Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.

git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
parent 2f76affadb
commit cd5e5880d2
18 changed files with 817 additions and 10 deletions
@@ -0,0 +1,42 @@
+#!/usr/bin/ruby
+
+require 'rubygems'
+require 'rjb'
+
+Rjb::load(ENV['JAVA_HOME'] + '/lib/tools.jar:.',jvmargs=[])
+
+# This is a completely hackish way to do this, and could break with future
+# versions of the JDK.  Need to find a better way to use sun.security.tools.KeyTool
+# and .JarSigner than modifying the source.  These rely on internal APIs that may
+# change.
+clsKeyTool = Rjb::import('sun.security.tools.KeyTool')
+#clsKeyTool = Rjb::import('sun.security.tools.KeyToolMSF')
+clsJarSigner = Rjb::import('sun.security.tools.JarSigner')
+#clsJarSigner = Rjb::import('sun.security.tools.JarSignerMSF')
+
+keytool = clsKeyTool
+jarsigner = clsJarSigner
+
+outputJar = "output.jar"
+
+#certCN cannot contain commas
+certCN 		= "Metasploit Inc."
+#keytoolOpts 	= "-genkey -alias signFiles -keystore msfkeystore " +
+#		  "-storepass msfstorepass -dname \"cn=#{certCN}\" " +
+#		  "-keypass msfkeypass"
+
+keytoolOpts 	= ["-genkey", "-alias", "signFiles", "-keystore", "msfkeystore",
+		   "-storepass", "msfstorepass", "-dname", "cn=#{certCN}",
+		   "-keypass", "msfkeypass"]
+
+
+keytool._invoke('main','[Ljava.lang.String;',keytoolOpts)
+
+
+jarsignerOpts	= ["-keystore", "msfkeystore", "-storepass", "msfstorepass",
+		   "-keypass", "msfkeypass", "-signedJar", "s#{outputJar}",
+		   outputJar, "signFiles"]
+
+jarsigner._invoke('main','[Ljava.lang.String;',jarsignerOpts)
+
+