1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-12-08 23:33:07 +01:00
metasploit-payloads/java
2017-09-12 18:25:07 +08:00
..
androidpayload add custom headers to Android 2017-09-12 18:25:07 +08:00
javapayload Last print statements removed 2015-06-26 14:27:45 +10:00
meterpreter add custom headers to Android 2017-09-12 18:25:07 +08:00
version-compatibility-check Revert "Revert "Land #134, Refactor Android payload configuration into a byte array"" 2016-10-13 22:35:00 +08:00
.gitignore Land #25, @jvazquez-r7's MBean loading support 2015-02-02 13:08:03 -06:00
.travis.yml Update .gitignore and .travis.yml for new repo 2013-06-11 19:47:15 +02:00
Makefile minor fixes to the java/Makefile 2016-10-13 13:39:09 +08:00
pom.xml First pass of interval collection 2015-08-18 00:55:29 +10:00
README.md note additional cleanup directories 2017-08-25 18:00:11 -05:00

Compiling JavaPayload and Java Meterpreter

To compile JavaPayload (a Java stager / code loader) and Java Meterpreter for Metasploit, you need Maven 3.1 or above (Maven 3.5 works at the time of this writing), and a copy of JDK 8.0 or later. Ensure that mvn and javac are in your path and work. Then run

mvn package

to package all the files needed for Java meterpreter. The two files that you will be generated are:

meterpreter/meterpreter/target/meterpreter.jar
meterpreter/stdapi/target/ext_server_stdapi.jar

To get Metasploit to use these files, you need to place them in a place where it can find them. To automatically build and install these files into Metasploit Framework for testing, run:

mvn -P deploy package

This will package all the files and copy them into the correct place for Metasploit, assuming that the metasploit-framework repository is checked out in an adjacent directory to this one. (../../metasploit-framework/data/java). If you get spurious compilation errors, make sure that there is an exclude rule in your antivirus for the Metasploit directory (or that your antivirus is disabled).

If the path to your metasploit framework repository is not ../../metasploit-framework, but for example /opt/metasploit-framework/framework, set the deploy.path directive like so:

mvn -D deploy.path=/opt/metasploit-framework/framework -P deploy package

When you are editing this or any other Meterpreter, you will want to make sure that your copy of metasploit-framework is also up-to-date. We occasionally update the network protocol between Metasploit and its Payloads, and if the two do not match, things will probably not work. Metasploit will warn you the first time it stages a development payload that it is doing so, and that the payload and Metasploit framework may be incompatible.

Each time you make a change to your code, you must build and deploy the files into metasploit-framework for it to see the updates. It is not necessary to restart msfconsole when updating payloads however, as they are read from disk each time. So, a reasonable strategy when debugging is to leave msfconsole running with exploit/multi/handler, and just install and restage payloads as needed.

When you are done editing and want to revert Metasploit to use the builtin payloads, simply delete data/meterpreter/*.jar and data/meterpreter/java from your Metasploit framework directory. It will then fall back to the versions bundled with the metasploit-payloads Ruby gem.

IDE Support

In case you want to edit/debug JavaPayload for Metasploit or Java Meterpreter with an IDE, Maven provides plugins to auto-generate project files for your favourite environment (at least for Eclipse, Netbeans or IntelliJ).

I use Eclipse, so to generate project files I use

mvn eclipse:eclipse

This will generate project files that can be imported via

File->Import->Existing Projects into Workspace

into your Eclipse workspace.

(Note that if this is your first Maven project you want to use in Eclipse, you also have to run

mvn -Declipse.workspace=/path/to/your/workspace eclipse:configure-workspace

to set up path variables like M2_REPO to point to the correct location.)

For NetBeans or IntelliJ IDEA, refer to the documentation at

http://maven.apache.org/netbeans-module.html http://maven.apache.org/plugins/maven-idea-plugin/

Android

  1. Download the Android SDK, and the Android NDK somewhere
  2. Launch the sdk/tool/android program
  3. Install API version 10 and 19, and update the "Android SDK Tools" and "Android SDK Platform-tools"
  4. Compile android meterpreter:
mvn package -Dandroid.sdk.path=/path/to/android-sdk -Dandroid.ndk.path=/path/to/android-ndk -Dandroid.release=true -P deploy