New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Java target for Sonicwall GMS upload module #1459
Conversation
Still some debugging junk, needs some more love.
This just puts a bandaid around the issue and makes it so FileDropper doesn't completely break java and posix meterpreter sessions. [SeeRM rapid7#7721]
Conflicts: modules/exploits/multi/http/sonicwall_gms_upload.rb Adds a loop around triggering the WAR payload, which was causing some unreliability with the Java target.
Looking into it! |
Eyeballed and looks good, testing, linux:
|
First tests on Windows failed, looking into this
|
Problem on windows when launching the native payload:
It can be solved by escaping "" chars, I added it to jsp_drop_bin for testing. After that another exception because chmod isn't available, after avoiding the chmod line:
After avoiding chmod in case of windows target:
|
The java target issues on windows were the same as above:
I'm going to comment code and wait for @jlee-r7 feedback, thanks @jlee-r7 ! |
def jsp_execute_command(command) | ||
jspraw = %Q|<%@ page import="java.io.*" %>\n| | ||
jspraw << %Q|<%\n| | ||
jspraw << %Q|Runtime.getRuntime().exec("chmod +x #{command}");\n| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To avoid issues on windows system I'm doing it:
jspraw << %Q|try {\n|
jspraw << %Q|Runtime.getRuntime().exec("chmod +x #{command}");\n|
jspraw << %Q|} catch (IOException ioe) {\n|
jspraw << %Q|}\n|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, thanks!
* Catch IOError when chmod doesn't exist (i.e. Windows) * Proper escaping for paths
Fixes the java target on windows victims
Awesome! Working fine now! merging!
|
See #1384 and #1369