infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do more reporting

bug/bundler_fix
wchen-r7 2015-06-25 22:39:56 -05:00
parent 5ef4cc2bb4
commit c70e38a14e
1 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/exploits/multi/http/glassfish_deployer.rb
View File

@ -13,6 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE include Msf::Exploit::EXE
include Msf::Auxiliary::Report
def initialize(info={}) def initialize(info={})
super(update_info(info, super(update_info(info,
@ -270,19 +271,28 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
def report_glassfish_version(banner)
report_note(
host: rhost,
type: 'glassfish.banner',
data: banner,
update: :unique_data
)
end
# #
# Return GlassFish's edition (Open Source or Commercial) and version (2.x, 3.0, 3.1, 9.x) and # Return GlassFish's edition (Open Source or Commercial) and version (2.x, 3.0, 3.1, 9.x) and
# banner (ex: Sun Java System Application Server 9.x) # banner (ex: Sun Java System Application Server 9.x)
# #
def get_version(res) def get_version(res)
#Extract banner from response # Extract banner from response
banner = res.headers['Server'] banner = res.headers['Server']
#Default value for edition and glassfish version # Default value for edition and glassfish version
edition = 'Commercial' edition = 'Commercial'
version = 'Unknown' version = 'Unknown'
#Set edition (Open Source or Commercial) # Set edition (Open Source or Commercial)
p = /(Open Source|Sun GlassFish Enterprise Server|Sun Java System Application Server)/ p = /(Open Source|Sun GlassFish Enterprise Server|Sun Java System Application Server)/
edition = 'Open Source' if banner =~ p edition = 'Open Source' if banner =~ p
@ -301,6 +311,8 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Unsupported version: #{banner}") print_status("Unsupported version: #{banner}")
end end
report_glassfish_version(banner)
return edition, version, banner return edition, version, banner
end end
@ -632,6 +644,18 @@ class Metasploit3 < Msf::Exploit::Remote
) )
end end
def report_auth_bypass(version)
report_vuln(
name: 'GlassFish HTTP Method Authentication Bypass',
info: "The remote service has a vulnerable version of GlassFish (#{version}) that allows the " \
'attacker to bypass authentication by sending an HTTP verb in lower-case.',
host: rhost,
port: rport,
proto: 'tcp',
refs: self.references
)
end
def try_glassfish_auth_bypass(version) def try_glassfish_auth_bypass(version)
sid = nil sid = nil
@ -652,6 +676,8 @@ class Metasploit3 < Msf::Exploit::Remote
end end
end end
report_auth_bypass(version) if sid
sid sid
end end