PHP Command Shell, Find Sock
Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes advantage of (CLOEXEC flag not set on sockets) appears to have been patched on the Ubuntu version of Apache and may not work on other Debian-based distributions. Only tested on Apache but it might work on other web servers that leak file descriptors to child processes.
Rank
- Normal
Authors
- egypt < egypt [at] metasploit.com >
Similar Modules
- payload/php/bind_perl
- payload/php/bind_perl_ipv6
- payload/php/bind_php
- payload/php/bind_php_ipv6
- payload/php/download_exec
- payload/php/exec
- payload/php/meterpreter/bind_tcp
- payload/php/meterpreter/reverse_tcp
- payload/php/meterpreter_reverse_tcp
- payload/php/reverse_perl
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use payload/php/shell_findsock
msf payload(shell_findsock) > generate
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use payload/php/shell_findsock
msf payload(shell_findsock) > generate
Module Options
| AutoRunScript | A script to run automatically on session creation. |
| InitialAutoRunScript | An initial script to run on session creation (before AutoRunScript) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |