Update RMI/JMX mixin documentation
jvazquez-r7
parent
39e87f927a
commit
7c0e17d1f7
|
|
@ -5,11 +5,23 @@ module Msf
|
|||
module Rmi
|
||||
module Client
|
||||
module Jmx
|
||||
# This mixin provides methods to simulate calls to the Java
|
||||
# javax/management/remote/rmi/RMIConnectionImpl_Stub
|
||||
# interface
|
||||
module Connection
|
||||
require 'msf/java/rmi/client/jmx/connection/builder'
|
||||
|
||||
include Msf::Java::Rmi::Client::Jmx::Connection::Builder
|
||||
|
||||
# Sends a call to the JMXRMI endpoint to retrieve an MBean instance. Simulates a call
|
||||
# to the Java javax/management/remote/rmi/RMIConnectionImpl_Stub#getObjectInstance()
|
||||
# method.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [TrueClass, NilClass] true if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_jmx_get_object_instance
|
||||
def send_jmx_get_object_instance(opts = {})
|
||||
send_call(
|
||||
sock: opts[:sock] || sock,
|
||||
|
|
@ -35,6 +47,15 @@ module Msf
|
|||
true
|
||||
end
|
||||
|
||||
# Sends a call to the JMXRMI endpoint to create an MBean instance. Simulates a call
|
||||
# to the Java javax/management/remote/rmi/RMIConnectionImpl_Stub#createMBean()
|
||||
# method.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [TrueClass, NilClass] true if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_jmx_create_mbean
|
||||
def send_jmx_create_mbean(opts = {})
|
||||
send_call(
|
||||
sock: opts[:sock] || sock,
|
||||
|
|
@ -60,6 +81,15 @@ module Msf
|
|||
true
|
||||
end
|
||||
|
||||
# Sends a call to the JMXRMI endpoint to invoke an MBean method. Simulates a call
|
||||
# to the Java javax/management/remote/rmi/RMIConnectionImpl_Stub#invoke()
|
||||
# method.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [TrueClass, NilClass] true if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_jmx_invoke
|
||||
def send_jmx_invoke(opts = {})
|
||||
send_call(
|
||||
sock: opts[:sock] || sock,
|
||||
|
|
|
|||
|
|
@ -7,11 +7,12 @@ module Msf
|
|||
module Jmx
|
||||
module Connection
|
||||
module Builder
|
||||
# Builds an RMI call to java.rmi.registry.Registry.lookup() used to
|
||||
# retrieve the remote reference bound to a name.
|
||||
|
||||
# Builds an RMI call to javax/management/remote/rmi/RMIConnectionImpl_Stub#getObjectInstance()
|
||||
# used to retrieve an MBean instance
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the name to lookup
|
||||
# @option opts [String] :name the MBean name
|
||||
# @return [Rex::Proto::Rmi::Model::Call]
|
||||
# @see Msf::Java::Rmi::Builder.build_call
|
||||
def build_jmx_get_object_instance(opts = {})
|
||||
|
|
@ -36,7 +37,12 @@ module Msf
|
|||
call
|
||||
end
|
||||
|
||||
# javax.management.ObjectName $param_ObjectName_1, javax.security.auth.Subject $param_Subject_2
|
||||
# Builds an an array of arguments o build a call to
|
||||
# javax/management/remote/rmi/RMIConnectionImpl_Stub#getObjectInstance()
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the MBean name
|
||||
# @return [Array]
|
||||
def build_jmx_get_object_instance_args(name = '')
|
||||
builder = Rex::Java::Serialization::Builder.new
|
||||
|
||||
|
|
@ -56,9 +62,13 @@ module Msf
|
|||
arguments
|
||||
end
|
||||
|
||||
|
||||
#// implementation of createMBean(String, ObjectName, Subject)
|
||||
#public javax.management.ObjectInstance createMBean(java.lang.String $param_String_1, javax.management.ObjectName $param_ObjectName_2, javax.security.auth.Subject $param_Subject_3)
|
||||
# Builds an RMI call to javax/management/remote/rmi/RMIConnectionImpl_Stub#createMBean()
|
||||
# used to retrieve an MBean instance
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the MBean name
|
||||
# @return [Rex::Proto::Rmi::Model::Call]
|
||||
# @see Msf::Java::Rmi::Builder.build_call
|
||||
def build_jmx_create_mbean(opts = {})
|
||||
name = opts[:name] || ''
|
||||
object_number = opts[:object_number] || 0
|
||||
|
|
@ -81,7 +91,12 @@ module Msf
|
|||
call
|
||||
end
|
||||
|
||||
#(String, ObjectName, Subject)
|
||||
# Builds an an array of arguments o build a call to
|
||||
# javax/management/remote/rmi/RMIConnectionImpl_Stub#createMBean()
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the MBean name
|
||||
# @return [Array]
|
||||
def build_jmx_create_mbean_args(name = '')
|
||||
arguments = [
|
||||
Rex::Java::Serialization::Model::Utf.new(nil, name),
|
||||
|
|
@ -94,8 +109,14 @@ module Msf
|
|||
end
|
||||
|
||||
|
||||
#implementation of invoke(ObjectName, String, MarshalledObject, String[], Subject)
|
||||
#public java.lang.Object invoke(javax.management.ObjectName $param_ObjectName_1, java.lang.String $param_String_2, java.rmi.MarshalledObject $param_MarshalledObject_3, java.lang.String[] $param_arrayOf_String_4, javax.security.auth.Subject $param_Subject_5) def build_jmx_invoke(opts = {})
|
||||
# Builds an RMI call to javax/management/remote/rmi/RMIConnectionImpl_Stub#invoke()
|
||||
# used to invoke an MBean method
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the MBean name
|
||||
# @return [Rex::Proto::Rmi::Model::Call]
|
||||
# @see Msf::Java::Rmi::Builder.build_call
|
||||
# @see #build_jmx_invoke_args
|
||||
def build_jmx_invoke(opts = {})
|
||||
object_number = opts[:object_number] || 0
|
||||
uid_number = opts[:uid_number] || 0
|
||||
|
|
@ -117,7 +138,14 @@ module Msf
|
|||
call
|
||||
end
|
||||
|
||||
#(ObjectName, String, MarshalledObject, String[], Subject)
|
||||
# Builds an an array of arguments o build a call to
|
||||
# javax/management/remote/rmi/RMIConnectionImpl_Stub#invoke()
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :object the MBean name
|
||||
# @option opts [String] :method the method name
|
||||
# @option opts [Hash] :args the method arguments
|
||||
# @return [Array]
|
||||
def build_jmx_invoke_args(opts = {})
|
||||
object_name = opts[:object] || ''
|
||||
method_name = opts[:method] || ''
|
||||
|
|
@ -142,15 +170,15 @@ module Msf
|
|||
name: 'java.rmi.MarshalledObject',
|
||||
serial: 0x7cbd1e97ed63fc3e, # serialVersionUID
|
||||
fields: [
|
||||
['int', 'hash'],
|
||||
['array', 'locBytes', '[B'],
|
||||
['array', 'objBytes', '[B']
|
||||
],
|
||||
['int', 'hash'],
|
||||
['array', 'locBytes', '[B'],
|
||||
['array', 'objBytes', '[B']
|
||||
],
|
||||
data: [
|
||||
["int", 1919492550],
|
||||
Rex::Java::Serialization::Model::NullReference.new,
|
||||
data_binary
|
||||
]
|
||||
["int", 1919492550],
|
||||
Rex::Java::Serialization::Model::NullReference.new,
|
||||
data_binary
|
||||
]
|
||||
)
|
||||
|
||||
new_array = builder.new_array(
|
||||
|
|
@ -174,7 +202,8 @@ module Msf
|
|||
end
|
||||
|
||||
# Builds a Rex::Java::Serialization::Model::Stream with the arguments to
|
||||
# simulate a call to the Java invoke method method.
|
||||
# simulate a call to the Java javax/management/remote/rmi/RMIConnectionImpl_Stub#invoke()
|
||||
# method.
|
||||
#
|
||||
# @param args [Hash] the arguments of the method to invoke
|
||||
# @return [Rex::Java::Serialization::Model::Stream]
|
||||
|
|
@ -194,7 +223,6 @@ module Msf
|
|||
|
||||
stream
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -12,12 +12,15 @@ module Msf
|
|||
include Msf::Java::Rmi::Client::Jmx::Server::Builder
|
||||
include Msf::Java::Rmi::Client::Jmx::Server::Parser
|
||||
|
||||
# Sends a Registry lookup call to the RMI endpoint
|
||||
# Sends a call to the JMXRMI endpoint to retrieve an MBean instance. Simulates a call
|
||||
# to the Java javax/management/remote/rmi/RMIServer_Stub#newClient()
|
||||
# method.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [Hash, NilClass] The remote reference information if success, nil otherwise
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_registry_lookup
|
||||
# @return [Hash, NilClass] The connection information if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_jmx_new_client
|
||||
def send_new_client(opts = {})
|
||||
send_call(
|
||||
sock: opts[:sock] || sock,
|
||||
|
|
|
|||
|
|
@ -8,11 +8,12 @@ module Msf
|
|||
module Server
|
||||
module Builder
|
||||
|
||||
# Builds an RMI call to java.rmi.registry.Registry.lookup() used to
|
||||
# retrieve the remote reference bound to a name.
|
||||
# Builds an RMI call to javax/management/remote/rmi/RMIServer_Stub#newClient()
|
||||
# used to enumerate the names bound in a registry
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [String] :name the name to lookup
|
||||
# @option opts [String] :username the JMX role to establish the connection if needed
|
||||
# @option opts [String] :password the JMX password to establish the connection if needed
|
||||
# @return [Rex::Proto::Rmi::Model::Call]
|
||||
# @see Msf::Java::Rmi::Builder.build_call
|
||||
def build_jmx_new_client(opts = {})
|
||||
|
|
@ -43,11 +44,11 @@ module Msf
|
|||
end
|
||||
|
||||
# Builds a Rex::Java::Serialization::Model::NewArray with credentials
|
||||
# to make an authenticated handshake
|
||||
# to make an javax/management/remote/rmi/RMIServer_Stub#newClient call
|
||||
#
|
||||
# @param username [String] The username (role) to authenticate with
|
||||
# @param password [String] The password to authenticate with
|
||||
# @return [Rex::Java::Serialization::Model::NewArray]
|
||||
# @return [Array<Rex::Java::Serialization::Model::NewArray>]
|
||||
def build_jmx_new_client_args(username = '', password = '')
|
||||
builder = Rex::Java::Serialization::Builder.new
|
||||
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ module Msf
|
|||
module Jmx
|
||||
module Server
|
||||
module Parser
|
||||
# Parses a java.rmi.registry.Registry.lookup() return value to find out
|
||||
# the remote reference information.
|
||||
# Parses a javax/management/remote/rmi/RMIServer_Stub#newClient() return value
|
||||
# to find out the remote reference information.
|
||||
#
|
||||
# @param return_value [Rex::Java::Serialization::Model::ReturnValue]
|
||||
# @return [Hash, NilClass] The remote interface information if success, nil otherwise
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ module Msf
|
|||
module Java
|
||||
module Rmi
|
||||
module Client
|
||||
# This mixin provides methods to simulate calls to the Java java/rmi/registry/RegistryImpl_Stub
|
||||
# interface
|
||||
module Registry
|
||||
require 'msf/java/rmi/client/registry/builder'
|
||||
require 'msf/java/rmi/client/registry/parser'
|
||||
|
|
@ -11,11 +13,13 @@ module Msf
|
|||
include Msf::Java::Rmi::Client::Registry::Builder
|
||||
include Msf::Java::Rmi::Client::Registry::Parser
|
||||
|
||||
# Sends a Registry lookup call to the RMI endpoint
|
||||
# Sends a Registry lookup call to the RMI endpoint. Simulates a call to the Java
|
||||
# java/rmi/registry/RegistryImpl_Stub#lookup() method.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [Hash, NilClass] The remote reference information if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_registry_lookup
|
||||
def send_registry_lookup(opts = {})
|
||||
send_call(
|
||||
|
|
@ -50,11 +54,13 @@ module Msf
|
|||
remote_location.merge(object: remote_object)
|
||||
end
|
||||
|
||||
# Sends a Registry list call to the RMI endpoint
|
||||
# Sends a Registry list call to the RMI endpoint. Simulates a call to the Java
|
||||
# java/rmi/registry/RegistryImpl_Stub#list() method
|
||||
#
|
||||
# @param opts [Hash]
|
||||
# @option opts [Rex::Socket::Tcp] :sock
|
||||
# @return [Array, NilClass] The set of names if success, nil otherwise
|
||||
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
||||
# @see Msf::Java::Rmi::Client::Registry::Builder.build_registry_list
|
||||
def send_registry_list(opts = {})
|
||||
send_call(
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ module Msf
|
|||
module Registry
|
||||
module Builder
|
||||
|
||||
# Builds an RMI call to java.rmi.registry.Registry.lookup() used to
|
||||
# Builds an RMI call to java/rmi/registry/RegistryImpl_Stub#lookup() used to
|
||||
# retrieve the remote reference bound to a name.
|
||||
#
|
||||
# @param opts [Hash]
|
||||
|
|
@ -34,7 +34,7 @@ module Msf
|
|||
call
|
||||
end
|
||||
|
||||
# Builds an RMI call to java.rmi.registry.Registry.list() used to
|
||||
# Builds an RMI call to java/rmi/registry/RegistryImpl_Stub#list() used to
|
||||
# enumerate the names bound in a registry
|
||||
#
|
||||
# @param opts [Hash]
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ module Msf
|
|||
module Client
|
||||
module Registry
|
||||
module Parser
|
||||
# Parses a java.rmi.registry.Registry.lookup() return value to find out
|
||||
# Parses a java/rmi/registry/RegistryImpl_Stub#lookup() return value to find out
|
||||
# the remote reference information.
|
||||
#
|
||||
# @param return_value [Rex::Java::Serialization::Model::ReturnValue]
|
||||
|
|
@ -25,7 +25,7 @@ module Msf
|
|||
reference
|
||||
end
|
||||
|
||||
# Parses a java.rmi.registry.Registry.list() return value to find out
|
||||
# Parses a java/rmi/registry/RegistryImpl_Stub#list() return value to find out
|
||||
# the list of names registered.
|
||||
#
|
||||
# @param return_value [Rex::Java::Serialization::Model::ReturnValue]
|
||||
|
|
|
|||
|
|
@ -94,8 +94,11 @@ module Msf
|
|||
|
||||
# Extract an RMI interface reference from an IO
|
||||
#
|
||||
# @param io [IO] the io to extract the reference from
|
||||
# @param io [IO] the io to extract the reference from, should contain the data
|
||||
# inside a BlockData with the reference information.
|
||||
# @return [Hash, nil] the extracted reference if success, nil otherwise
|
||||
# @see Msf::Java::Rmi::Client::Jmx:Server::Parser#parse_jmx_new_client_endpoint
|
||||
# @see Msf::Java::Rmi::Client::Registry::Parser#parse_registry_lookup_endpoint
|
||||
def extract_reference(io)
|
||||
ref = extract_string(io)
|
||||
unless ref && ref == 'UnicastRef'
|
||||
|
|
|
|||
Loading…
Reference in New Issue