Module: Msf::Exploit::Remote::Udp

Included in:

DNS::Client, MSSQL, SNMPClient, Rex::Proto::MSSQL::Client

Defined in:

lib/msf/core/exploit/remote/udp.rb

Overview

This module provides methods for communicating with a host over UDP

Instance Attribute Summary

• #udp_sock ⇒ Object protected

  Returns the value of attribute udp_sock.

Instance Method Summary

• #chost ⇒ Object

  Returns the local host for outgoing connections.

• #cleanup ⇒ Object

  Performs cleanup, disconnects the socket if necessary.

• #connect_udp(global = true, opts = {}) ⇒ Object

  Creates a UDP socket for communicating with a remote host.

• #cport ⇒ Object

  Returns the local port for outgoing connections.

• #deregister_udp_options ⇒ Object
• #disconnect_udp(nsock = self.udp_sock) ⇒ Object

  Closes the UDP socket.

• #handler(nsock = self.udp_sock) ⇒ Object

  Claims the UDP socket if the payload so desires.

• #initialize(info = {}) ⇒ Object

  Initializes an instance of an exploit module that exploits a vulnerability in a UDP service.

• #lhost ⇒ Object

  Returns the local host.

• #lport ⇒ Object

  Returns the local port.

• #rhost ⇒ Object

  Returns the target host.

• #rport ⇒ Object

  Returns the remote port.

Instance Attribute Details

#udp_sock ⇒ Object (protected)

Returns the value of attribute udp_sock.

# File 'lib/msf/core/exploit/remote/udp.rb', line 157

def udp_sock
  @udp_sock
end

Instance Method Details

#chost ⇒ Object

Returns the local host for outgoing connections

# File 'lib/msf/core/exploit/remote/udp.rb', line 116

def chost
  datastore['CHOST']
end

#cleanup ⇒ Object

Performs cleanup, disconnects the socket if necessary

# File 'lib/msf/core/exploit/remote/udp.rb', line 102

def cleanup
  super
  disconnect_udp
end

#connect_udp(global = true, opts = {}) ⇒ Object

Creates a UDP socket for communicating with a remote host

# File 'lib/msf/core/exploit/remote/udp.rb', line 39

def connect_udp(global = true, opts={})
  nsock = Rex::Socket::Udp.create(
    'PeerHost'  =>  opts['RHOST'] || rhost,
    'PeerPort'  => (opts['RPORT'] || rport).to_i,
    'LocalHost' =>  opts['CHOST'] || chost || "0.0.0.0",
    'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
    'Context'   =>
      {
        'Msf'        => framework,
        'MsfExploit' => self,
      })

  # Set this socket to the global socket as necessary
  self.udp_sock = nsock if (global)

  # Add this socket to the list of sockets created by this exploit
  add_socket(nsock)

  return nsock
end

#cport ⇒ Object

Returns the local port for outgoing connections

# File 'lib/msf/core/exploit/remote/udp.rb', line 123

def cport
  datastore['CPORT']
end

#deregister_udp_options ⇒ Object

# File 'lib/msf/core/exploit/remote/udp.rb', line 32

def deregister_udp_options
  deregister_options('RHOST', 'RPORT')
end

#disconnect_udp(nsock = self.udp_sock) ⇒ Object

Closes the UDP socket

# File 'lib/msf/core/exploit/remote/udp.rb', line 63

def disconnect_udp(nsock = self.udp_sock)
  begin
    if (nsock)
      nsock.shutdown
      nsock.close
    end
  rescue IOError
  end

  if (nsock == udp_sock)
    self.udp_sock = nil
  end

  # Remove this socket from the list of sockets created by this exploit
  remove_socket(nsock)
end

#handler(nsock = self.udp_sock) ⇒ Object

Claims the UDP socket if the payload so desires.

# File 'lib/msf/core/exploit/remote/udp.rb', line 83

def handler(nsock = self.udp_sock)
  # If the handler claims the socket, then we don't want it to get closed
  # during cleanup
  if ((rv = super) == Handler::Claimed)
    if (nsock == self.udp_sock)
      self.sock = nil
    end

    # Remove this socket from the list of sockets so that it will not be
    # aborted.
    remove_socket(nsock)
  end

  return rv
end

#initialize(info = {}) ⇒ Object

Initializes an instance of an exploit module that exploits a vulnerability in a UDP service

# File 'lib/msf/core/exploit/remote/udp.rb', line 15

def initialize(info = {})
  super

  register_options(
    [
      Opt::RHOST,
      Opt::RPORT,
    ], Msf::Exploit::Remote::Udp)

  register_advanced_options(
    [
      Opt::CPORT,
      Opt::CHOST
    ], Msf::Exploit::Remote::Udp
  )
end

#lhost ⇒ Object

Returns the local host

# File 'lib/msf/core/exploit/remote/udp.rb', line 130

def lhost
  datastore['LHOST']
end

#lport ⇒ Object

Returns the local port

# File 'lib/msf/core/exploit/remote/udp.rb', line 137

def lport
  datastore['LPORT']
end

#rhost ⇒ Object

Returns the target host

# File 'lib/msf/core/exploit/remote/udp.rb', line 144

def rhost
  datastore['RHOST']
end

#rport ⇒ Object

Returns the remote port

# File 'lib/msf/core/exploit/remote/udp.rb', line 151

def rport
  datastore['RPORT']
end