class Wpxf::Payload
The base class for all payloads.
Attributes
@return [Array] the commands queued to be executed on the target.
@return the payload in its raw format.
Public Class Methods
Wpxf::Options::new
# File lib/wpxf/core/payload.rb, line 10 def initialize super register_options([ BooleanOption.new( name: 'encode_payload', desc: 'Encode the payload to avoid fingerprint detection', required: true, default: true ) ]) self.queued_commands = [] end
Public Instance Methods
Run checks to raise warnings to the user of any issues or noteworthy points in regards to the payload being used with the current module. @param mod [Module] the module using the payload.
# File lib/wpxf/core/payload.rb, line 87 def check(mod) nil end
Cleanup any allocated resource to the payload.
# File lib/wpxf/core/payload.rb, line 80 def cleanup nil end
@return [Hash] a hash of constants that should be injected at the
beginning of the payload.
# File lib/wpxf/core/payload.rb, line 93 def constants {} end
@return an encoded version of the payload.
# File lib/wpxf/core/payload.rb, line 26 def encoded compiled = _raw_payload_with_random_var_names if normalized_option_value('encode_payload') "<?php eval(base64_decode('#{Base64.strict_encode64(compiled)}')); ?>" else "<?php #{compiled} ?>" end end
Enqueue a command to be executed on the target system, if the payload supports queued commands. @param cmd [String] the command to execute when the payload is executed.
# File lib/wpxf/core/payload.rb, line 116 def enqueue_command(cmd) queued_commands.push(cmd) end
Helper method to escape single quotes in a string. @param val [String] the string with quotes to escape. @return [String] the string with quotes escaped.
# File lib/wpxf/core/payload.rb, line 38 def escape_single_quotes(val) val.gsub(/'/) { "\\'" } end
Generate a hash of variable names. @param keys [Array] an array of keys. @return [Hash] a hash containing a unique name for each key.
# File lib/wpxf/core/payload.rb, line 51 def generate_vars(keys) vars = {} keys.each do |key| loop do var_name = random_var_name unless vars.value?(var_name) vars[key] = random_var_name break end end end vars end
@return [Array] an array of variable names that should be obfuscated in
the payload that is generated.
# File lib/wpxf/core/payload.rb, line 99 def obfuscated_variables ['wpxf_disabled', 'wpxf_output', 'wpxf_exec', 'wpxf_cmd', 'wpxf_handle', 'wpxf_pipes', 'wpxf_fp'] end
@return [String] the PHP preamble that should be included at the
start of all payloads.
# File lib/wpxf/core/payload.rb, line 105 def php_preamble preamble = DataFile.new('php', 'preamble.php').php_content constants.each do |k, v| preamble += " $#{k} = " + (v.is_a?(String) ? "'#{escape_single_quotes(v)}'" : v.to_s) + ";\n" end preamble end
Run payload specific post-exploit procedures. @param mod [Module] the module using the payload. @return [Boolean] true if successful.
# File lib/wpxf/core/payload.rb, line 75 def post_exploit(mod) true if mod end
Do any pre-exploit setup required by the payload. @param mod [Module] the module using the payload. @return [Boolean] true if successful.
# File lib/wpxf/core/payload.rb, line 68 def prepare(mod) true if mod end
Generate a random variable name. @return [String] a random name beetween 5 and 20 alpha characters.
# File lib/wpxf/core/payload.rb, line 44 def random_var_name Utility::Text.rand_alpha(rand(5..20)) end
Private Instance Methods
# File lib/wpxf/core/payload.rb, line 128 def _raw_payload_with_random_var_names payload = +"#{php_preamble} #{raw}" vars = generate_vars(obfuscated_variables) obfuscated_variables.each { |v| payload.gsub!("$#{v}", "$#{vars[v]}") } payload end