Support adding encrypted files to archives & jars

Author: sjanusz-r7

lib/msf/core/payload/android.rb

@@ -127,7 +127,13 @@ def generate_jar(opts={})
       [ "AndroidManifest.xml" ],
       [ "resources.arsc" ]
     ]
-    jar.add_files(files, MetasploitPayloads.path("android", "apk"))
+
+    files.each do |file|
+      path = ['android', 'apk', file].flatten.join('/')
+      contents = ::MetasploitPayloads.read(path)
+      jar.add_file(file.join('/'), contents)
+    end
+
     jar.add_file("classes.dex", fix_dex_header(classes))
     jar.build_manifest
 

lib/msf/core/payload/java.rb

@@ -58,7 +58,14 @@ def generate_jar(opts={})
     jar = Rex::Zip::Jar.new
     jar.add_sub("metasploit") if opts[:random]
     jar.add_file("metasploit.dat", stager_config(opts))
-    jar.add_files(paths, ::MetasploitPayloads.path('java'))
+    jar.add_file('metasploit/', '') # Create the metasploit dir
+
+    paths.each do |path_parts|
+      path = ['java', path_parts].flatten.join('/')
+      contents = ::MetasploitPayloads.read(path)
+      jar.add_file(path_parts.join('/'), contents)
+    end
+
     jar.build_manifest(:main_class => main_class)
 
     jar
@@ -103,7 +110,14 @@ def generate_war(opts={})
     zip.add_file('WEB-INF/', '')
     zip.add_file('WEB-INF/web.xml', web_xml)
     zip.add_file("WEB-INF/classes/", "")
-    zip.add_files(paths, MetasploitPayloads.path('java'), 'WEB-INF/classes/')
+    zip.add_file('metasploit/', '') # Create the metasploit dir
+
+    paths.each do |path_parts|
+      path = ['java', path_parts].flatten.join('/')
+      contents = ::MetasploitPayloads.read(path)
+      zip.add_file(path_parts.join('/'), contents)
+    end
+
     zip.add_file("WEB-INF/classes/metasploit.dat", stager_config(opts))
 
     zip
@@ -138,7 +152,14 @@ def generate_axis2(opts={})
     zip = Rex::Zip::Jar.new
     zip.add_file('META-INF/', '')
     zip.add_file('META-INF/services.xml', services_xml)
-    zip.add_files(paths, MetasploitPayloads.path('java'))
+    zip.add_file('metasploit/', '') # Create the metasploit dir
+
+    paths.each do |path_parts|
+      path = ['java', path_parts].flatten.join('/')
+      contents = ::MetasploitPayloads.read(path)
+      zip.add_file(path_parts.join('/'), contents)
+    end
+
     zip.add_file('metasploit.dat', stager_config(opts))
     zip.build_manifest(:app_name => app_name)
 

lib/msf/util/exe.rb

@@ -1599,7 +1599,14 @@ def self.to_jar(exe, opts = {})
     paths = [
       [ "metasploit", "Payload.class" ],
     ]
-    zip.add_files(paths, MetasploitPayloads.path('java'))
+
+    zip.add_file('metasploit/', '')
+    paths.each do |path_parts|
+      path = ['java', path_parts].flatten.join('/')
+      contents = ::MetasploitPayloads.read(path)
+      zip.add_file(path_parts.join('/'), contents)
+    end
+
     zip.build_manifest :main_class => "metasploit.Payload"
     config = "Spawn=#{spawn}\r\nExecutable=#{exe_name}\r\n"
     zip.add_file("metasploit.dat", config)

modules/exploits/multi/misc/java_jmx_server.rb

@@ -69,7 +69,13 @@ def on_request_uri(cli, request)
         ["metasploit", "JMXPayloadMBean.class"],
         ["metasploit", "JMXPayload.class"],
       ]
-      @jar.add_files(paths, MetasploitPayloads.path('java'))
+
+      @jar.add_file('metasploit/', '')
+      paths.each do |path_parts|
+        path = ['java', path_parts].flatten.join('/')
+        contents = ::MetasploitPayloads.read(path)
+        @jar.add_file(path_parts.join('/'), contents)
+      end
     end
 
     if request.uri =~ /mlet$/

modules/exploits/multi/misc/java_rmi_server.rb

@@ -173,7 +173,13 @@ def on_request_uri(cli,  request)
         [ "metasploit", "RMILoader.class" ],
         [ "metasploit", "RMIPayload.class" ],
       ]
-      jar.add_files(paths, MetasploitPayloads.path('java'))
+
+      jar.add_file('metasploit/', '') # create metasploit dir
+      paths.each do |path_parts|
+        path = ['java', path_parts].flatten.join('/')
+        contents = ::MetasploitPayloads.read(path)
+        jar.add_file(path_parts.join('/'), contents)
+      end
 
       send_response(cli, jar.pack,
       {