infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #9413, Expand the number of class names searched when checking for an exploitable JMX server

4.x
Brent Cook 2018-01-22 16:49:01 -06:00 committed by Jeffrey Martin
parent bb73d2c07e
commit 294a8e0ada
No known key found for this signature in database
GPG Key ID: 0CD9BBC2AF15F171
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/multi/misc/java_jmx_server.rb
View File

@ -193,10 +193,22 @@ class MetasploitModule < Msf::Exploit::Remote
end
def discover_endpoint
rmi_classes_and_interfaces = [
'javax.management.remote.rmi.RMIConnectionImpl',
'javax.management.remote.rmi.RMIConnectionImpl_Stub',
'javax.management.remote.rmi.RMIConnector',
'javax.management.remote.rmi.RMIConnectorServer',
'javax.management.remote.rmi.RMIIIOPServerImpl',
'javax.management.remote.rmi.RMIJRMPServerImpl',
'javax.management.remote.rmi.RMIServerImpl',
'javax.management.remote.rmi.RMIServerImpl_Stub',
'javax.management.remote.rmi.RMIConnection',
'javax.management.remote.rmi.RMIServer'
]
ref = send_registry_lookup(name: datastore['JMXRMI'])
return nil if ref.nil?
unless ref[:object] == 'javax.management.remote.rmi.RMIServerImpl_Stub'
unless rmi_classes_and_interfaces.include? ref[:object]
vprint_error("JMXRMI discovery returned unexpected object #{ref[:object]}")
return nil
end