From dcfdb95e5f2567045858d8d29b56267e4428afc4 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Thu, 11 Mar 2010 00:55:21 +0000
Subject: [PATCH] *Backwards Compatibility Broken* - The session XMLRPC object
 now requires data for read/write to be encoded using Base64, this solves a
 number of issues with the builtin XMLRPC library with regards to binary data
 encoding. The response from read() now contains an 'encoding' element with
 the value 'base64', in order to differentiate from older versions.

git-svn-id: file:///home/svn/framework3/trunk@8776 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/core/rpc/session.rb | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/msf/core/rpc/session.rb b/lib/msf/core/rpc/session.rb
index ce42d39ef8..45e82d8348 100644
--- a/lib/msf/core/rpc/session.rb
+++ b/lib/msf/core/rpc/session.rb
@@ -40,13 +40,13 @@ class Session < Base
 		end
 
 		if(not s.rstream.has_read_data?(0))
-			{ "data" => "" }
+			{ "data" => "", "encoding" => "base64" }
 		else
 			data = s.shell_read
 			if data.length > 0
 				@framework.events.on_session_output(s, data)
 			end
-			{ "data" => data }
+			{ "data" => Rex::Text.encode_base64(data), "encoding" => "base64" }
 		end
 	end
 
@@ -56,9 +56,10 @@ class Session < Base
 		if(s.type != "shell")
 			raise ::XMLRPC::FaultException.new(403, "session is not a shell")
 		end
-		@framework.events.on_session_command(s, data)
+		buff = Rex::Text.decode_base64(data)
+		@framework.events.on_session_command(s, buff)
 
-		{ "write_count" => s.shell_write(data) }
+		{ "write_count" => s.shell_write(buff) }
 	end
 
 	def meterpreter_read(token, sid)
@@ -81,7 +82,7 @@ class Session < Base
 		if data.length > 0
 			@framework.events.on_session_output(s, data)
 		end
-		{ "data" => data }
+		{ "data" => Rex::Text.encode_base64(data), "encoding" => "base64" }
 	end
 
 	#
@@ -98,11 +99,12 @@ class Session < Base
 			s.init_ui(nil, Rex::Ui::Text::Output::Buffer.new)
 		end
 
+		buff = Rex::Text.decode_base64(data)
 		# This is already covered by the meterpreter console's on_command_proc
 		# so don't do it here
-		#@framework.events.on_session_command(s, data)
+		#@framework.events.on_session_command(s, buff)
 
-		Thread.new { s.console.run_single(data) }
+		Thread.new { s.console.run_single(buff) }
 
 		{}
 	end