hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c8447375ea3864cda00db705344aca400f2ea4ab
bashbunny-payloads/payloads/library/BrowserBunny/inc/actions.php

82 lines
2.7 KiB
PHP
Raw Blame History

<?php
if($_POST) {
$root = "/root/udisk/payloads";
include $_SERVER['DOCUMENT_ROOT'].'/inc/parsedown.php';
$Parsedown = new Parsedown();
include $_SERVER['DOCUMENT_ROOT'].'/inc/BrowserBunny.php';
$BrowserBunny = new BrowserBunny();
switch($_POST['action']) {
case 'get_payload':
$payload = strip_tags($_POST['payload']);
$valid = $BrowserBunny->is_valid_payload($payload);
if($valid) {
$file = $Parsedown->text(file_get_contents($root."/library/$payload/README.md"));
echo json_encode(array('success'=>true, 'payload'=>$payload,'readme'=>$file));
} else {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'get_attackmode':
$payload = strip_tags($_POST['payload']);
$valid = $BrowserBunny->is_valid_payload($payload);
if($valid) {
$out = [];
$cmd = 'grep -R "ATTACKMODE" '.$root.'/library/'.$payload.'/payload.txt';
exec($cmd, $out);
echo json_encode(array('success'=>true, 'payload'=>$payload,'attackmodes'=>implode(",", $out)));
} else {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'get_existing':
$target = preg_replace("/\/inc.*$/", "", $BrowserBunny->target_dir);
$file = $Parsedown->text(file_get_contents($root."/$target/README.md"));
echo json_encode(array('success'=>true,'target'=>$target,'readme'=>$file));
break;
case 'move_payload':
$payload = strip_tags($_POST['payload']);
$valid = $BrowserBunny->is_valid_payload($payload);
if($valid) {
//pwd is run where ever the BrowserBunny is called from, so remove all trailing chars, but the "webroot"
$target_dir = preg_replace("/\/inc.*$/", "", $BrowserBunny->target_dir);
$rmout = [];
$cmd = 'rm -r '.$BrowserBunny->root.'/'.$target_dir.'/*';
exec($cmd, $rmout);
if(count($rmout)) {
echo json_encode(array('success'=>false,'payload'=>$payload,'debug'=>$cmd."\n".implode("\n", $rmout)));
} else {
$out = [];
$cmd = 'cp -r '.$BrowserBunny->root.'/library/'.$payload.'/* '.$BrowserBunny->root.'/'.$target_dir.'/. && sync';
exec($cmd, $out);
if(count($out)) {
echo json_encode(array('success'=>false,'payload'=>$payload,'debug'=>$cmd."\n".implode("\n", $out)));
} else {
echo json_encode(array('success'=>true,'payload'=>$payload));
}
}
} else {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'console':
$out = [];
exec(urldecode($_POST['cmd']), $out);
echo json_encode(array('success'=>true,'output'=>htmlentities(implode("\n", $out))));
break;
default:
echo json_encode(array('success'=>false));
break;
}
}
Reference in New Issue View Git Blame Copy Permalink