Fix #3914 - Inconsistent unicode names

bug/bundler_fix
sinn3r 2014-09-30 12:19:27 -05:00
parent 10dc6ed2fe
commit 1e2d860ae1
1 changed files with 18 additions and 8 deletions

View File

@ -676,6 +676,16 @@ module Exploit::Remote::HttpServer::HTML
include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HttpServer
UTF_NONE = 'none'
UTF_7 = 'utf-7'
UTF_7_ALL = 'utf-7-all'
UTF_8 = 'utf-8'
UTF_16_LE = 'utf-16le'
UTF_16_BE = 'utf-16be'
UTF_16_BE_MARKER = 'utf-16be-marker'
UTF_32_LE = 'utf-32le'
UTF_32_BE = 'utf-32be'
protected protected
def initialize(info = {}) def initialize(info = {})
@ -687,7 +697,7 @@ protected
# most browsers. as such, they are not added by default. The # most browsers. as such, they are not added by default. The
# mixin supports encoding using them, however they are not # mixin supports encoding using them, however they are not
# listed in the Option. # listed in the Option.
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]), OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', UTF_NONE, [UTF_NONE, UTF_16_LE, UTF_16_BE, UTF_16_BE_MARKER, UTF_32_LE, UTF_32_BE]]),
OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]), OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]), OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]),
], Exploit::Remote::HttpServer::HTML) ], Exploit::Remote::HttpServer::HTML)
@ -881,19 +891,19 @@ protected
} }
end end
if ['utf-16le','utf-16be','utf32-le','utf32-be','utf-7','utf-8'].include?(datastore['HTML::unicode']) if [UTF_16_LE,UTF_16_BE,UTF_32_LE,UTF_32_BE,UTF_7,UTF_8].include?(datastore['HTML::unicode'])
headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode'] headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode']
body = Rex::Text.to_unicode(body, datastore['HTML::unicode']) body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
else else
# special cases # special cases
case datastore['HTML::unicode'] case datastore['HTML::unicode']
when 'utf-16be-marker' when UTF_16_BE_MARKER
headers['Content-Type'] = 'text/html' headers['Content-Type'] = 'text/html'
body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be') body = "\xFE\xFF" + Rex::Text.to_unicode(body, UTF_16_BE)
when 'utf-7-all' when UTF_7_ALL
headers['Content-Type'] = 'text/html; charset=utf-7' headers['Content-Type'] = "text/html; charset=#{UTF_7}"
body = Rex::Text.to_unicode(body, 'utf-7', 'all') body = Rex::Text.to_unicode(body, UTF_7, 'all')
when 'none' when UTF_NONE
# do nothing # do nothing
else else
raise RuntimeError, 'Invalid unicode. how did you get here?' raise RuntimeError, 'Invalid unicode. how did you get here?'