### # # java_hello.rb # ### require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::JAVACOMPILE def initialize(info = {}) super(update_info(info, 'Name' => 'Java compilation mixin demo', 'Description' => %q{ This module demonstrate the on-the-fly Java compilation mixin for the Metasploit framework. }, 'License' => MSF_LICENSE, 'Author' => 'Trancer ', 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.rec-sec.com' ], [ 'URL', 'http://www.rec-sec.com/2009/06/03/java-compile-mixin/' ], ], 'DefaultOptions' => { 'EXITFUNC' => 'process', }, 'Platform' => 'win', 'Targets' => [ [ 'Demo', { } ] ], 'DefaultTarget' => 0)) register_options( [ OptString.new('OUTPUTPATH', [ false, 'Working directory location.', './data/exploits/java/']), ], self.class) end # randomize class\applet names @@app1 = Rex::Text::rand_text_alpha(rand(100) + 1) def on_request_uri(cli, request) appname = @@app1 # "Hello World" Java code hello = %Q| import java.awt.*; import java.applet.Applet; public class #{appname} extends Applet { public void paint(Graphics g) { g.drawString("Hello World", 20, 30); } } | if (request.uri.match(/\.class$/i)) # compile Java code applet = java_compile(appname,hello) print_status("Sending applet to #{cli.peerhost}:#{cli.peerport}...") # Transmit the Java applet to the client send_response(cli, applet, { 'Content-Type' => 'application/octet-stream' }) # cleaning the working directory java_clean(appname) return end print_status("Sending HTML to #{cli.peerhost}:#{cli.peerport}...") html = %Q| Java compilation mixin demo | # Transmit the HTML page to the client send_response(cli, html, { 'Content-Type' => 'text/html' }) # Handle the payload (does nothing in this demo) handler(cli) end end