41 lines
1.7 KiB
Plaintext
41 lines
1.7 KiB
Plaintext
|
|
Name: PHP Exec, PHP Command Shell, Find Sock
|
|
Module: payload/cmd/unix/php/shell_findsock
|
|
Platform: Unix
|
|
Arch: cmd
|
|
Needs Admin: No
|
|
Total size: 1102
|
|
Rank: Normal
|
|
|
|
Provided by:
|
|
Spencer McIntyre
|
|
msutovsky-r7
|
|
egypt <egypt@metasploit.com>
|
|
|
|
Description:
|
|
Execute a PHP payload as an OS command from a Posix-compatible shell.
|
|
|
|
Spawn a shell on the established connection to
|
|
the webserver. Unfortunately, this payload
|
|
can leave conspicuous evil-looking entries in the
|
|
apache error logs, so it is probably a good idea
|
|
to use a bind or reverse shell unless firewalls
|
|
prevent them from working. The issue this
|
|
payload takes advantage of (CLOEXEC flag not set
|
|
on sockets) appears to have been patched on the
|
|
Ubuntu version of Apache and may not work on
|
|
other Debian-based distributions. Only tested on
|
|
Apache but it might work on other web servers
|
|
that leak file descriptors to child processes.
|
|
|
|
|
|
Name Current Setting Required Description
|
|
---- --------------- -------- -----------
|
|
AutoRunScript no A script to run automatically on session creation.
|
|
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
CommandShellCleanupCommand no A command to run before the session is closed
|
|
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
VERBOSE false no Enable detailed status messages
|
|
WORKSPACE no Specify the workspace for this module
|
|
|