1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Encoder
7

8
  # This may produce incorrect code due to minimal escaping
9
  Rank = LowRanking
10

11
  def initialize
12
    super(
13
      'Name' => 'Bash Brace Expansion Command Encoder',
14
      'Description' => %q{
15
        This encoder uses brace expansion in Bash and other shells
16
        to avoid whitespace without being overly fancy.
17
      },
18
      'Author' => ['wvu', 'egypt'],
19
      'Platform' => %w[linux unix],
20
      'Arch' => ARCH_CMD,
21
      'EncoderType' => Msf::Encoder::Type::CmdPosixBrace
22
    )
23
  end
24

25
  def encode_block(state, buf)
26
    # Skip encoding if there are no badchars
27
    return buf if state.badchars !~ /\s/
28

29
    # Perform brace expansion encoding
30
    "{#{buf.gsub(/([{,}])/, '\\\\\1').gsub(/\s+/, ',')}}"
31
  end
32

33
end
34

35