From ec8d2f8cc14df855f1d98b6e43f503cdfeacfea7 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Fri, 6 Sep 2024 14:48:45 +0200
Subject: [PATCH 1/2] Remove an old comment in lib/msf/core/payload/php.rb

The encoder has been implemented in modules/encoders/php/minify.rb
---
 lib/msf/core/payload/php.rb | 37 -------------------------------------
 1 file changed, 37 deletions(-)

diff --git a/lib/msf/core/payload/php.rb b/lib/msf/core/payload/php.rb
index 64f78dd01d37..1d610df74f0d 100644
--- a/lib/msf/core/payload/php.rb
+++ b/lib/msf/core/payload/php.rb
@@ -136,43 +136,6 @@ def php_system_block(options = {})
 
     exec_methods = [passthru, shell_exec, system, exec, proc_open, popen].sort_by { rand }
     buf = setup + exec_methods.join("") + fail_block
-    #buf = Rex::Text.compress(buf)
-
-    ###
-    # All of this junk should go in an encoder
-    #
-    # Replace all single-quoted strings with quoteless equivalents, e.g.:
-    #    echo('asdf');
-    # becomes
-    #    echo($a.$s.$d.$f);
-    # and add "$a=chr(97);" et al to the top of the block
-    #
-    # Once this is complete, it is guaranteed that there are no spaces
-    # inside strings.  This combined with the fact that there are no
-    # function definitions, which require a space between the "function"
-    # keyword and the name, means we can completely remove spaces.
-    #
-    #alpha_used = { 95 }
-    #buf.gsub!(/'(.*?)'/) {
-    #	str_array = []
-    #	$1.each_byte { |c|
-    #		if (('a'..'z').include?(c.chr))
-    #			alpha_used[c] = 1
-    #			str_array << "$#{c.chr}."
-    #		else
-    #			str_array << "chr(#{c})."
-    #		end
-    #	}
-    #	str_array.last.chop!
-    #	str_array.join("")
-    #}
-    #if (alpha_used.length > 1)
-    #	alpha_used.each_key { |k| buf = "$#{k.chr}=chr(#{k});" + buf }
-    #end
-    #
-    #buf.gsub!(/\s*/, '')
-    #
-    ###
 
     return buf
 

From 6530720605b37ec79bf9398b7767dec839330e3b Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sat, 7 Sep 2024 16:35:08 +0200
Subject: [PATCH 2/2] Minor improvements of lib/msf/core/payload/php.rb

- Golf a condition
- Use the `shuffle` method instead of the weird `.sort_by` construct
---
 lib/msf/core/payload/php.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/msf/core/payload/php.rb b/lib/msf/core/payload/php.rb
index 64f78dd01d37..d81273481680 100644
--- a/lib/msf/core/payload/php.rb
+++ b/lib/msf/core/payload/php.rb
@@ -69,7 +69,7 @@ def php_system_block(options = {})
     in_array    = '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
 
     setup = "
-      if (FALSE !== stristr(PHP_OS, 'win' )) {
+      if (FALSE!==stristr(PHP_OS,'win')){
         #{cmd}=#{cmd}.\" 2>&1\\n\";
       }
       #{is_callable}='is_callable';
@@ -134,7 +134,8 @@ def php_system_block(options = {})
       }
     "
 
-    exec_methods = [passthru, shell_exec, system, exec, proc_open, popen].sort_by { rand }
+    exec_methods = [passthru, shell_exec, system, exec, proc_open, popen];
+    shuffle(exec_methods);
     buf = setup + exec_methods.join("") + fail_block
     #buf = Rex::Text.compress(buf)