merge patches to fix a race condition in java meterpreter stager and a compatibility fix for gcj-based JVMs, thanks mihi\! java meterpreter now works with tomcat_mgr_deploy, see #3009
git-svn-id: file:///home/svn/framework3/trunk@10864 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
313317224f
commit
dcb850f56a
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
<target name="compile">
|
<target name="compile">
|
||||||
<mkdir dir="build" />
|
<mkdir dir="build" />
|
||||||
<javac srcdir="src" destdir="build" source="1.1" target="1.1" debug="no" />
|
<javac srcdir="src" destdir="build" source="1.1" target="1.1" classpath="lib/servlet-api-2.2.jar" debug="no" />
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="jar" depends="compile">
|
<target name="jar" depends="compile">
|
||||||
|
@ -65,4 +65,14 @@
|
||||||
</jar>
|
</jar>
|
||||||
<delete file="build/metasploit.dat"/>
|
<delete file="build/metasploit.dat"/>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
|
<target name="deploy" depends="compile">
|
||||||
|
<copy todir="../../../data/java">
|
||||||
|
<fileset dir="build">
|
||||||
|
<exclude name="javapayload/stage/JSh*.class" />
|
||||||
|
<exclude name="javapayload/stage/SendParameters.class" />
|
||||||
|
<exclude name="javapayload/stage/SystemInfo.class" />
|
||||||
|
</fileset>
|
||||||
|
</copy>
|
||||||
|
</target>
|
||||||
</project>
|
</project>
|
||||||
|
|
Binary file not shown.
|
@ -8,8 +8,8 @@ import java.net.MalformedURLException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLConnection;
|
import java.net.URLConnection;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Hashtable;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An {@link URLConnection} for an URL that is stored completely in memory.
|
* An {@link URLConnection} for an URL that is stored completely in memory.
|
||||||
|
@ -23,10 +23,42 @@ public class MemoryBufferURLConnection extends URLConnection {
|
||||||
static {
|
static {
|
||||||
// tweak the cache of already loaded protocol handlers via reflection
|
// tweak the cache of already loaded protocol handlers via reflection
|
||||||
try {
|
try {
|
||||||
Field fld = URL.class.getDeclaredField("handlers");
|
Field fld;
|
||||||
|
try {
|
||||||
|
fld = URL.class.getDeclaredField("handlers");
|
||||||
|
} catch (NoSuchFieldException ex) {
|
||||||
|
try {
|
||||||
|
// GNU Classpath (libgcj) calls this field differently
|
||||||
|
fld = URL.class.getDeclaredField("ph_cache");
|
||||||
|
} catch (NoSuchFieldException ex2) {
|
||||||
|
// throw the original exception
|
||||||
|
throw ex;
|
||||||
|
}
|
||||||
|
}
|
||||||
fld.setAccessible(true);
|
fld.setAccessible(true);
|
||||||
Hashtable handlers = (Hashtable) fld.get(null);
|
Map handlers = (Map) fld.get(null);
|
||||||
handlers.put("metasploitmembuff", new MemoryBufferURLStreamHandler());
|
// Note that although this is a static initializer, it can happen
|
||||||
|
// that two threads are entering this spot at the same time: When
|
||||||
|
// there is more than one classloader context (e. g. in a servlet
|
||||||
|
// container with Spawn=0) and more than one of them is loading
|
||||||
|
// a copy of this class at the same time. Work around this by
|
||||||
|
// letting all of them use the same URL stream handler object.
|
||||||
|
synchronized(handlers) {
|
||||||
|
// do not use the "real" class name here as the same class
|
||||||
|
// loaded in different classloader contexts is not the same
|
||||||
|
// one for Java -> ClassCastException
|
||||||
|
Object /*MemoryBufferURLStreamHandler*/ handler;
|
||||||
|
|
||||||
|
if (handlers.containsKey("metasploitmembuff")) {
|
||||||
|
handler = handlers.get("metasploitmembuff");
|
||||||
|
} else {
|
||||||
|
handler = new MemoryBufferURLStreamHandler();
|
||||||
|
handlers.put("metasploitmembuff", handler);
|
||||||
|
}
|
||||||
|
|
||||||
|
// for the same reason, use reflection to obtain the files List
|
||||||
|
files = (List) handler.getClass().getMethod("getFiles", new Class[0]).invoke(handler, new Object[0]);
|
||||||
|
}
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
throw new RuntimeException(ex.toString());
|
throw new RuntimeException(ex.toString());
|
||||||
}
|
}
|
||||||
|
@ -36,9 +68,11 @@ public class MemoryBufferURLConnection extends URLConnection {
|
||||||
* Create a new URL from a byte array and its content type.
|
* Create a new URL from a byte array and its content type.
|
||||||
*/
|
*/
|
||||||
public static URL createURL(byte[] data, String contentType) throws MalformedURLException {
|
public static URL createURL(byte[] data, String contentType) throws MalformedURLException {
|
||||||
|
synchronized(files) {
|
||||||
files.add(data);
|
files.add(data);
|
||||||
return new URL("metasploitmembuff", "", (files.size() - 1) + "/" + contentType);
|
return new URL("metasploitmembuff", "", (files.size() - 1) + "/" + contentType);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private final byte[] data;
|
private final byte[] data;
|
||||||
private final String contentType;
|
private final String contentType;
|
||||||
|
@ -47,7 +81,9 @@ public class MemoryBufferURLConnection extends URLConnection {
|
||||||
super(url);
|
super(url);
|
||||||
String file = url.getFile();
|
String file = url.getFile();
|
||||||
int pos = file.indexOf('/');
|
int pos = file.indexOf('/');
|
||||||
|
synchronized (files) {
|
||||||
data = (byte[]) files.get(Integer.parseInt(file.substring(0, pos)));
|
data = (byte[]) files.get(Integer.parseInt(file.substring(0, pos)));
|
||||||
|
}
|
||||||
contentType = file.substring(pos + 1);
|
contentType = file.substring(pos + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,8 @@ import java.io.IOException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLConnection;
|
import java.net.URLConnection;
|
||||||
import java.net.URLStreamHandler;
|
import java.net.URLStreamHandler;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An {@link URLStreamHandler} for a {@link MemoryBufferURLConnection}
|
* An {@link URLStreamHandler} for a {@link MemoryBufferURLConnection}
|
||||||
|
@ -11,7 +13,14 @@ import java.net.URLStreamHandler;
|
||||||
* @author mihi
|
* @author mihi
|
||||||
*/
|
*/
|
||||||
public class MemoryBufferURLStreamHandler extends URLStreamHandler {
|
public class MemoryBufferURLStreamHandler extends URLStreamHandler {
|
||||||
|
|
||||||
|
private List files = new ArrayList();
|
||||||
|
|
||||||
protected URLConnection openConnection(URL u) throws IOException {
|
protected URLConnection openConnection(URL u) throws IOException {
|
||||||
return new MemoryBufferURLConnection(u);
|
return new MemoryBufferURLConnection(u);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public List getFiles() {
|
||||||
|
return files;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue