Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Proposal: Add workaround for custom php error_reporting level #3

Closed
nil0x42 opened this issue Jul 20, 2014 · 2 comments
Closed

Proposal: Add workaround for custom php error_reporting level #3

nil0x42 opened this issue Jul 20, 2014 · 2 comments
Assignees
@nil0x42
Labels
enhancement

Comments

@nil0x42
Copy link
Owner

nil0x42 commented Jul 20, 2014

Description:

It may be an good idea to implement some workaround designed to change the php's error_reporting level.
For the moment, it is hardcoded in the payload main encapsulator
(at data/tunnel/encapsulator.php file).

For framework maintenance and plugin development purposes, i think it's interesting to have a way to reconfigure this value dinamically.

How to implement it:

I am still hesitant about the proper way to implement it.
A boolean approach consists in setting default value to something like:
E_ERROR | E_PARSE
An the 'verbose' value to something like
E_ALL

This way we can make it depend of the $VERBOSITY setting, wich already exists, it is a way that privilegiate a minimalistic framework, without having too much settings.
Another aproach, is to create en new setting called $PHP_ERROR_REPORTING (Boolean() type).

Instead of the boolean approach, we can make a $PHP_ERROR_REPORTING setting of type PhpCode(), or, for an extended customisation, we can have a $PAYLOAD_PREFIX variable, which allows user to add anything he wants as payload prefix.

Also, we can convert the $VERBOSITY variable from Boolean() paragygm to a variable of type int, designed to be set with bitwise operations.

Conclusion:

As you can see, i have no idea for the moment on the proper way to implement this great enhancement, so please, feel free to give your opinion ! :)
@nil0x42 nil0x42 self-assigned this Jul 20, 2014
@nil0x42
Copy link
Owner Author

nil0x42 commented Sep 24, 2014

Additional notes:
As some scenarios implies prepending a code to each request (i ve already found a scenario where i had to write to encapsulator.php in order to use phpsploit with a target), this enhancement might imply a larger scope.

The largest scope implies to directly use a MultilineBuffer() as encapsulator, which initially loads the provided script.

I really need feedbacks and proposals about this...

nil0x42 added a commit that referenced this issue Oct 23, 2014
@nil0x42
Add wew setting $PAYLOAD_PREFIX (fixes issue #3).
c219b58
@nil0x42
Copy link
Owner Author

nil0x42 commented Oct 23, 2014

Resolved by implementing a PAYLOAD_PREFIX setting, a MultiLineBuffer wich contains a php code buffer that is executed just before any payload execution.
By default, it sets error_reporting to E_ALL ^ E_NOTICE

Resoling commit: c219b58

@nil0x42 nil0x42 closed this as completed Oct 23, 2014
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@nil0x42 nil0x42

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nil0x42