metasploit-framework/lib/msf/http/jboss/base.rb

# -*- coding: binary -*-

module Msf::HTTP::JBoss::Base

  # Deploys a WAR through HTTP uri invoke
  #
  # @param opts [Hash] Hash containing {Exploit::Remote::HttpClient#send_request_cgi} options
  # @param num_attempts [Integer] The number of attempts 
  # @return [Rex::Proto::Http::Response, nil] The {Rex::Proto::Http::Response} response if exists, nil otherwise
  def deploy(opts = {}, num_attempts = 5)
    uri = opts['uri']

    if uri.blank?
      return nil
    end

    # JBoss might need some time for the deployment. Try 5 times at most and
    # wait 5 seconds inbetween tries
    num_attempts.times do |attempt|
      res = send_request_cgi(opts, 5)
      msg = nil
      if res.nil?
        msg = "Execution failed on #{uri} [No Response]"
      elsif res.code == 200
        vprint_status("Successfully called '#{uri}'")
        return res
      else
        msg = "http request failed to #{uri} [#{res.code}]"
      end

      if attempt < num_attempts - 1
        msg << ", retrying in 5 seconds..."
        vprint_status(msg)
        Rex.sleep(5)
      else
        print_error(msg)
        return res
      end
    end
  end

  # Provides the HTTP verb used
  #
  # @return [String] The HTTP verb in use
  def http_verb
    datastore['VERB']
  end

end
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`# -- coding: binary --`
Fix YARD documentation 2014-08-22 19:18:13 +00:00
Added auxiliary module jboss_bshdeployer The module allows to deploy a WAR (a webshell for instance) using the BSHDeployer. Also refactored modules/exploits/multi/http/jboss_bshdeployer.rb to use the new Mixin (lib/msf/http/jboss). 2014-07-18 09:51:46 +00:00			`module Msf::HTTP::JBoss::Base`
Fix YARD documentation 2014-08-22 19:18:13 +00:00
			`# Deploys a WAR through HTTP uri invoke`
			`#`
			`# @param opts [Hash] Hash containing {Exploit::Remote::HttpClient#send_request_cgi} options`
Added YARD documentation to lib/msf/http/jboss 2014-08-18 16:19:37 +00:00			`# @param num_attempts [Integer] The number of attempts`
Fix YARD documentation 2014-08-22 19:18:13 +00:00			`# @return [Rex::Proto::Http::Response, nil] The {Rex::Proto::Http::Response} response if exists, nil otherwise`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`def deploy(opts = {}, num_attempts = 5)`
			`uri = opts['uri']`

			`if uri.blank?`
			`return nil`
			`end`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00
			`# JBoss might need some time for the deployment. Try 5 times at most and`
			`# wait 5 seconds inbetween tries`
			`num_attempts.times do \|attempt\|`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`res = send_request_cgi(opts, 5)`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`msg = nil`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`if res.nil?`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`msg = "Execution failed on #{uri} [No Response]"`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`elsif res.code == 200`
Refactored jboss mixin and modules Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']" by vprint_status(). 2014-07-22 21:08:42 +00:00			`vprint_status("Successfully called '#{uri}'")`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`return res`
Add specs for Msf::HTTP::JBoss::Base 2014-08-22 20:11:27 +00:00			`else`
			`msg = "http request failed to #{uri} [#{res.code}]"`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`end`

Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`if attempt < num_attempts - 1`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`msg << ", retrying in 5 seconds..."`
Refactored jboss mixin and modules Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']" by vprint_status(). 2014-07-22 21:08:42 +00:00			`vprint_status(msg)`
Refactored jboss mixin and modules Moved fail_with() from mixin to modules. Added PACKAGE datastore to lib/msf/http/jboss/bsh.rb. 2014-07-24 20:58:58 +00:00			`Rex.sleep(5)`
Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`else`
			`print_error(msg)`
			`return res`
			`end`
			`end`
			`end`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00
Fix YARD documentation 2014-08-22 19:18:13 +00:00			`# Provides the HTTP verb used`
			`#`
			`# @return [String] The HTTP verb in use`
Work on jboss refactoring 2014-08-01 19:28:26 +00:00			`def http_verb`
			`datastore['VERB']`
			`end`

Refactor: Creation of a JBoss mixin The jboss_bsheployer as is does not allow to deploy a custom WAR file. It is convenient when ports are blocked to be able to deploy a webshell instead of just launching a payload. This will require a auxiliary module which will use the JBoss mixin methods. 2014-07-17 22:56:32 +00:00			`end`