CoCalc -- hex.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/encoders/php/hex.rb
¹⁹⁸¹³ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Encoder
7
  Rank = GreatRanking
8

9
  def initialize
10
    super(
11
      'Name' => 'PHP Hex Encoder',
12
      'Description' => %q{
13
        This encoder returns a hex string encapsulated in
14
        eval(hex2bin()), increasing the size by a bit more than
15
        a factor two.
16
      },
17
      'Author' => 'Julien Voisin',
18
      'License' => BSD_LICENSE,
19
      'Arch' => ARCH_PHP)
20
    register_options(
21
      [
22
        OptBool.new('Compress', [ true, 'Compress the payload with zlib', false ]) # Disabled by default as it relies on having php compiled with zlib, which might not be available on come exotic setups.
23
      ]
24
    )
25
  end
26

27
  def encode_block(state, buf)
28
    # Have to have these for the decoder stub, so if they're not available,
29
    # there's nothing we can do here.
30
    %w[e v a l h e x 2 b i n ( ) ;].uniq.each do |c|
31
      raise BadcharError if state.badchars.include?(c)
32
    end
33

34
    if datastore['Compress']
35
      %w[g z u n c o m p r e s s].uniq.each do |c|
36
        raise BadcharError if state.badchars.include?(c)
37
      end
38
    end
39

40
    # Modern versions of PHP choke on unquoted literal strings.
41
    quote = "'"
42
    if state.badchars.include?("'")
43
      raise BadcharError.new, "The #{name} encoder failed to encode the decoder stub without bad characters." if state.badchars.include?('"')
44

45
      quote = '"'
46
    end
47

48
    if datastore['Compress']
49
      buf = Zlib::Deflate.deflate(buf)
50
    end
51

52
    hex = buf.unpack1('H*')
53

54
    state.badchars.each_byte do |byte|
55
      # Last ditch effort, if any of the normal characters used by hex
56
      # are badchars, try to replace them with something that will become
57
      # the appropriate thing on the other side.
58
      next unless hex.include?(byte.chr)
59

60
      %w[c h r ( ) .].uniq.each do |c|
61
        raise BadcharError if state.badchars.include?(c)
62
      end
63
      hex.gsub!(byte.chr, "#{quote}.chr(#{byte}).#{quote}")
64
    end
65

66
    if datastore['Compress']
67
      return 'eval(gzuncompress(hex2bin(' + quote + hex + quote + ')));'
68
    else
69
      return 'eval(hex2bin(' + quote + hex + quote + '));'
70
    end
71
  end
72
end
73

74
Product

Resources

Company
