Msfvenom add win32 shellcode doesn't work for Jar file

rapid7 / metasploit-framework

Metasploit Framework

https://www.metasploit.com/

Other

34k stars 13.94k forks source link

Msfvenom add win32 shellcode doesn't work for Jar file #9792

Open UrfTheManatee opened 6 years ago

UrfTheManatee commented 6 years ago

Steps to reproduce

How'd you do it?

use msfvenom -c to add additional shellcode to a jar file

Expected behavior

Execute the shellcode.

Current behavior

Shellcode executes when outputting to an exe but does not execute when using a jar output.

System stuff

Metasploit version

4.16.45-dev

I installed Metasploit with:

Commercial installer

OS

Ubuntu LTS

jmartin-tech commented 6 years ago

@bcook-r7, @timwr thoughts here? AFAIK -c would not apply to java payloads. Should the solution be to gate this combination better or would be a reasonable feature to add this capability to java?

Based on what I see here current intent is that -c would only be for windows binary payloads.

https://github.com/rapid7/metasploit-framework/blob/2c6cfabbc334a69cfcd59d31d3952f4131fd57bf/lib/msf/core/payload_generator.rb#L145-L157

timwr commented 6 years ago

I think it's reasonable to disable it if it doesn't work or was never implemented.

github-actions[bot] commented 3 years ago

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.