Fix bug when no arguments are present

lib/msf/base/sessions/command_shell_unix.rb

@@ -30,7 +30,12 @@ def self.to_cmd(executable, args)
       end
 
       escaped = cmd_and_args.map do |arg|
-        CommandShell._glue_cmdline_escape(arg, quote_requiring, "'", "\\'", "'")
+        result = CommandShell._glue_cmdline_escape(arg, quote_requiring, "'", "\\'", "'")
+        if result == ''
+          result = "''"
+        end
+
+        result
       end
 
       escaped.join(' ')

lib/msf/base/sessions/powershell.rb

@@ -92,6 +92,11 @@ def self.to_cmd(executable, args)
       if needs_single_quoting
         arg = "'#{arg}'"
       end
+
+      if arg == ''
+        # Pass in empty strings
+        arg = '\'""\''
+      end
 
       if index == 0
         if needs_single_quoting

lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb

@@ -124,7 +124,7 @@ def Process._open(pid, perms, inherit = false)
   #                                   to meterpreter is this parameter's value, if provided as a String)
   # @option :legacy_args [String] When arguments is an array, this is the command to execute if the receiving Meterpreter does not support arguments as an array
   #
-  def Process.execute(path, arguments = nil, opts = nil)
+  def Process.execute(path, arguments = '', opts = nil)
     request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE)
     flags   = 0
 
@@ -173,28 +173,26 @@ def Process.execute(path, arguments = nil, opts = nil)
       end
     end
 
-    request.add_tlv(TLV_TYPE_PROCESS_UNESCAPED_PATH, client.unicode_filter_decode( path ));
-
     # Add arguments
     # If process arguments were supplied
-    if (arguments != nil)
-      if arguments.kind_of?(Array)
-        # This flag is needed to disambiguate how to handle escaping special characters in the path when no arguments are provided
-        flags |= PROCESS_EXECUTE_FLAG_ARG_ARRAY
-        arguments.each do |arg|
-          request.add_tlv(TLV_TYPE_PROCESS_ARGUMENT, arg);
-        end
-        if opts[:legacy_path]
-          request.add_tlv(TLV_TYPE_PROCESS_PATH, opts[:legacy_path])
-        end
-        if opts[:legacy_args]
-          request.add_tlv(TLV_TYPE_PROCESS_ARGUMENTS, opts[:legacy_args])
-        end
-      elsif arguments.kind_of?(String)
-        request.add_tlv(TLV_TYPE_PROCESS_ARGUMENTS, arguments)
-      else
-        raise ArgumentError.new('Unknown type for arguments')
+    if arguments.kind_of?(Array)
+      request.add_tlv(TLV_TYPE_PROCESS_UNESCAPED_PATH, client.unicode_filter_decode( path ));
+      # This flag is needed to disambiguate how to handle escaping special characters in the path when no arguments are provided
+      flags |= PROCESS_EXECUTE_FLAG_ARG_ARRAY
+      arguments.each do |arg|
+        request.add_tlv(TLV_TYPE_PROCESS_ARGUMENT, arg);
       end
+      if opts[:legacy_path]
+        request.add_tlv(TLV_TYPE_PROCESS_PATH, opts[:legacy_path])
+      end
+      if opts[:legacy_args]
+        request.add_tlv(TLV_TYPE_PROCESS_ARGUMENTS, opts[:legacy_args])
+      end
+    elsif arguments.kind_of?(String)
+      request.add_tlv(TLV_TYPE_PROCESS_PATH, client.unicode_filter_decode( path ));
+      request.add_tlv(TLV_TYPE_PROCESS_ARGUMENTS, arguments)
+    else
+      raise ArgumentError.new('Unknown type for arguments')
     end
 
     request.add_tlv(TLV_TYPE_PROCESS_FLAGS, flags);
@@ -220,7 +218,7 @@ def Process.execute(path, arguments = nil, opts = nil)
   #
   # Execute an application and capture the output
   #
-  def Process.capture_output(path, arguments = nil, opts = nil, time_out = 15)
+  def Process.capture_output(path, arguments = '', opts = nil, time_out = 15)
     start = Time.now.to_i
     process = execute(path, arguments, opts)
     data = ""

spec/lib/msf/base/sessions/powershell_spec.rb

@@ -44,5 +44,9 @@
     it 'should not split comma args' do
       expect(described_class.to_cmd(".\\test.exe", ['arg1,notarg2'])).to eq(".\\test.exe 'arg1,notarg2'")
     end
+
+    it 'should handle empty strings' do
+      expect(described_class.to_cmd(".\\test.exe", ['', 'a', '', 'b'])).to eq(".\\test.exe '\"\"' a '\"\"' b")
+    end
   end
 end