Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25c0723da3fac5259e40c8298b25ffcb8b2f3b83
beef/modules/network/jboss_jmx_upload_exploit/module.rb
scotty.b.brown@gmail.com 5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-07-02 23:08:28 +00:00

55 lines
2.4 KiB
Ruby
Raw Blame History

#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Jboss_jmx_upload_exploit < BeEF::Core::Command
#
# Defines and set up the command module.
#
def initialize
super({
'Name' => 'Jboss 6.0.0M1 JMX Deploy Exploit',
'Description' => 'Deploy a JSP reverse or bind shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br>Remember to run the MSF multi/hanlder listener with java/jsp_shell_reverse_tcp as payload, in case you are using the reverse payload.',
'Category' => 'Network',
'Author' => 'antisnatchor, l33tb0y',
'Data' => [
{'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
{'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
{'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1'},
{'name' => 'lport', 'ui_label' => 'MSF Listener Port (or bind)', 'value' => '6666'},
{'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe'},
{'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' => rand(32**20).to_s(32)},
{ 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
'store_fields' => ['payload'], 'store_data' => [['reverse'],['bind']],
'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
}
],
'File' => __FILE__
})
set_target({
'verified_status' => VERIFIED_WORKING,
'browser_name' => ALL
})
use_template!
end
def callback
save({'result' => @datastore['result']})
end
end
Reference in New Issue View Git Blame Copy Permalink