Class: Wpxf::Payload

Inherits:
Object
  • Object
show all
Includes:
Options
Defined in:
lib/wpxf/core/payload.rb

Overview

The base class for all payloads.

Instance Attribute Summary collapse

Attributes included from Options

#datastore, #options

Instance Method Summary collapse

Methods included from Options

#all_options_valid?, #get_option, #get_option_value, #missing_options, #normalized_option_value, #option_valid?, #option_value?, #register_advanced_options, #register_evasion_options, #register_option, #register_options, #scoped_option_change, #set_option_value, #unregister_option, #unset_option

Constructor Details

#initializePayload

Returns a new instance of Payload



10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/wpxf/core/payload.rb', line 10

def initialize
  super

  register_options([
    BooleanOption.new(
      name: 'encode_payload',
      desc: 'Encode the payload to avoid fingerprint detection',
      required: true,
      default: true
    )
  ])

  self.queued_commands = []
end

Instance Attribute Details

#queued_commandsArray

Returns the commands queued to be executed on the target.

Returns:

  • (Array)

    the commands queued to be executed on the target.



124
125
126
 
# File 'lib/wpxf/core/payload.rb', line 124

def queued_commands
  @queued_commands
end

#rawObject

Returns the payload in its raw format.

Returns:

  • the payload in its raw format.



121
122
123
 
# File 'lib/wpxf/core/payload.rb', line 121

def raw
  @raw
end

Instance Method Details

#check(mod) ⇒ Object

Run checks to raise warnings to the user of any issues or noteworthy points in regards to the payload being used with the current module.

Parameters:

  • mod (Module)

    the module using the payload.



87
88
89
 
# File 'lib/wpxf/core/payload.rb', line 87

def check(mod)
  nil
end

#cleanupObject

Cleanup any allocated resource to the payload.



80
81
82
 
# File 'lib/wpxf/core/payload.rb', line 80

def cleanup
  nil
end

#constantsHash

Returns a hash of constants that should be injected at the beginning of the payload.

Returns:

  • (Hash)

    a hash of constants that should be injected at the beginning of the payload.



93
94
95
 
# File 'lib/wpxf/core/payload.rb', line 93

def constants
  {}
end

#encodedObject

Returns an encoded version of the payload.

Returns:

  • an encoded version of the payload.



26
27
28
29
30
31
32
33
 
# File 'lib/wpxf/core/payload.rb', line 26

def encoded
  compiled = _raw_payload_with_random_var_names
  if normalized_option_value('encode_payload')
    "<?php eval(base64_decode('#{Base64.strict_encode64(compiled)}')); ?>"
  else
    "<?php #{compiled} ?>"
  end
end

#enqueue_command(cmd) ⇒ Object

Enqueue a command to be executed on the target system, if the payload supports queued commands.

Parameters:

  • cmd (String)

    the command to execute when the payload is executed.



116
117
118
 
# File 'lib/wpxf/core/payload.rb', line 116

def enqueue_command(cmd)
  queued_commands.push(cmd)
end

#escape_single_quotes(val) ⇒ String

Helper method to escape single quotes in a string.

Parameters:

  • val (String)

    the string with quotes to escape.

Returns:

  • (String)

    the string with quotes escaped.



38
39
40
 
# File 'lib/wpxf/core/payload.rb', line 38

def escape_single_quotes(val)
  val.gsub(/'/) { "\\'" }
end

#generate_vars(keys) ⇒ Hash

Generate a hash of variable names.

Parameters:

  • keys (Array)

    an array of keys.

Returns:

  • (Hash)

    a hash containing a unique name for each key.



51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/wpxf/core/payload.rb', line 51

def generate_vars(keys)
  vars = {}
  keys.each do |key|
    loop do
      var_name = random_var_name
      unless vars.value?(var_name)
        vars[key] = random_var_name
        break
      end
    end
  end
  vars
end

#obfuscated_variablesArray

Returns an array of variable names that should be obfuscated in the payload that is generated.

Returns:

  • (Array)

    an array of variable names that should be obfuscated in the payload that is generated.



99
100
101
 
# File 'lib/wpxf/core/payload.rb', line 99

def obfuscated_variables
  ['wpxf_disabled', 'wpxf_output', 'wpxf_exec', 'wpxf_cmd', 'wpxf_handle', 'wpxf_pipes', 'wpxf_fp']
end

#php_preambleString

Returns the PHP preamble that should be included at the start of all payloads.

Returns:

  • (String)

    the PHP preamble that should be included at the start of all payloads.



105
106
107
108
109
110
111
 
# File 'lib/wpxf/core/payload.rb', line 105

def php_preamble
  preamble = DataFile.new('php', 'preamble.php').php_content
  constants.each do |k, v|
    preamble += "  $#{k} = " + (v.is_a?(String) ? "'#{escape_single_quotes(v)}'" : v.to_s) + ";\n"
  end
  preamble
end

#post_exploit(mod) ⇒ Boolean

Run payload specific post-exploit procedures.

Parameters:

  • mod (Module)

    the module using the payload.

Returns:

  • (Boolean)

    true if successful.



75
76
77
 
# File 'lib/wpxf/core/payload.rb', line 75

def post_exploit(mod)
  true if mod
end

#prepare(mod) ⇒ Boolean

Do any pre-exploit setup required by the payload.

Parameters:

  • mod (Module)

    the module using the payload.

Returns:

  • (Boolean)

    true if successful.



68
69
70
 
# File 'lib/wpxf/core/payload.rb', line 68

def prepare(mod)
  true if mod
end

#random_var_nameString

Generate a random variable name.

Returns:

  • (String)

    a random name beetween 5 and 20 alpha characters.



44
45
46
 
# File 'lib/wpxf/core/payload.rb', line 44

def random_var_name
  Utility::Text.rand_alpha(rand(5..20))
end