Land #5606, @wchen-r7's glassfish fixes

rapid7 · Jun 26, 2015 · a10fa02 · a10fa02
2 parents b46e1be + 3b5e2a0
commit a10fa02
Show file tree

Hide file tree

Showing 2 changed files with 288 additions and 311 deletions.
diff --git a/lib/metasploit/framework/login_scanner/glassfish.rb b/lib/metasploit/framework/login_scanner/glassfish.rb
@@ -14,7 +14,7 @@ class Glassfish < HTTP
 
         # @!attribute [r] version
         #   @return [String] Glassfish version
-        attr_reader :version
+        attr_accessor :version
 
         # @!attribute jsession
         #   @return [String] Cookie session
@@ -137,6 +137,23 @@ def try_glassfish_2(credential)
         end
 
 
+        # Tries to login to Glassfish version 9
+        #
+        # @param credential [Metasploit::Framework::Credential] The credential object
+        # @return [Hash]
+        #   * :status [Metasploit::Model::Login::Status]
+        #   * :proof [String] the HTTP response body
+        def try_glassfish_9(credential)
+          res = try_login(credential)
+
+          if res && res.code.to_i == 302 && res.headers['Location'].to_s !~ /loginError\.jsf$/
+            return {:status => Metasploit::Model::Login::Status::SUCCESSFUL, :proof => res.body}
+          end
+
+          {:status => Metasploit::Model::Login::Status::INCORRECT, :proof => res.body}
+        end
+
+
         # Tries to login to Glassfish version 3 or 4 (as of now it's the latest)
         #
         # @param (see #try_glassfish_2)
@@ -176,12 +193,15 @@ def attempt_login(credential)
 
           begin
             case self.version
-            when /^[29]\.x$/
+            when /^2\.x$/
               status = try_glassfish_2(credential)
               result_opts.merge!(status)
             when /^[34]\./
               status = try_glassfish_3(credential)
               result_opts.merge!(status)
+            when /^9\.x$/
+              status = try_glassfish_9(credential)
+              result_opts.merge!(status) 
             end
           rescue ::EOFError, Errno::ECONNRESET, Rex::ConnectionError, OpenSSL::SSL::SSLError, ::Timeout::Error => e
             result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
@@ -190,8 +210,8 @@ def attempt_login(credential)
           Result.new(result_opts)
         end
 
-        #
-        # Extract the target's glassfish version from the HTTP Server header
+
+        # Extract the target's glassfish version from the HTTP Server Sun Java System Application Server 9.1header
         # (ex: Sun Java System Application Server 9.x)
         #
         # @param banner [String] `Server` header from a Glassfish service response