Add a hex_double_quoted option to the echo cmdstager

[todb-r7]

This appears to be needed for rapid7/metasploit-framework#7626

Also, might be nice to have in general, since it can help keep the
stager size down.

This PR includes some updated spec's to exercise some of the functionality a little better, but of course, my spec writing is still quite innocent and child-like.

[todb-r7]

Since @wvu-r7 is already involved in rapid7/metasploit-framework#7626, I'd love his help on figuring out how to test and land this thing (I haven't contributed an update to the rex libraries since the split).

[wvu]

Is it necessary to have a duplicate?

[wvu]

Oh, it's for enc_format. Nvm.

[todb-r7]

yep, zactly, https://github.com/todb-r7/rex-exploitation/blob/c00f523505fd7d91bf2a6bbb8bfb5f57d9d4575f/lib/rex/exploitation/cmdstager/echo.rb#L41 wants exact matches.

[todb-r7]

So looking at PR #2 and talking to @bcook-r7 , it looks like I'm not supposed to bump the version on my own; @msjenkins-r7 will do that. With that, order of operations here looks to be:

• Someone who's not me reviews and lands this
• Note the newly generated version number (0.1.5, probably, it's 0.1.4 now)
• Bump the version in metasploit-framework's Gemspec on Add TR-064 command injection exploit (Zyxel / Eir D1000 Wireless Router) metasploit-framework#7626
  • And update the module to specify the new encoding directly
• Someone who's not me reviews and lands Add TR-064 command injection exploit (Zyxel / Eir D1000 Wireless Router) metasploit-framework#7626

Seem right?

(And it needn't be @wvu-r7 or @bcook-r7 -- anyone in @rapid7/metasploit-committers is welcome. :) )

[wvu]

Maybe call this hex_double_quoted?

[todb-r7]

Sure why not

[busterb]

Yes @todb-r7 that's the right order of operations.