From 11655db84c30c3443c20fd0d5dba7a312eec3a3b Mon Sep 17 00:00:00 2001 From: Postmodern Date: Wed, 14 Aug 2024 15:00:41 -0700 Subject: [PATCH] Added the `php/base64_encode` encoder (closes #174). --- README.md | 1 + .../encoders/builtin/php/base64_encode.rb | 71 +++++++++++++++++++ .../builtin/php/base64_encode_spec.rb | 17 +++++ 3 files changed, 89 insertions(+) create mode 100644 lib/ronin/payloads/encoders/builtin/php/base64_encode.rb create mode 100644 spec/encoders/builtin/php/base64_encode_spec.rb diff --git a/README.md b/README.md index 4b4a81e7..c08c3e72 100644 --- a/README.md +++ b/README.md @@ -207,6 +207,7 @@ $ ronin-payloads encoders js/base64_encode js/hex_encode js/node/base64_encode + php/base64_encode powershell/hex_encode python/base64_encode python/hex_encode diff --git a/lib/ronin/payloads/encoders/builtin/php/base64_encode.rb b/lib/ronin/payloads/encoders/builtin/php/base64_encode.rb new file mode 100644 index 00000000..55174c7d --- /dev/null +++ b/lib/ronin/payloads/encoders/builtin/php/base64_encode.rb @@ -0,0 +1,71 @@ +# frozen_string_literal: true +# +# ronin-payloads - A Ruby micro-framework for writing and running exploit +# payloads. +# +# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com) +# +# ronin-payloads is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# ronin-payloads is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with ronin-payloads. If not, see . +# + +require 'ronin/payloads/encoders/php_encoder' +require 'ronin/support/encoding/base64' + +module Ronin + module Payloads + module Encoders + module PHP + # + # Encodes the given PHP code as a Base64 string, then decodes it + # using `base64_decode()`, and then evaluates the decoded PHP code + # using `eval()`. + # + # echo 'PWNED'; -> eval(base64_decode("ZWNobyAnUFdORUQnOw==")) + # + # @since 0.3.0 + # + class Base64Encode < PHPEncoder + + register 'php/base64_encode' + + summary 'Encodes PHP as base64' + + description <<~DESC + Encodes the given PHP code as a Base64 string, then decodes it using + `base64_decode()`, and then evaluates the decoded PHP code using + `eval()`. + + echo 'PWNED'; -> eval(base64_decode("ZWNobyAnUFdORUQnOw==")) + + DESC + + # + # Encodes PHP code as Base64. + # + # @param [String] php + # The PHP code to encode. + # + # @return [String] + # + def encode(php) + base64 = Support::Encoding::Base64.encode(php, mode: :strict) + + %{eval(base64_decode("#{base64}"))} + end + + end + end + end + end +end diff --git a/spec/encoders/builtin/php/base64_encode_spec.rb b/spec/encoders/builtin/php/base64_encode_spec.rb new file mode 100644 index 00000000..45c40cc5 --- /dev/null +++ b/spec/encoders/builtin/php/base64_encode_spec.rb @@ -0,0 +1,17 @@ +require 'spec_helper' +require 'ronin/payloads/encoders/builtin/php/base64_encode' + +describe Ronin::Payloads::Encoders::PHP::Base64Encode do + it "must inherit from Ronin::Payloads::Encoders::PHPEncoder" do + expect(described_class).to be < Ronin::Payloads::Encoders::PHPEncoder + end + + describe "#encode" do + let(:php) { "echo 'PWNED';" } + let(:encoded) { %{eval(base64_decode("ZWNobyAnUFdORUQnOw=="))} } + + it "must encode the given PHP code as a Base64 string and embed it into the 'eval(base64_decode(\"...\"))' string" do + expect(subject.encode(php)).to eq(encoded) + end + end +end