Module: Msf::Exploit::Remote::Smtp

Includes:
Tcp
Defined in:
lib/msf/core/exploit/smtp.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the SMTP protocol.

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #proxies, #rhost, #rport, #set_tcp_evasions, #ssl, #ssl_version

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a SMTP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the 'banner' attribute.


39
40
41
42
43
44
45
46
# File 'lib/msf/core/exploit/smtp.rb', line 39

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)
  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect to the remote SMTP server, and begin a DATA transfer


51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/exploit/smtp.rb', line 51

def (global = true)
  smtpsock = connect(global)

  raw_send_recv("EHLO X\r\n")
  raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n")
  raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n")
  raw_send_recv("DATA\r\n")

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an SMTP exploit module.


19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/msf/core/exploit/smtp.rb', line 19

def initialize(info = {})
  super

  # Register the options that all SMTP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(25),
      OptString.new('MAILFROM', [ true, 'FROM address of the e-mail', '[email protected]']),
      OptString.new('MAILTO', [ true, 'TO address of the e-mail', '[email protected]']),
    ], Msf::Exploit::Remote::Smtp)
  register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
  register_autofilter_services(%W{ smtp smtps})
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.


66
67
68
69
# File 'lib/msf/core/exploit/smtp.rb', line 66

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end