diff --git a/data/java/metasploit/Payload.class b/data/java/metasploit/Payload.class
index c1e8e9d384..7d6da40afb 100644
Binary files a/data/java/metasploit/Payload.class and b/data/java/metasploit/Payload.class differ
diff --git a/data/meterpreter/ext_server_stdapi.jar b/data/meterpreter/ext_server_stdapi.jar
index 0ddd2d7d26..ad0df3f22f 100644
Binary files a/data/meterpreter/ext_server_stdapi.jar and b/data/meterpreter/ext_server_stdapi.jar differ
diff --git a/data/meterpreter/meterpreter.jar b/data/meterpreter/meterpreter.jar
index 52d2e91e1f..9182b96a1a 100644
Binary files a/data/meterpreter/meterpreter.jar and b/data/meterpreter/meterpreter.jar differ
diff --git a/external/source/javapayload/build.xml b/external/source/javapayload/build.xml
index c30c89f7a3..06865dab50 100644
--- a/external/source/javapayload/build.xml
+++ b/external/source/javapayload/build.xml
@@ -1,5 +1,5 @@
-
The Payload class is (among a collection of JavaPayload -stage classes) stored inside JavaPayload4Meterpreter.jar.
- -It is a standard java main class (i. e. it has a public +
The Payload class is +a standard java main class (i. e. it has a public static void main(String[]) method), so the most obvious way to invoke it is putting it into a Jar file whose manifest's Main-Class attribute is metasploit.Payload. The resuling jar can be @@ -82,22 +80,14 @@ delete a running class file as technically, not the class file but the Java VM is running).
After that, it will either listen on a port and accept a socket, +connect to an URL (using a protocol like HTTP or HTTPS), create an active socket connection, or (for debugging purposes) just uses standard input and standard output; in any case, the resulting input/output streams are used for the staging
-The property file can configure an embedded stage which -will be loaded directly from the current classloader (i. e. JAR). Note -that this feature cannot be used from a sub-process, as the rest of the -JAR file will not be available any longer there.
- -If no embedded stage is configured, the stage is loaded from the -input stream instead (see below for the data format).
-Once the stage is loaded, the streams are handed to the stage. Stages may require optional parameters (a string) which can be given -either in the property file or by using the SendParameters -stage from JavaPayload.
+in the property file.When the stage quits, the payload class terminates and cleans up after itself if needed.
@@ -121,16 +111,21 @@ original filename), made executable (if needed by the OS) and executed. When this option is present, no staging will be performed and all options documented below are ignored. -Note: this option will not work with the Spawn -option!
-Additional parameters to be used by the stage, regardless whether it was embedded or not. Only few stages support/require parameters.
+Load the stage from this URL. The URL will be requested and the +resulting stream will be used for loading the stage classes from. +As the stage's output stream will discard all input, this is only +useful with stages (like Meterpreter) that can communicate via +some other means back to the attacker.
+ +Note: If this option is given, LHOST and LPORT are ignored.
+Port to listen on or to connect to (if LHOST is also @@ -161,56 +156,6 @@ stages to make updates easier. All stages listed here can be used without special "Java" tricks (like serialization or JDWP protocol), to easily use them from Ruby.
-Execute an executable on the target machine and forward streams. -Stdout and Stderr are merged automatically.
- -A simple shell written in pure Java.
- -Supported commands: - help - show this help - info - list system properties - pwd - show current directory - cd - change directory - ls - list directory - exec - execute native command - cat - show text file - wget - download file - telnet - create TCP connection - paste - create text file - jobs - list or continue jobs - exit - Exit JSh- -
Loader to load the Java version of Metasploit's own post-exploitation toolkit.
-"Intermediate" stage that can be used to change the stage -parameters in cases where they cannot be cast in stone when the payload -is built.
- -After sending the stage, but before sending data for the stage, -you have to send the parameters:
- -The parameters start with a unsigned big-endian 16-bit integer -that specifies the number of parameters. Then each parameter is sent in -Java's modified -UTF string format. After that, the actual data for the stage can be -sent.
-This stager loads /bin/sh on Unix systems and cmd.exe on Windows systems, and else just behaves like the Exec stage.
-This stage just returns some system and network information. The -input stream is ignored. Useful as an embedded stage for automatic data -gathering with netcat, but not useful for anything else.
- -Acts like exec, just that the a file can be uploaded first -(stored with a random file name) which will be executed with parameters.
- -The file is uploaded directly after uploading the stage classes, -prefixed by a 32-bit big-endian integer size value.
- -Will connect back to metasploit at localhost:4444. and try to -bootstrap meterpreter (via an embedded stage). Except for the hard-coded -address in the property file, it acts like loader.jar.
- -Will spawn 2 Java processes and then listen on port 5555 for -incoming connections. No embedded stages.
- -Will run JSh on stdin/stdout. Example for the stdin/stdout -feature and useful for testing JSh easily.
-