130 lines
4.4 KiB
Ruby
130 lines
4.4 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
module Msf
|
|
module Java
|
|
module Rmi
|
|
module Client
|
|
# This mixin provides methods to simulate calls to the Java java/rmi/registry/RegistryImpl_Stub
|
|
# interface
|
|
module Registry
|
|
require 'msf/java/rmi/client/registry/builder'
|
|
require 'msf/java/rmi/client/registry/parser'
|
|
|
|
include Msf::Java::Rmi::Client::Registry::Builder
|
|
include Msf::Java::Rmi::Client::Registry::Parser
|
|
|
|
# Sends a Registry lookup call to the RMI endpoint. Simulates a call to the Java
|
|
# java/rmi/registry/RegistryImpl_Stub#lookup() method.
|
|
#
|
|
# @param opts [Hash]
|
|
# @option opts [Rex::Socket::Tcp] :sock
|
|
# @return [Hash, NilClass] The remote reference information if success, nil otherwise
|
|
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
|
# @see Msf::Java::Rmi::Client::Registry::Builder.build_registry_lookup
|
|
def send_registry_lookup(opts = {})
|
|
send_call(
|
|
sock: opts[:sock] || sock,
|
|
call: build_registry_lookup(opts)
|
|
)
|
|
|
|
return_value = recv_return(
|
|
sock: opts[:sock] || sock
|
|
)
|
|
|
|
if return_value.nil?
|
|
return nil
|
|
end
|
|
|
|
if return_value.is_exception?
|
|
raise ::Rex::Proto::Rmi::Exception, return_value.get_class_name
|
|
end
|
|
|
|
remote_object = return_value.get_class_name
|
|
|
|
if remote_object.nil?
|
|
return nil
|
|
end
|
|
|
|
remote_location = parse_registry_lookup_endpoint(return_value)
|
|
|
|
if remote_location.nil?
|
|
return nil
|
|
end
|
|
|
|
remote_location.merge(object: remote_object)
|
|
end
|
|
|
|
# Sends a Registry list call to the RMI endpoint. Simulates a call to the Java
|
|
# java/rmi/registry/RegistryImpl_Stub#list() method
|
|
#
|
|
# @param opts [Hash]
|
|
# @option opts [Rex::Socket::Tcp] :sock
|
|
# @return [Array, NilClass] The set of names if success, nil otherwise
|
|
# @raise [Rex::Proto::Rmi::Exception] if the endpoint raises a remote exception
|
|
# @see Msf::Java::Rmi::Client::Registry::Builder.build_registry_list
|
|
def send_registry_list(opts = {})
|
|
send_call(
|
|
sock: opts[:sock] || sock,
|
|
call: build_registry_list(opts)
|
|
)
|
|
|
|
return_value = recv_return(
|
|
sock: opts[:sock] || sock
|
|
)
|
|
|
|
if return_value.nil?
|
|
return nil
|
|
end
|
|
|
|
if return_value.is_exception?
|
|
raise ::Rex::Proto::Rmi::Exception, return_value.get_class_name
|
|
end
|
|
|
|
names = parse_registry_list(return_value)
|
|
|
|
names
|
|
end
|
|
|
|
# Calculates the hash to make RMI calls for the
|
|
# java/rmi/registry/RegistryImpl_Stub interface
|
|
#
|
|
# @return [Fixnum] The interface's hash
|
|
def registry_interface_hash
|
|
hash = calculate_interface_hash(
|
|
[
|
|
{
|
|
name: 'bind',
|
|
descriptor: '(Ljava/lang/String;Ljava/rmi/Remote;)V',
|
|
exceptions: ['java.rmi.AccessException', 'java.rmi.AlreadyBoundException', 'java.rmi.RemoteException']
|
|
},
|
|
{
|
|
name: 'list',
|
|
descriptor: '()[Ljava/lang/String;',
|
|
exceptions: ['java.rmi.AccessException', 'java.rmi.RemoteException']
|
|
},
|
|
{
|
|
name: 'lookup',
|
|
descriptor: '(Ljava/lang/String;)Ljava/rmi/Remote;',
|
|
exceptions: ['java.rmi.AccessException', 'java.rmi.NotBoundException', 'java.rmi.RemoteException']
|
|
},
|
|
{
|
|
name: 'rebind',
|
|
descriptor: '(Ljava/lang/String;Ljava/rmi/Remote;)V',
|
|
exceptions: ['java.rmi.AccessException', 'java.rmi.RemoteException']
|
|
},
|
|
{
|
|
name: 'unbind',
|
|
descriptor: '(Ljava/lang/String;)V',
|
|
exceptions: ['java.rmi.AccessException', 'java.rmi.NotBoundException', 'java.rmi.RemoteException']
|
|
}
|
|
]
|
|
)
|
|
|
|
hash
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|