Just Rex::Text.to_octal is probably better
parent
9353929945
commit
10252ca6f4
|
@ -42,19 +42,7 @@ class CmdStagerPrintf < CmdStagerBase
|
||||||
# Encode into a "\12\345" octal format that printf understands
|
# Encode into a "\12\345" octal format that printf understands
|
||||||
#
|
#
|
||||||
def encode_payload(opts)
|
def encode_payload(opts)
|
||||||
encoded = @exe.dup
|
return Rex::Text.to_octal(@exe, "\\")
|
||||||
|
|
||||||
# encode only necessary characters with octal escapes
|
|
||||||
# see Shellwords::shellescape for pattern reference
|
|
||||||
encoded.gsub!(/[^A-Za-z0-9_\-.,:\/@]/) { |match|
|
|
||||||
Rex::Text.to_octal(match[0])
|
|
||||||
}
|
|
||||||
|
|
||||||
# remove leading '0's from an octal escape only if it is not followed by
|
|
||||||
# another digit, e. g., '\012a' -> '\12a' but not '\0123' -> '\123'
|
|
||||||
encoded.gsub!(/\\(?:00([0-9])|0([1-9][0-9]))(?![0-9])/, '\\\\\\1\\2')
|
|
||||||
|
|
||||||
return encoded
|
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue