module Rex module Exploitation # # Encrypts javascript code # class EncryptJS # # Encrypts a javascript string. # # Encrypts a javascript string via XOR using a given key. # The key must be passed to the executed javascript # so that it can decrypt itself. # The provided loader gets the key from # "location.search.substring(1)" # # This should bypass any detection of the file itself # as information not part of the file is needed to # decrypt the original javascript code. # # Example: # # js = < # # You might use something like this in exploit # modules to pass the key to the javascript # # if (!request.uri.match(/\?\w+/)) # send_local_redirect(cli, "?#{@key}") # return # end # # def self.encrypt(js, key) js.gsub!(/[\r\n]/, '') encoded = Rex::Encoding::Xor::Generic.encode(js, key)[0].unpack("H*")[0] # obfuscate the eval call to circumvent generic detection eval = 'eval'.split(//).join(Rex::Text.rand_text_alpha(rand(5)).upcase) eval_call = 'window["' + eval + '".replace(/[A-Z]/g,"")]' js_loader = Rex::Exploitation::ObfuscateJS.new <<-ENDJS var exploit = '#{encoded}'; var encoded = ''; for (i = 0;i { 'Variables' => [ 'exploit', 'encoded', 'pass', 'decoded' ], }, 'Strings' => false ) end end end end