Skip to content

Commit

Permalink
Merge pull request #716 from jvoisin/php_arp
Browse files Browse the repository at this point in the history
Add support for `arp` in php meterpreter
  • Loading branch information
smcintyre-r7 authored Oct 10, 2024
2 parents 6389cd5 + ee20cc4 commit 2ce041c
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
32 changes: 32 additions & 0 deletions php/meterpreter/ext_server_stdapi.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
define("TLV_TYPE_GATEWAY", TLV_META_TYPE_RAW | 1422);
define("TLV_TYPE_NETWORK_ROUTE", TLV_META_TYPE_GROUP | 1423);

define("TLV_TYPE_ARP_ENTRY", TLV_META_TYPE_GROUP | 1425);
define("TLV_TYPE_IP", TLV_META_TYPE_RAW | 1430);
define("TLV_TYPE_MAC_ADDRESS", TLV_META_TYPE_RAW | 1431);
define("TLV_TYPE_MAC_NAME", TLV_META_TYPE_STRING | 1432);
Expand Down Expand Up @@ -1266,6 +1267,37 @@ function stdapi_registry_set_value($req, &$pkt) {
}
}

if (!function_exists('stdapi_net_config_get_arp_table')) {
if (is_linux()) {
register_command('stdapi_net_config_get_arp_table', COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE);
}
function stdapi_net_config_get_arp_table($req, &$pkt) {
if (!is_linux()) {
return ERROR_FAILURE;
}
$content = file_get_contents('/proc/net/arp');
if ($content === false) {
return ERROR_FAILURE;
}
$lines = explode(PHP_EOL, $content);
array_shift($lines); // first line is the header of the array
foreach($lines as $line) {
if ($line == '') continue;
$v = preg_split('/\s+/', $line);
$ip = $v[0];
$mac = $v[3];
$iface = $v[5];
my_print("arp line: $ip $mac $iface");
$arp_tlv = tlv_pack(create_tlv(TLV_TYPE_IP, inet_pton($ip)));
$arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_ADDRESS, pack("H*", str_replace(':', '', $mac))));
$arp_tlv .= tlv_pack(create_tlv(TLV_TYPE_MAC_NAME, $iface));
packet_add_tlv($pkt, create_tlv(TLV_TYPE_ARP_ENTRY, $arp_tlv));
}

return ERROR_SUCCESS;
}
}

if (!function_exists('stdapi_net_resolve_host')) {
register_command('stdapi_net_resolve_host', COMMAND_ID_STDAPI_NET_RESOLVE_HOST);
function stdapi_net_resolve_host($req, &$pkt) {
Expand Down
4 changes: 4 additions & 0 deletions php/meterpreter/meterpreter.php
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,10 @@ function is_windows() {
return (strtoupper(substr(PHP_OS,0,3)) == "WIN");
}

function is_linux() {
return (strtoupper(substr(PHP_OS,0,3)) == "LIN");
}

##
# Worker functions
##
Expand Down

0 comments on commit 2ce041c

Please sign in to comment.