removing slice operators from jdwp_debugger

[lsato-r7]

Tell us what this change does. If you're fixing a bug, please mention
the github issue number.

Verification

List the steps needed to make sure this thing works

• Start jdwp on test instance

cat > HelloWorld.java <<'EOF'
public class HelloWorld {
    public static void main(String[] args) {
        while (1==1) {
            try {
                Thread.sleep(1000);
                System.out.println("hello");
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }
}
EOF
javac HelloWorld.java
java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000 -cp . HelloWorld

• Start msfconsole
• use exploit/multi/misc/java_jdwp_debugger
• set rhost this.is.my.ip
• exploit
• Verify shell!
• Document This removes the slice! operator from the exploit - with the slice operator, it modifies the buffer every single time which could take extensive amounts of time vs just grabbing content from the string as it does now (following more closely to https://github.com/IOActive/jdwp-shellifier/blob/master/jdwp-shellifier.py)

[busterb]

this is way too hard to verify. can you please write a script that also lands it for me?

[busterb]

I'm adding OS X and 64-bit support too, since this is just a file dropper.

[busterb]

found an old-ish bug in builtin handlers for exploits that needs to be fixed. luckily this module triggered it for meterpreter payloads easily.

[busterb]

Added 7263c7a bb12096 and 1289492 to add OSX and extend the Linux supported Arch list.

[busterb]

Release Notes

The speed and interoperability of the jdwp_debugger exploit have been improved.