After evaluating a Rex::Java::Serialization::Model::Stream.decode
of a StringIO containing a natively-produced byteArray serialized
Java class, it looks to be quite time consuming to produce a native
construct from the JARs we currently generate - this requires some
lower-level intervention in the payload generation process and a
considerable amount of data & reference organization.
Since time is limited, and such a construct is devilishly difficult
to proof when bulding out-of-band (in a different language), this
commit takes a different direction: attempting to leverage the Ruby
Java Bridge gem to implore Java itself to construct the serialized
data structure and marshal it back into Ruby for our disposition.
Split the :serialized_payload method to build the actual byteArray
payload in :byte_array_payload which encapsulates the Rjb interface
and produces a valid output to the LDAP packet crafting routine in
:serialized_payload (as read on the wire and by the JVM on the
target container).
Unfortunately, another problem exists here - the metasploit.Payload
class raises: #<NotSerializableException: metasploit.Payload>.
This will likely need to be addressed in the payloads repository.
Once the metasploit.Payload can be successfully serialized by Rjb,
the wire format should accept it verbatim for delivery on-target.
RageLtMan
aa6c977423