Refactor extract_mbean_server

lib/msf/jmx/discovery.rb

@@ -17,31 +17,7 @@ module Msf
         stream
       end
 
-      def extract_mbean_server(stream)
-        my_block = false
-        stub = false
-        i = 0
-        stub_index = 0
-        stream.contents.each do |content|
-          if content.class == Rex::Java::Serialization::Model::BlockData && i == 0
-            my_block = true
-          end
-
-          if content.class == Rex::Java::Serialization::Model::NewObject && content.class_desc.description.class_name.contents == 'javax.management.remote.rmi.RMIServerImpl_Stub'
-            stub = true
-            stub_index = i
-            break
-          end
-          i = i + 1
-        end
-
-        unless my_block && stub
-          return nil
-        end
-
-        my_block_id = stream.contents[0].contents[1..-1]
-
-        block_data = stream.contents[stub_index + 1]
+      def extract_mbean_server(block_data)
         data_io = StringIO.new(block_data.contents)
 
         ref_length = data_io.read(2)

modules/exploits/multi/misc/java_jmx_server.rb

@@ -193,9 +193,22 @@ class Metasploit3 < Msf::Exploit::Remote
       fail_with("#{peer} - Failed to discover the JMX endpoint")
     end
 
+    answer = extract_object(return_data, 1)
+
+    if answer.nil?
+      fail_with(Failure::Unknown, "#{peer} - Unexpected JMXRMI discovery answer")
+    end
+
+    case answer
+    when 'javax.management.remote.rmi.RMIServerImpl_Stub'
+      print_good("#{peer} - RMIServerImpl_Stub instance found, using it")
+    else
+      fail_with(Failure::Unknown, "#{peer} - JMXRMI discovery returned unexpected object #{answer}")
+    end
+
     print_status("#{peer} - Extracting MBean Server...")
 
-    mbean_server = extract_mbean_server(return_data)
+    mbean_server = extract_mbean_server(return_data.contents[2])
 
     if mbean_server.nil?
       fail_with("#{peer} - Failed to extract the JMX MBean server endpoint")