading to the current message getting discarded.
2018-02-27 06:51:44 -06:00
Brent Cook
96fb621adc
add missing semicolon 2018-01-26 17:26:45 -06:00
Brent Cook
27fe856cb4 whitespace 2018-01-16 10:26:00 -06:00
Brent Cook
7f4dc5e525 you say potato, I say cononical 2018-01-16 10:16:15 -06:00
Brent Cook
bc22f457a3 remove read-only attribute on delete 2018-01-16 10:16:03 -06:00
Brent Cook
0429040ff5 a little more simplification 2017-10-27 05:09:22 -07:00
Brent Cook
f85caa2738 minor cleanup 2017-10-27 05:01:56 -07:00
RageLtMan
d216d47c53 Implement TLS transport for PHP meterpreter
This is the payloads section of MSF #7669

Implement SSL transport via streams, atop the current version of
PHP meterpreter (with GUIDs and all).

This version does everything in a single file, relying on the MSF
payload generation component to perform string substitution in
order to convert the "connect($ipaddr, $port, $proto='tcp')" to
"function connect($ipaddr, $port, $proto='ssl')."
2017-10-27 05:01:56 -07:00
2dimka
31d45584b5 Fix unexpected syntax error '[' in PHP 5.2.4 on Metasploitable2 VM 2017-10-03 20:54:36 +03:00
Anant Shrivastava
f5f594192b fix for php create_function errors
based on findings listed https://github.com/rapid7/metasploit-framework/issues/8858 it was identified that the php webshell was not working at all. Hence a fix to get it to work in both suhosin and non suhosin environment.
2017-08-20 12:19:14 +05:30
OJ
b363584648
Merge branch 'upstream/master' into transport-agnostic-packet-encryption 2017-08-08 17:37:25 +10:00
jvoisin
5c0e0bdb42 Add an alternative to eval to bypass suhosin 2017-07-13 15:18:09 +02:00
OJ
73985d150c
Update PHP meterpreter to support 32 bit encryption flags 2017-07-03 17:15:10 +10:00
OJ
4204e798de
Add encryption of AES key to php meterp 2017-06-28 20:17:14 +10:00
OJ
d75ddcdb2c
Add AES support to PHP
Still doesn't take into account the given public key, but we're getting
there.
2017-06-28 20:07:42 +10:00
OJ
df6748130d
Update php meterpreter to support new packet header
This doesn't enable support for AES encryption PHP meterp yet, that's
coming later.
2017-06-26 16:48:01 +10:00
OJ
813760a9e2
Remove support for the crypto context
Crypto context stuff appears to have only ever been supported in
Meterpreter on Windows. The only thing it allowed for is XOR, which is
redundant given that we have packet level XOR in place. Also, it would
appear that MSF didn't have support for it anyway!

With the move torwards packet-level encryption, this is unnecessary so
it needs to go bye bye.
2017-06-19 16:51:54 +10:00
OJ
cf575a05dd
Add session GUID support to Meterpreter payloads 2017-06-06 17:24:36 +10:00
OJ
6872495da6
Remove Migrate TLVs from php/py, adjust for Java 2017-01-24 07:38:59 +10:00
Brent Cook
bce9060160
Land #150, Change PHP Meterpreter header comment style 2016-12-06 04:56:15 -06:00
OJ
b7d6038b63
Change PHP meterpreter header comment style
This commit fixes cases where stageless meterpreter payloads may not run
if they are loaded within a PHP context that's already inside the
opening and closing <?php ... ?> tags. While this is rare, it's possible
that this may happen. This approach matches that which we use for staged
payloads.
2016-11-29 19:43:34 +10:00
Tim
db85f099c3
stdapi_fs_file_copy 2016-11-29 13:58:46 +08:00
Brent Cook
cf27142b25 Revert "Update php xor ordering"
This reverts commit 7ed9f24ef4.
2016-11-17 05:56:10 -06:00
Brent Cook
79cff67de4
Merge remote-tracking branch 'upstream/master' into fix-143 2016-11-14 12:01:31 -06:00
OJ
4d145d78a7
Merge upstream/master into uuid-to-tlv 2016-10-29 15:25:21 +10:00
OJ
70812fd1ce
Remove core_uuid and add core_set_uuid 2016-10-29 12:42:36 +10:00
Tim
e2e7aa0c93
stdapi_fs_file_move 2016-10-22 15:38:28 +08:00
OJ
8cbfcbfcc4
Remove check from PHP meterp, force add UUID each packet 2016-10-14 13:28:50 +10:00
OJ
439877ed79
Add UUID to all packets in PHP meterp 2016-10-14 11:58:49 +10:00
OJ
7ed9f24ef4
Update php xor ordering 2016-10-10 15:06:57 +10:00
OJ
0cbb86c59b
Add localtime support to php, tidy python and c 2016-10-03 15:26:54 +10:00
James Lee
8cbd68b056
Add missing semicolon 2016-04-26 14:53:11 -05:00
wchen-r7
94d33b9207 Fix #95, unexpected syntax error '[' in PHP 5.3.6-13
Fix #95
2016-04-25 19:45:06 -05:00
OJ
29f88366ac
Merge branch 'upstream/master' into default-xor 2016-01-13 07:34:40 +10:00
Brent Cook
25c170dd92 We need to get the channel hash by reference when modifying the 'data'.
When we read from a channel in PHP, if there is more data returned by
read() than the caller asked for, the data is cached in a 'data' element
in the channel hash. However, since get_channel_by_id() returns a copy,
we immediately lose all of that extra data on the first read. We need to
get the hash by reference in order to modify its elements.
2016-01-04 21:27:17 -06:00
OJ
1da4f04147 Implement PHP XOR encoding support for TLV packets 2015-12-08 16:57:26 +10:00
Brent Cook
890f5f6515
Land #28, support pre-5.0 versions of php 2015-09-16 14:54:22 -05:00
James Lee
866c46d310
Don't call gethostname if it doesn't exist 2015-09-09 09:14:34 -05:00
James Lee
e05a8d7c0b
Add core_enumextcmd for php 2015-08-28 09:38:26 -05:00
OJ
8a8845c95d Add machine_id support to windows php meterp 2015-05-22 14:55:29 +10:00
OJ
5c90b4977f PHP meterpreter refactoring in prep for uuid work 2015-05-18 17:40:48 +10:00
OJ
deae0b44b8 Stage UUIDs, generation options, php and python meterp uuid 2015-05-18 13:29:46 +10:00
Tim
3d578f507b Add TLV_TYPE_FILE_HASH 2015-05-10 14:18:16 +01:00
Tod Beardsley
f255ac0fde Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
OJ
d2fbe25bca Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
James Lee
e1fa5b65de Strip the NULL that PHP no longer strips
As of PHP 5.5.0, unpack("a", ...) no longer strips the NULL byte from
the end of the string. A new format specifier, Z, was introduced to
perform the old behavior, but we don't have a good way to test for its
existence. Instead, just remove it with str_replace
2014-07-03 15:58:05 -05:00
James Lee
248209b6bb Add PHP side for meterpreter getenv 2013-11-26 23:16:28 -06:00