adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
metasploit-gs/modules/encoders/php/hex.rb
T
bcoles d85ccb2da1 modules/encoders: Resolve RuboCop violations
2025-04-14 00:10:31 +10:00

73 lines
2.2 KiB
Ruby
Raw Blame History

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Encoder
Rank = GreatRanking
def initialize
super(
'Name' => 'PHP Hex Encoder',
'Description' => %q{
This encoder returns a hex string encapsulated in
eval(hex2bin()), increasing the size by a bit more than
a factor two.
},
'Author' => 'Julien Voisin',
'License' => BSD_LICENSE,
'Arch' => ARCH_PHP)
register_options(
[
OptBool.new('Compress', [ true, 'Compress the payload with zlib', false ]) # Disabled by default as it relies on having php compiled with zlib, which might not be available on come exotic setups.
]
)
end
def encode_block(state, buf)
# Have to have these for the decoder stub, so if they're not available,
# there's nothing we can do here.
%w[e v a l h e x 2 b i n ( ) ;].uniq.each do |c|
raise BadcharError if state.badchars.include?(c)
end
if datastore['Compress']
%w[g z u n c o m p r e s s].uniq.each do |c|
raise BadcharError if state.badchars.include?(c)
end
end
# Modern versions of PHP choke on unquoted literal strings.
quote = "'"
if state.badchars.include?("'")
raise BadcharError.new, "The #{name} encoder failed to encode the decoder stub without bad characters." if state.badchars.include?('"')
quote = '"'
end
if datastore['Compress']
buf = Zlib::Deflate.deflate(buf)
end
hex = buf.unpack1('H*')
state.badchars.each_byte do |byte|
# Last ditch effort, if any of the normal characters used by hex
# are badchars, try to replace them with something that will become
# the appropriate thing on the other side.
next unless hex.include?(byte.chr)
%w[c h r ( ) .].uniq.each do |c|
raise BadcharError if state.badchars.include?(c)
end
hex.gsub!(byte.chr, "#{quote}.chr(#{byte}).#{quote}")
end
if datastore['Compress']
return 'eval(gzuncompress(hex2bin(' + quote + hex + quote + ')));'
else
return 'eval(hex2bin(' + quote + hex + quote + '));'
end
end
end
Reference in New Issue View Git Blame Copy Permalink