Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape braces after all in cmd/brace encoder #18032

Merged
merged 1 commit into from May 30, 2023
Merged

Escape braces after all in cmd/brace encoder #18032

merged 1 commit into from May 30, 2023

Conversation

wvu
Copy link
Contributor

@wvu wvu commented May 26, 2023
edited

Previously escaped only commas.

Test: echo -n "echo hello, {world}" | ./msfvenom -a cmd --platform unix -e cmd/brace -b " "

Updates #10516.

@wvu
Escape braces after all in cmd/brace encoder
f5bec51 
Previously escaped only commas.
wvu
wvu commented May 26, 2023
View reviewed changes
modules/encoders/cmd/brace.rb
@@ -27,7 +27,7 @@ def encode_block(state, buf)
return buf if state.badchars !~ /\s/

# Perform brace expansion encoding
"{#{buf.gsub(',', '\\,').gsub(/\s+/, ',')}}"
"{#{buf.gsub(/([{,}])/, '\\\\\1').gsub(/\s+/, ',')}}"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is terrible.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it works 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so many backslashes i don't even know what's real anymore

@sempervictus
Copy link
Contributor

I wonder how many hits this PR will generate on searches by owners of reclassified firearms...

I think that expression might bear an explanatory comment, or SomeGPT will have a lot of 'splainin to do 😉

@gwillcox-r7 gwillcox-r7 added enhancement rn-enhancement release notes enhancement labels May 30, 2023
@gwillcox-r7 gwillcox-r7 self-assigned this May 30, 2023
@gwillcox-r7
Copy link
Contributor

Before:

  │  ~/g/metasploit-framework │   master ?1  echo -n "echo hello, {world}" | ./msfvenom -a cmd --platform unix -e cmd/brace -b " "
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of cmd/brace
cmd/brace succeeded with size 22 (iteration=0)
cmd/brace chosen with final size 22
Payload size: 22 bytes
{echo,hello\,,{world}}

@gwillcox-r7
Copy link
Contributor

Updated version showing that braces are now properly encoded as well:

  │  ~/g/metasploit-framework │   land-pr18032:pr/18032 ?1  echo -n "echo hello, {world}" | ./msfvenom -a cmd --platform unix -e cmd/brace -b " "  ✔ │ 3.0.5  │ 11:17:03 AM  
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of cmd/brace
cmd/brace succeeded with size 24 (iteration=0)
cmd/brace chosen with final size 24
Payload size: 24 bytes
{echo,hello\,,\{world\}}

@gwillcox-r7 gwillcox-r7 merged commit d194cf2 into rapid7:master May 30, 2023
32 checks passed
@gwillcox-r7
Copy link
Contributor

Release Notes

A bug has been fixed in the cmd/brace encoder whereby it did not appropriately escape braces.

@gwillcox-r7 gwillcox-r7 added bug rn-fix release notes fix and removed enhancement rn-enhancement release notes enhancement labels May 30, 2023
@wvu wvu deleted the patch-3 branch May 30, 2023 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwillcox-r7 gwillcox-r7 gwillcox-r7 approved these changes

Assignees

@gwillcox-r7 gwillcox-r7

Labels
bug rn-fix release notes fix
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@wvu @sempervictus @gwillcox-r7