module
PHP Command Shell, Find Sock
| Disclosed | Created |
|---|---|
| N/A | May 30, 2018 |
Disclosed
N/A
Created
May 30, 2018
Description
Spawn a shell on the established connection to
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
Author
egypt [email protected]
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.