metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

Msf::Exploit::Remote::HttpServer::PHPInclude#exploit

:category: Exploit::Remote::TcpServer overrides

Override exploit() to handle service start/stop

Disables SSL for the service since we always want to serve our evil PHP
files from a non-ssl server.  There are two reasons for this:
1. https is only supported on PHP versions after 4.3.0 and only if
   the OpenSSL extension is compiled in, a non-default configuration on
   most systems
2. somewhat less importantly, the SSL option would conflict with the
   option for our client connecting to the vulnerable server

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open lib/msf/core/exploit/http/server/php_include.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-Msf--Exploit--Remote--HttpServer--PHPInclude-exploit-for-pr

# Commit to git

git add lib/msf/core/exploit/http/server/php_include.rbgit commit -m "better docs for Msf::Exploit::Remote::HttpServer::PHPInclude#exploit"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-Msf--Exploit--Remote--HttpServer--PHPInclude-exploit-for-pr

hub pull-request

# Celebrate!