New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add improvements for docBase exploitation vector #4890
Conversation
There are two more things for fixing:
I'm working on it too, will append the changes to this PR and let you know. |
OK, Java payload for Tomcat 8 has been fixed too.
Native meterpreter:
ARCH_JAVA:
Native meterpreter:
ARCH_JAVA:
|
The auto-cleanup doesn't work in a reliable way. Native binaries must be cleaned always in current directory because it's where they are created. This works fine in Linux, however in Windows the file is not being cleaned (seems that it's because the file is open by the process). JSP location is always "$TOMCAT_HOME/webapps/ROOT". For this reason a relative path to it will depend on the current CWD value. The bad thing here is that as stated in #4667 the user could think that the file has been deleted while it hasn't. |
register_files_for_cleanup(payload_file) | ||
end | ||
|
||
register_files_for_cleanup(payload_file) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
always use CWD, is where the dropped binary should be
|
Added the following improvements to the module:
Testing env: