Merge pull request rapid7#19993 from h00die-gr3y/cmd-enc-base64

jheysel-r7 · web-flow · commit ccb0c1a32098 · 2025-03-31T18:42:31.000-07:00
BUGFIX: cmd encoder base64
diff --git a/modules/encoders/cmd/base64.rb b/modules/encoders/cmd/base64.rb
@@ -33,6 +33,9 @@ def initialize
 
   #
   # Encodes the payload
+  # All unnecessary spaces from your payload inside the () are removed to avoid shell POSIX command lauguage conflicts
+  # The only things allowed after compound commands are redirections, shell keywords, and the various command separators
+  # such as (;, &, |, &&, ||)
   #
   def encode_block(state, buf)
     return buf if (buf.bytes & state.badchars.bytes).empty?
@@ -48,7 +51,7 @@ def encode_block(state, buf)
     when 'base64'
       raise EncodingError if (state.badchars.bytes & '(|)'.bytes).any?
 
-      base64_decoder = '(base64 --decode || base64 -d)'
+      base64_decoder = '(base64 --decode||base64 -d)'
     when 'base64-long'
       base64_decoder = 'base64 --decode'
     when 'base64-short'
@@ -58,9 +61,9 @@ def encode_block(state, buf)
     else
       # find a decoder at runtime if we can use the necessary characters
       if (state.badchars.bytes & '(|)>/&'.bytes).empty?
-        base64_decoder = '((command -v base64 >/dev/null && (base64 --decode || base64 -d)) || (command -v openssl >/dev/null && openssl enc -base64 -d))'
+        base64_decoder = '((command -v base64>/dev/null&&(base64 --decode||base64 -d))||(command -v openssl>/dev/null&&openssl enc -base64 -d))'
       elsif (state.badchars.bytes & '(|)'.bytes).empty?
-        base64_decoder = '(base64 --decode || base64 -d)'
+        base64_decoder = '(base64 --decode||base64 -d)'
       else
         base64_decoder = 'openssl enc -base64 -d'
       end
