Module: Msf::Exploit::AutoTarget

Included in:
Remote
Defined in:
lib/msf/core/exploit/auto_target.rb

Instance Method Summary collapse

Instance Method Details

#auto_target?Boolean

Checks to see if the auto-generated Automatic Targeting has been selected. If the module had an already defined Automatic target, then we let the module handle the targeting itself.

Returns:

  • (Boolean)

    whether or not to use our automatic targeting routine



11
12
13
14
15
16
17
18
19
# File 'lib/msf/core/exploit/auto_target.rb', line 11

def auto_target?
  selected_target = targets[target_index] if target_index
  return false if selected_target.nil?
  if selected_target.name =~ /Automatic/ && selected_target['AutoGenerated'] == true  && auto_target_host
    true
  else
    false
  end
end

#auto_target_hostMdm:Host?

Finds an <Mdm::Host> for the RHOST if one exists

Returns:

  • (Mdm:Host)

    the Host record if one exists

  • (nil)

    if no Host record is present, or the DB is not active



50
51
52
53
54
55
# File 'lib/msf/core/exploit/auto_target.rb', line 50

def auto_target_host
  return nil unless self.respond_to?(:rhost) && rhost
  return nil unless framework.db.active
  host = framework.db.get_host({workspace:  self.workspace, address: rhost})
  return host
end

#auto_targeted_index(host = auto_target_host) ⇒ Integer?

Returns the Target Index of the automatically selected Target from our Automatic Targeting routine.

Returns:

  • (Integer)

    the index of the selected Target

  • (nil)

    if no target could be selected



26
27
28
29
30
31
32
33
# File 'lib/msf/core/exploit/auto_target.rb', line 26

def auto_targeted_index(host=auto_target_host)
  selected_target = select_target(host)
  return nil if selected_target.nil?
  targets.each_with_index do |target, index|
    return index if target == selected_target
  end
  nil
end

#filter_by_os(host_record) ⇒ Array<Msf::Module::Target>

Returns the best matching Targets based on the target host’s OS information. It looks at the OS Family, OS Name, and OS SP.

Parameters:

  • host_record (Mdm::Host)

    the target host record

Returns:



62
63
64
65
66
67
68
69
70
71
# File 'lib/msf/core/exploit/auto_target.rb', line 62

def filter_by_os(host_record)
  filtered_by_family = filter_by_os_family(host_record)
  filtered_by_name   = filter_by_os_name(filtered_by_family, host_record)
  # If Filtering by name gave us no results, then we reset back to the family filter group
  filtered_by_name   = filtered_by_family if filtered_by_name.empty?
  filtered_by_sp     = filter_by_os_sp(filtered_by_name,host_record)
  # If Filtering by SP was a bust, revert back one level
  filtered_by_sp     = filtered_by_name if filtered_by_sp.empty?
  filtered_by_sp
end

#filter_by_os_family(host_record) ⇒ Array<Msf::Module::Target>

Returns all Targets that match the target host’s OS Family e.g Windows, Linux, OS X, etc

Parameters:

  • host_record (Mdm::Host)

    the target host record

Returns:



78
79
80
81
82
83
84
85
86
87
88
# File 'lib/msf/core/exploit/auto_target.rb', line 78

def filter_by_os_family(host_record)
  return [] if host_record.os_family.blank?
  filtered_targets = targets.collect do |target|
    if target.name =~ /#{host_record.os_family}/
      target
    else
      nil
    end
  end
  filtered_targets.compact
end

#filter_by_os_name(potential_targets, host_record) ⇒ Array<Msf::Module::Target>

Returns all Targets that match the target host’s OS Name e.g Windows 7, Windows XP, Windows Vista, etc

Parameters:

  • potential_targets (Array<Msf::Module::Target>)

    the filtered targets that we wish to filter further

  • host_record (Mdm::Host)

    the target host record

Returns:



96
97
98
99
100
101
102
103
# File 'lib/msf/core/exploit/auto_target.rb', line 96

def filter_by_os_name(potential_targets, host_record)
  return [] if host_record.os_name.blank?
  filtered_targets = []
  potential_targets.each do |target|
    filtered_targets << target if target.name =~ /#{host_record.os_name}/
  end
  filtered_targets
end

#filter_by_os_sp(potential_targets, host_record) ⇒ Array<Msf::Module::Target>

Returns all Targets that match the target host’s OS SP

Parameters:

  • potential_targets (Array<Msf::Module::Target>)

    the filtered targets that we wish to filter further

  • host_record (Mdm::Host)

    the target host record

Returns:



110
111
112
113
114
115
116
117
# File 'lib/msf/core/exploit/auto_target.rb', line 110

def filter_by_os_sp(potential_targets, host_record)
  return [] if host_record.os_sp.blank?
  filtered_targets = []
  potential_targets.each do |target|
    filtered_targets << target if target.name =~ /#{host_record.os_sp}/
  end
  filtered_targets
end

#select_target(host = auto_target_host) ⇒ Msf::Module::Target

Chooses the best possible Target for what we know about the targeted host.

Returns:



39
40
41
42
43
44
# File 'lib/msf/core/exploit/auto_target.rb', line 39

def select_target(host=auto_target_host)
  return nil if host.nil?
  return nil unless auto_target?
  filtered_targets = filter_by_os(host)
  filtered_targets.first
end