Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

builder.rb 3.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. # -*- coding: binary -*-
  2. require 'rex/java/serialization'
  3. module Msf
  4. class Exploit
  5. class Remote
  6. module Java
  7. module Rmi
  8. module Builder
  9. # Builds a RMI header stream
  10. #
  11. # @param opts [Hash{Symbol => <String, Fixnum>}]
  12. # @option opts [String] :signature
  13. # @option opts [Fixnum] :version
  14. # @option opts [Fixnum] :protocol
  15. # @return [Rex::Proto::Rmi::Model::OutputHeader]
  16. def build_header(opts = {})
  17. signature = opts[:signature] || Rex::Proto::Rmi::Model::SIGNATURE
  18. version = opts[:version] || 2
  19. protocol = opts[:protocol] || Rex::Proto::Rmi::Model::STREAM_PROTOCOL
  20. header = Rex::Proto::Rmi::Model::OutputHeader.new(
  21. signature: signature,
  22. version: version,
  23. protocol: protocol)
  24. header
  25. end
  26. # Builds a RMI call stream
  27. #
  28. # @param opts [Hash{Symbol => <Fixnum, Array>}]
  29. # @option opts [Fixnum] :message_id
  30. # @option opts [Fixnum] :object_number Random to identify the object.
  31. # @option opts [Fixnum] :uid_number Identifies the VM where the object was generated.
  32. # @option opts [Fixnum] :uid_time Time where the object was generated.
  33. # @option opts [Fixnum] :uid_count Identifies different instance of the same object generated from the same VM
  34. # at the same time.
  35. # @option opts [Fixnum] :operation On JDK 1.1 stub protocol the operation index in the interface. On JDK 1.2
  36. # it is -1.
  37. # @option opts [Fixnum] :hash On JDK 1.1 stub protocol the stub's interface hash. On JDK1.2 is a hash
  38. # representing the method to call.
  39. # @option opts [Array] :arguments
  40. # @return [Rex::Proto::Rmi::Model::Call]
  41. def build_call(opts = {})
  42. message_id = opts[:message_id] || Rex::Proto::Rmi::Model::CALL_MESSAGE
  43. object_number = opts[:object_number] || 0
  44. uid_number = opts[:uid_number] || 0
  45. uid_time = opts[:uid_time] || 0
  46. uid_count = opts[:uid_count] || 0
  47. operation = opts[:operation] || -1
  48. hash = opts[:hash] || 0
  49. arguments = opts[:arguments] || []
  50. uid = Rex::Proto::Rmi::Model::UniqueIdentifier.new(
  51. number: uid_number,
  52. time: uid_time,
  53. count: uid_count
  54. )
  55. call_data = Rex::Proto::Rmi::Model::CallData.new(
  56. object_number: object_number,
  57. uid: uid,
  58. operation: operation,
  59. hash: hash,
  60. arguments: arguments
  61. )
  62. call = Rex::Proto::Rmi::Model::Call.new(
  63. message_id: message_id,
  64. call_data: call_data
  65. )
  66. call
  67. end
  68. # Builds a RMI dgc ack stream
  69. #
  70. # @param opts [Hash{Symbol => <Fixnum, String>}]
  71. # @option opts [Fixnum] :stream_id
  72. # @option opts [String] :unique_identifier
  73. # @return [Rex::Proto::Rmi::Model::DgcAck]
  74. def build_dgc_ack(opts = {})
  75. stream_id = opts[:stream_id] || Rex::Proto::Rmi::Model::DGC_ACK_MESSAGE
  76. unique_identifier = opts[:unique_identifier] || "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  77. dgc_ack = Rex::Proto::Rmi::Model::DgcAck.new(
  78. stream_id: stream_id,
  79. unique_identifier: unique_identifier
  80. )
  81. dgc_ack
  82. end
  83. end
  84. end
  85. end
  86. end
  87. end
  88. end