Module: Msf::Exploit::Remote::Java::Rmi::Client::Registry::Parser

Included in:
Msf::Exploit::Remote::Java::Rmi::Client::Registry
Defined in:
lib/msf/core/exploit/remote/java/rmi/client/registry/parser.rb

Instance Method Summary collapse

Instance Method Details

#parse_registry_list(return_value) ⇒ Array, NilClass

Parses a java/rmi/registry/RegistryImpl_Stub#list() return value to find out the list of names registered.

Parameters:

  • return_value (Rex::Java::Serialization::Model::ReturnValue)

Returns:

  • (Array, NilClass)

    The list of names registered if success, nil otherwise



35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/msf/core/exploit/remote/java/rmi/client/registry/parser.rb', line 35

def parse_registry_list(return_value)
  unless return_value.value[0].is_a?(Rex::Java::Serialization::Model::NewArray)
    return nil
  end

  unless return_value.value[0].type == 'java.lang.String;'
    return nil
  end

  return_value.value[0].values.collect { |val| val.contents }
end

#parse_registry_lookup_endpoint(return_value) ⇒ Hash, NilClass

Parses a java/rmi/registry/RegistryImpl_Stub#lookup() return value to find out the remote reference information.

Parameters:

  • return_value (Rex::Java::Serialization::Model::ReturnValue)

Returns:

  • (Hash, NilClass)

    The remote interface information if success, nil otherwise



16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/msf/core/exploit/remote/java/rmi/client/registry/parser.rb', line 16

def parse_registry_lookup_endpoint(return_value)
  values_size = return_value.value.length
  end_point_block_data = return_value.value[values_size - 2]
  unless end_point_block_data.is_a?(Rex::Java::Serialization::Model::BlockData)
    return nil
  end

  return_io = StringIO.new(end_point_block_data.contents, 'rb')

  reference = extract_reference(return_io)

  reference
end