module

OS Command Exec, Unix Command Shell, Reverse UDP (/dev/udp)

Disclosed	Created
N/A	Jun 9, 2025

Disclosed

N/A

Created

Jun 9, 2025

Description

Execute an OS command from PHP.

Creates an interactive shell via bash's builtin /dev/udp.

This will not work on circa 2009 and older Debian-based Linux
distributions (including Ubuntu) because they compile bash
without the /dev/udp feature.

Authors

Spencer McIntyre
hdm [email protected]
bcoles [email protected]

Platform

PHP

Architectures

php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use payload/php/unix/cmd/reverse_bash_udp
    msf payload(reverse_bash_udp) > show actions
        ...actions...
    msf payload(reverse_bash_udp) > set ACTION < action-name >
    msf payload(reverse_bash_udp) > show options
        ...show and set options...
    msf payload(reverse_bash_udp) > run

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report