Module: Msf::Exploit::Remote::Udp

Included in:
DNS::Client, MSSQL, SNMPClient
Defined in:
lib/msf/core/exploit/udp.rb

Overview

This module provides methods for communicating with a host over UDP

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#udp_sockObject (protected)

Returns the value of attribute udp_sock


157
158
159
# File 'lib/msf/core/exploit/udp.rb', line 157

def udp_sock
  @udp_sock
end

Instance Method Details

#chostObject

Returns the local host for outgoing connections


116
117
118
# File 'lib/msf/core/exploit/udp.rb', line 116

def chost
  datastore['CHOST']
end

#cleanupObject

Performs cleanup, disconnects the socket if necessary


102
103
104
105
# File 'lib/msf/core/exploit/udp.rb', line 102

def cleanup
  super
  disconnect_udp
end

#connect_udp(global = true, opts = {}) ⇒ Object

Creates a UDP socket for communicating with a remote host


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/msf/core/exploit/udp.rb', line 39

def connect_udp(global = true, opts={})
  nsock = Rex::Socket::Udp.create(
    'PeerHost'  =>  opts['RHOST'] || rhost,
    'PeerPort'  => (opts['RPORT'] || rport).to_i,
    'LocalHost' =>  opts['CHOST'] || chost || "0.0.0.0",
    'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
    'Context'   =>
      {
        'Msf'        => framework,
        'MsfExploit' => self,
      })

  # Set this socket to the global socket as necessary
  self.udp_sock = nsock if (global)

  # Add this socket to the list of sockets created by this exploit
  add_socket(nsock)

  return nsock
end

#cportObject

Returns the local port for outgoing connections


123
124
125
# File 'lib/msf/core/exploit/udp.rb', line 123

def cport
  datastore['CPORT']
end

#deregister_udp_optionsObject


32
33
34
# File 'lib/msf/core/exploit/udp.rb', line 32

def deregister_udp_options
  deregister_options('RHOST', 'RPORT')
end

#disconnect_udp(nsock = self.udp_sock) ⇒ Object

Closes the UDP socket


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/msf/core/exploit/udp.rb', line 63

def disconnect_udp(nsock = self.udp_sock)
  begin
    if (nsock)
      nsock.shutdown
      nsock.close
    end
  rescue IOError
  end

  if (nsock == udp_sock)
    self.udp_sock = nil
  end

  # Remove this socket from the list of sockets created by this exploit
  remove_socket(nsock)
end

#handler(nsock = self.udp_sock) ⇒ Object

Claims the UDP socket if the payload so desires.


83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/msf/core/exploit/udp.rb', line 83

def handler(nsock = self.udp_sock)
  # If the handler claims the socket, then we don't want it to get closed
  # during cleanup
  if ((rv = super) == Handler::Claimed)
    if (nsock == self.udp_sock)
      self.sock = nil
    end

    # Remove this socket from the list of sockets so that it will not be
    # aborted.
    remove_socket(nsock)
  end

  return rv
end

#initialize(info = {}) ⇒ Object

Initializes an instance of an exploit module that exploits a vulnerability in a UDP service


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/udp.rb', line 15

def initialize(info = {})
  super

  register_options(
    [
      Opt::RHOST,
      Opt::RPORT,
    ], Msf::Exploit::Remote::Udp)

  register_advanced_options(
    [
      Opt::CPORT,
      Opt::CHOST
    ], Msf::Exploit::Remote::Udp
  )
end

#lhostObject

Returns the local host


130
131
132
# File 'lib/msf/core/exploit/udp.rb', line 130

def lhost
  datastore['LHOST']
end

#lportObject

Returns the local port


137
138
139
# File 'lib/msf/core/exploit/udp.rb', line 137

def lport
  datastore['LPORT']
end

#rhostObject

Returns the target host


144
145
146
# File 'lib/msf/core/exploit/udp.rb', line 144

def rhost
  datastore['RHOST']
end

#rportObject

Returns the remote port


151
152
153
# File 'lib/msf/core/exploit/udp.rb', line 151

def rport
  datastore['RPORT']
end