New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix reverse_php_ssl infinite loop #9584
Conversation
Any compatibility concerns? Looking at https://github.com/rapid7/metasploit-framework/pull/7669/files#diff-33203293cd1e847fee1a744e21c23c92R78 I'm not sure if the later is a little bit cargo cult or which versions of PHP we realistically expect to support here anyway. |
The other thing to do on payload PRs is run ./tools/modules/update_payload_cached_sizes.rb and commit the results. |
Looks like |
@busterb The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How far back does this work? Reason for the obscene hackishness of these (breaking env persistence) was to run on what were old php versions back then.
That said, I'm all for the change if it fixes the statelessness.
ffd75d4
to
77b3673
Compare
@sempervictus I've updated the payload cache size . Unless there are other concerns this should be ready |
Looks good. I'm happy for the possibility of adding custom ca support with this API too. |
Release NotesThis fix prevents the payloads/singles/cmd/unix/reverse_php_ssl module from entering an infinite loop. The payload now uses a more modern PHP API, which improves resiliency and makes it possible to use custom SSL certificate validation in the future. |
Fix for #8672
Uses php streams to explicitly disable verify_peer option for tls sockets.
A connect timeout of 30 seconds has been added
feof is not suitable for tcp streams, replaced with fgets as while statement predicate
Verification
List the steps needed to make sure this thing works
msfconsole
use use payloads/cmd/unix/reverse_php_ssl
set LHOST 0.0.0.0
set LPORT 4433
Additional