Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix heap_spray method's return value type #2

Merged
merged 1 commit into from
Nov 10, 2016
Merged

Fix heap_spray method's return value type #2

merged 1 commit into from
Nov 10, 2016

Conversation

wchen-r7
Copy link
Contributor

@wchen-r7 wchen-r7 commented Nov 9, 2016
edited
Loading

The heap_spray method returns a string after calling obfuscate, but it should be returning Rex::Exploitation::ObfuscateJS instead.

To test, you can do this:

o = ::Rex::Exploitation::ObfuscateJS.new(%Q|var someVar = "hello, world"; alert(someVar)|)

Inspect the object:

o.class

And that should return Rex::Exploitation::ObfuscateJS.

If you do this:

"#{o}"

It should return the JavaScript string:

"alert(\"hello, world\")"

And then if you call obfuscate:

o.obfuscate('Symbols' => {'Variables'=>['someVar']}, 'Strings' => true)

It should give you the obfuscated JavaScript

And then if you call the #sym method for the variable someVar

o.sym('someVar')

It should tell you the obfuscated name of someVar

@wchen-r7
Fix heap_spray method's return value type
473361e 
The heap_spray method returns a string after calling obfuscate,
but it should be returning Rex::Exploitation::ObfuscateJS
instead.
@wchen-r7 wchen-r7 mentioned this pull request Nov 9, 2016
Closed
@bcook-r7 bcook-r7 self-assigned this Nov 10, 2016
@bcook-r7
Copy link
Contributor

Looks good, string interpolation, etc. work as expected now.

@bcook-r7 bcook-r7 merged commit 473361e into rapid7:master Nov 10, 2016
bcook-r7 pushed a commit that referenced this pull request Nov 10, 2016
Land #2, Fix heap_spray method's return value type
5f9424b
bcook-r7 pushed a commit to rapid7/metasploit-framework that referenced this pull request Nov 10, 2016
Land rapid7/rex-exploitation#2, Fix heap_spray method's return value …
77bacac 
…type

This fixes #7520
@wvu
Copy link
Contributor

wvu commented Nov 13, 2016

🍰

@todb-r7 todb-r7 mentioned this pull request Dec 2, 2016
Merged
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bcook-r7 bcook-r7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wchen-r7 @bcook-r7 @wvu